wylab/claude-hub
1
0
Fork 0
forked from claude-did-this/claude-hub
Code Issues 1 Pull Requests Activity
32 Commits 29 Branches 2 Tags
7e545475d0c51b04f2df1c16fbc2c6d4d47dde3a
Commit Graph

5 Commits

Author SHA1 Message Date
Jonathan Flatt
7e545475d0 security: Implement comprehensive credential protection system 
Replace environment variable credentials with secure file-based mounting
to prevent runtime credential exposure that was causing security leaks.

Key security improvements:
- Docker secrets integration for credential mounting
- Secure credential loader utility (secureCredentials.js)
- Enhanced logging redaction for all credential types
- Pre-commit security scanning with multiple tools
- Automated security audit workflow and scripts
- File-based credentials with proper 600 permissions

Services updated:
- githubController.js: Use secure credentials for webhook verification
- claudeService.js: Use secure credentials for GitHub/Anthropic APIs
- githubService.js: Use secure credentials for GitHub API calls
- logger.js: Enhanced redaction patterns for all credential types

New security infrastructure:
- ./scripts/setup/setup-secure-credentials.sh: Setup script for secure credentials
- ./scripts/security/credential-audit.sh: Comprehensive security audit
- .github/workflows/security-audit.yml: Automated security scanning
- docker-compose.yml: Updated to use Docker secrets by default
- k8s/secrets.yaml: Kubernetes secrets configuration
- systemd/claude-webhook.service: Systemd service configuration

This eliminates credential exposure in:
- Environment variables and process lists
- Container logs and debug output
- Git commits and PR comments
- Runtime error messages

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-05-21 23:03:07 -05:00
Jonathan Flatt
2a3327e038 feat: Add comprehensive CI/CD pipeline with automated PR reviews 
- Add GitHub Actions workflows for CI, security scanning, and deployment
- Implement automated PR review system triggered by successful check suites
- Add ESLint and Prettier for code quality and formatting
- Configure Dependabot for automated dependency updates
- Add comprehensive test coverage for check suite webhook events
- Include Docker builds and container registry publishing
- Add security scanning with CodeQL, npm audit, and TruffleHog
- Create PR and issue templates for better collaboration
- Add comprehensive CI/CD documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-05-21 03:42:09 +00:00
Jonathan Flatt
4cdad828c4 Reorganize scripts into structured directory layout and consolidate functionality 
This commit reorganizes all scripts in the repository into a more structured directory layout for better maintainability:
- Categorizes scripts by functionality (setup, build, aws, runtime, security, utils)
- Organizes test scripts into logical categories
- Consolidates redundant scripts with unified interfaces
- Adds backward compatibility wrappers
- Adds detailed SCRIPTS.md documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-05-21 00:19:07 +00:00
Jonathan Flatt
76126d4ad6 initial commit 2025-05-21 00:05:39 +00:00
Jonathan Flatt
fc567071dd Initial commit 2025-05-20 17:01:59 +00:00