mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-04-28 03:20:11 +00:00
security: complete Phase 1 sensor proxy hardening
Implements comprehensive security hardening for pulse-sensor-proxy: - Privilege drop from root to unprivileged user (UID 995) - Hash-chained tamper-evident audit logging with remote forwarding - Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps - Enhanced command validation with 10+ attack pattern tests - Fuzz testing (7M+ executions, 0 crashes) - SSH hardening, AppArmor/seccomp profiles, operational runbooks All 27 Phase 1 tasks complete. Ready for production deployment.
This commit is contained in:
rcourtman
parent
20d94f4c90
commit
524f42cc28
57 changed files with 4104 additions and 1519 deletions
7
.gitignore
vendored
7
.gitignore
vendored
|
|
@ -65,6 +65,7 @@ AI_DEVELOPMENT.md
|
|||
scripts/pulse-watchdog.sh
|
||||
pulse-watchdog.log
|
||||
.mcp-servers/
|
||||
.codex/
|
||||
|
||||
# Release process files
|
||||
CHANGELOG.md
|
||||
|
|
@ -132,6 +133,12 @@ MOCK_MODE_GUIDE.md
|
|||
secrets.env
|
||||
*secret*.env
|
||||
|
||||
# Browser/session artifacts
|
||||
**/cookies.txt
|
||||
**/cookies-*.txt
|
||||
**/*.har
|
||||
**/*.browser
|
||||
|
||||
# Development documentation (local only)
|
||||
CLAUDE_DEV_SETUP.md
|
||||
AGENT_METRICS_*.md
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue