Skip to content

Feat healthchecks #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tspicer merged 3 commits into from
Nov 19, 2025
Merged

Feat healthchecks #5

tspicer merged 3 commits into from
Nov 19, 2025

Conversation

@tspicer
Copy link
Contributor

@tspicer tspicer commented Nov 19, 2025

merges fixes and updates to clean-up the legacy code

tspicer and others added 3 commits November 4, 2025 18:27
@tspicer
update
a651a7d
@tspicer @claude
fix: eliminate security vulnerabilities and remove dead Amazon Ads code
9bf25d6 
Replaces overcomplicated token persistence system with simple in-memory JWT
caching, eliminating P0 encryption vulnerability. Removes 1,650+ lines of
unused Amazon Ads provider/registry/token_store code that was copy-pasted
from another project.

Security hardening:
- Token logging: Only log length, apply SanitizingFormatter globally
- Auth fallback: Remove unsafe refresh token fallback, fail with actionable errors
- Timeouts: Add timeout=(10,30) to all 16 HTTP requests (DoS protection)
- SSRF: Validate pagination URLs stay on expected domain
- LLM opt-in: Require OPENBRIDGE_ENABLE_LLM_VALIDATION=true (defaults false)

Simplified auth stack (src/auth/simple.py):
- ~220 lines vs original 2,000+ line system
- In-memory JWT caching with 5-min buffer before expiry
- No disk persistence, no encryption needed
- Clean fail-closed design

Documentation:
- Add SECURITY.md with hardening details
- Update README with new env vars (OPENBRIDGE_API_TIMEOUT, OPENBRIDGE_ENABLE_LLM_VALIDATION)
- Update .env.example with proper OPENBRIDGE_* naming
- Remove deprecated AMAZON_ADS_* references

Tests:
- Add tests/test_security_fixes.py with JWT caching, SSRF, timeout, and LLM opt-in coverage
- Update legacy tests for stricter auth behavior
- All 26 tests passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@tspicer
fix ruff test error
4b5ae01
@tspicer tspicer merged commit bf5eec6 into main Nov 19, 2025
2 checks passed
tspicer added a commit that referenced this pull request Dec 30, 2025
@tspicer
Merge pull request #5 from openbridge/feat-healthchecks
f44d0b9 
Feat healthchecks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tspicer