maternal-app

andrei/maternal-app

Fork 0

Commit Graph

Author	SHA1	Message	Date
Andrei	f640e091ce	Add prompt injection protection for AI endpoints Some checks failed CI/CD Pipeline / Build Application (push) Has been cancelled Details CI/CD Pipeline / Lint and Test (push) Has been cancelled Details CI/CD Pipeline / E2E Tests (push) Has been cancelled Details Implemented comprehensive security against prompt injection attacks: Detection Patterns: - System prompt manipulation (ignore/disregard/forget instructions) - Role manipulation (pretend to be, act as) - Data exfiltration (show system prompt, list users) - Command injection (execute code, run command) - Jailbreak attempts (DAN mode, developer mode, admin mode) Input Validation: - Maximum length: 2,000 characters - Maximum line length: 500 characters - Maximum repeated characters: 20 consecutive - Special character ratio limit: 30% - HTML/JavaScript injection blocking Sanitization: - HTML tag removal - Zero-width character stripping - Control character removal - Whitespace normalization Rate Limiting: - 5 suspicious attempts per minute per user - Automatic clearing on successful validation - Per-user tracking with session storage Context Awareness: - Parenting keyword validation - Domain-appropriate scope checking - Lenient validation for short prompts Implementation: - lib/security/promptSecurity.ts - Core validation logic - app/api/ai/chat/route.ts - Integrated validation - scripts/test-prompt-injection.mjs - 19 test cases (all passing) - lib/security/README.md - Documentation Test Coverage: ✅ Valid parenting questions (2 tests) ✅ System manipulation attempts (4 tests) ✅ Role manipulation (1 test) ✅ Data exfiltration (3 tests) ✅ Command injection (2 tests) ✅ Jailbreak techniques (2 tests) ✅ Length attacks (2 tests) ✅ Character encoding attacks (2 tests) ✅ Edge cases (1 test) All suspicious attempts are logged with user ID, reason, risk level, and timestamp for security monitoring. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-01 20:15:11 +00:00
Andrei	8e3567e3d6	Add rate limiting to API endpoints Some checks failed CI/CD Pipeline / Lint and Test (push) Has been cancelled Details CI/CD Pipeline / E2E Tests (push) Has been cancelled Details CI/CD Pipeline / Build Application (push) Has been cancelled Details Implemented comprehensive rate limiting for API security: - Created custom Next.js-native rate limiter using in-memory store - Added 5 rate limit configurations: - authLimiter: 5 requests/15min for login/register/password-reset - aiLimiter: 10 requests/hour for AI assistant queries - trackingLimiter: 30 requests/min for activity tracking - readLimiter: 100 requests/min for read-only endpoints - sensitiveLimiter: 3 requests/hour for sensitive operations - Applied rate limiting to endpoints: - /api/auth/login, /api/auth/register, /api/auth/password-reset - /api/ai/chat - /api/tracking/feeding (GET and POST) - Rate limit responses include standard headers: - RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset - Retry-After header with seconds until reset - Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429 Note: Current implementation uses in-memory store. For production with multiple instances, migrate to Redis-backed storage for distributed rate limiting. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-01 20:08:28 +00:00
Andrei	78aef1d918	feat: Add health check endpoint for network status detection Some checks failed CI/CD Pipeline / Lint and Test (push) Has been cancelled Details CI/CD Pipeline / E2E Tests (push) Has been cancelled Details CI/CD Pipeline / Build Application (push) Has been cancelled Details Created /api/health endpoint that returns 200 OK to allow Redux network detection middleware to properly check connectivity status. Without this endpoint, the app was showing as offline even when connected to the internet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-01 19:44:42 +00:00

Author

SHA1

Message

Date

Andrei

f640e091ce

Add prompt injection protection for AI endpoints

CI/CD Pipeline / Build Application (push) Has been cancelled

Details

CI/CD Pipeline / Lint and Test (push) Has been cancelled

Details

CI/CD Pipeline / E2E Tests (push) Has been cancelled

Details

Implemented comprehensive security against prompt injection attacks:

**Detection Patterns:**
- System prompt manipulation (ignore/disregard/forget instructions)
- Role manipulation (pretend to be, act as)
- Data exfiltration (show system prompt, list users)
- Command injection (execute code, run command)
- Jailbreak attempts (DAN mode, developer mode, admin mode)

**Input Validation:**
- Maximum length: 2,000 characters
- Maximum line length: 500 characters
- Maximum repeated characters: 20 consecutive
- Special character ratio limit: 30%
- HTML/JavaScript injection blocking

**Sanitization:**
- HTML tag removal
- Zero-width character stripping
- Control character removal
- Whitespace normalization

**Rate Limiting:**
- 5 suspicious attempts per minute per user
- Automatic clearing on successful validation
- Per-user tracking with session storage

**Context Awareness:**
- Parenting keyword validation
- Domain-appropriate scope checking
- Lenient validation for short prompts

**Implementation:**
- lib/security/promptSecurity.ts - Core validation logic
- app/api/ai/chat/route.ts - Integrated validation
- scripts/test-prompt-injection.mjs - 19 test cases (all passing)
- lib/security/README.md - Documentation

**Test Coverage:**
✅ Valid parenting questions (2 tests)
✅ System manipulation attempts (4 tests)
✅ Role manipulation (1 test)
✅ Data exfiltration (3 tests)
✅ Command injection (2 tests)
✅ Jailbreak techniques (2 tests)
✅ Length attacks (2 tests)
✅ Character encoding attacks (2 tests)
✅ Edge cases (1 test)

All suspicious attempts are logged with user ID, reason, risk level,
and timestamp for security monitoring.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-01 20:15:11 +00:00

Andrei

8e3567e3d6

Add rate limiting to API endpoints

CI/CD Pipeline / Lint and Test (push) Has been cancelled

Details

CI/CD Pipeline / E2E Tests (push) Has been cancelled

Details

CI/CD Pipeline / Build Application (push) Has been cancelled

Details

Implemented comprehensive rate limiting for API security:

- Created custom Next.js-native rate limiter using in-memory store
- Added 5 rate limit configurations:
  - authLimiter: 5 requests/15min for login/register/password-reset
  - aiLimiter: 10 requests/hour for AI assistant queries
  - trackingLimiter: 30 requests/min for activity tracking
  - readLimiter: 100 requests/min for read-only endpoints
  - sensitiveLimiter: 3 requests/hour for sensitive operations

- Applied rate limiting to endpoints:
  - /api/auth/login, /api/auth/register, /api/auth/password-reset
  - /api/ai/chat
  - /api/tracking/feeding (GET and POST)

- Rate limit responses include standard headers:
  - RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
  - Retry-After header with seconds until reset

- Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429

Note: Current implementation uses in-memory store. For production with
multiple instances, migrate to Redis-backed storage for distributed
rate limiting.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-01 20:08:28 +00:00

Andrei

78aef1d918

feat: Add health check endpoint for network status detection

CI/CD Pipeline / Lint and Test (push) Has been cancelled

Details

CI/CD Pipeline / E2E Tests (push) Has been cancelled

Details

CI/CD Pipeline / Build Application (push) Has been cancelled

Details

Created /api/health endpoint that returns 200 OK to allow Redux
network detection middleware to properly check connectivity status.

Without this endpoint, the app was showing as offline even when
connected to the internet.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-01 19:44:42 +00:00

3 Commits