Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): A-1 Ed25519 key rotation + A-2 replay attack fixes

Browse Source 
Complete RedFlag codebase with two major security audit implementations.

== A-1: Ed25519 Key Rotation Support ==

Server:
- SignCommand sets SignedAt timestamp and KeyID on every signature
- signing_keys database table (migration 020) for multi-key rotation
- InitializePrimaryKey registers active key at startup
- /api/v1/public-keys endpoint for rotation-aware agents
- SigningKeyQueries for key lifecycle management

Agent:
- Key-ID-aware verification via CheckKeyRotation
- FetchAndCacheAllActiveKeys for rotation pre-caching
- Cache metadata with TTL and staleness fallback
- SecurityLogger events for key rotation and command signing

== A-2: Replay Attack Fixes (F-1 through F-7) ==

F-5 CRITICAL - RetryCommand now signs via signAndCreateCommand
F-1 HIGH     - v3 format: "{agent_id}:{cmd_id}:{type}:{hash}:{ts}"
F-7 HIGH     - Migration 026: expires_at column with partial index
F-6 HIGH     - GetPendingCommands/GetStuckCommands filter by expires_at
F-2 HIGH     - Agent-side executedIDs dedup map with cleanup
F-4 HIGH     - commandMaxAge reduced from 24h to 4h
F-3 CRITICAL - Old-format commands rejected after 48h via CreatedAt

Verification fixes: migration idempotency (ETHOS #4), log format
compliance (ETHOS #1), stale comments updated.

All 24 tests passing. Docker --no-cache build verified.
See docs/ for full audit reports and deviation log (DEV-001 to DEV-019).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
jpetree331
2026-03-28 21:25:47 -04:00
commit f97d4845af
340 changed files with 75403 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
config/.env.bootstrap.example Normal file
View File

@@ -0,0 +1,26 @@
# RedFlag Bootstrap Configuration
# Copy this to ./config/.env and edit the values below
# PostgreSQL Configuration
POSTGRES_DB=redflag
POSTGRES_USER=redflag
POSTGRES_PASSWORD=redflag_bootstrap
# RedFlag Server Configuration
REDFLAG_SERVER_HOST=0.0.0.0
REDFLAG_SERVER_PORT=8080
REDFLAG_DB_HOST=postgres
REDFLAG_DB_PORT=5432
REDFLAG_DB_NAME=redflag
REDFLAG_DB_USER=redflag
REDFLAG_DB_PASSWORD=redflag_bootstrap
# Admin Configuration
REDFLAG_ADMIN_USER=admin
REDFLAG_ADMIN_PASSWORD=CHANGE_ME_ADMIN_PASSWORD
REDFLAG_JWT_SECRET=CHANGE_ME_JWT_SECRET_AT_LEAST_32_CHARS_LONG
# Token Configuration
REDFLAG_TOKEN_EXPIRY=24h
REDFLAG_MAX_TOKENS=100
REDFLAG_MAX_SEATS=10