Fix ECDH zeroization, add audit logging, and remediate high findings

- Fix #61: handleRotateKey and handleDeleteUser now zeroize stored privBytes instead of calling Bytes() (which returns a copy). New state populates privBytes; old references nil'd for GC. - Add audit logging subsystem (internal/audit) with structured event recording for cryptographic operations. - Add audit log engine spec (engines/auditlog.md). - Add ValidateName checks across all engines for path traversal (#48). - Update AUDIT.md: all High findings resolved (0 open). - Add REMEDIATION.md with detailed remediation tracking. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 14:04:39 -07:00
parent b33d1f99a0
commit 5c5d7e184e
24 changed files with 1699 additions and 72 deletions
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@@ -36,7 +36,7 @@ func setupTestServer(t *testing.T) (*Server, *seal.Manager, chi.Router) {
 	_ = db.Migrate(database)

 	b := barrier.NewAESGCMBarrier(database)
-	sealMgr := seal.NewManager(database, b, slog.Default())
+	sealMgr := seal.NewManager(database, b, nil, slog.Default())
 	_ = sealMgr.CheckInitialized()

 	// Auth requires MCIAS client which we can't create in tests easily,
@@ -61,7 +61,7 @@ func setupTestServer(t *testing.T) (*Server, *seal.Manager, chi.Router) {
 	}

 	logger := slog.Default()
-	srv := New(cfg, sealMgr, authenticator, policyEngine, engineRegistry, logger, "test")
+	srv := New(cfg, sealMgr, authenticator, policyEngine, engineRegistry, nil, logger, "test")

 	r := chi.NewRouter()
 	srv.registerRoutes(r)