Fix ECDH zeroization, add audit logging, and remediate high findings

- Fix #61: handleRotateKey and handleDeleteUser now zeroize stored privBytes instead of calling Bytes() (which returns a copy). New state populates privBytes; old references nil'd for GC. - Add audit logging subsystem (internal/audit) with structured event recording for cryptographic operations. - Add audit log engine spec (engines/auditlog.md). - Add ValidateName checks across all engines for path traversal (#48). - Update AUDIT.md: all High findings resolved (0 open). - Add REMEDIATION.md with detailed remediation tracking. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 14:04:39 -07:00
parent b33d1f99a0
commit 5c5d7e184e
24 changed files with 1699 additions and 72 deletions
--- a/internal/grpcserver/engine.go
+++ b/internal/grpcserver/engine.go
@@ -29,6 +29,14 @@ func (es *engineServer) Mount(ctx context.Context, req *pb.MountRequest) (*pb.Mo
 		}
 	}

+	// Inject external_url into engine config if available and not already set.
+	if config == nil {
+		config = make(map[string]interface{})
+	}
+	if _, ok := config["external_url"]; !ok && es.s.cfg.Server.ExternalURL != "" {
+		config["external_url"] = es.s.cfg.Server.ExternalURL
+	}
+
 	if err := es.s.engines.Mount(ctx, req.Name, engine.EngineType(req.Type), config); err != nil {
 		es.s.logger.Error("grpc: mount engine", "name", req.Name, "type", req.Type, "error", err)
 		switch {