Skip to content

Harden attestation abuse controls and operations#23

Merged
aliXsed merged 5 commits into
mainfrom
feat/attestation-hardening-ops
Jul 17, 2026
Merged

Harden attestation abuse controls and operations#23
aliXsed merged 5 commits into
mainfrom
feat/attestation-hardening-ops

Conversation

@aliXsed

@aliXsed aliXsed commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add per-IP load shedding and atomic Redis-backed per-wallet challenge/attempt limits before expensive verification
  • archive verified iOS CBOR and decoded Android verdicts to GCS on a best-effort, non-gating path
  • add structured privacy-safe events, Play Integrity timeouts/sanitized errors, monitoring guidance, and quota runbook
  • expose /health for Cloud Run while retaining /healthz compatibility, and expand Rust/Redis/Node coverage

Test plan

  • cargo test --workspace
  • cargo clippy --all-targets --all-features -- -D warnings
  • cargo fmt --all -- --check
  • coverage: 82.07% lines / 83.75% regions (thresholds 80% / 78%)
  • ./scripts/run-polyglot-nodejs-e2e.sh
  • deployed digest sha256:c7abdd9c...b05104 to staging through infra PR NodleCode/infra#1253
  • staging Node integration: 13/13 passed; /health returns 200; Cloud Run ready; no revision errors; structured event verified

Infrastructure: https://github.com/NodleCode/infra/pull/1253

Add shared wallet limits, best-effort evidence archiving, structured alert signals, and deployment runbooks so platform verification degrades safely under abuse and upstream failures.

Co-authored-by: Cursor <[email protected]>
@github-actions

Copy link
Copy Markdown

Coverage report

Thresholds: 80% line · 78% region (condition)

✅ Coverage meets the required threshold.

   13|      1|            .init(),
   14|      3|        _ => registry.with(tracing_subscriber::fmt::layer()).init(),
   15|       |    }
   16|      4|}

aliXsed and others added 4 commits July 17, 2026 15:47
Keep /healthz for compatibility while adding /health because Google front ends reserve some paths ending in z.

Co-authored-by: Cursor <[email protected]>
Drop entries whose timestamps are all outside the window; they never affect admission decisions and otherwise accumulate across unique spoofed IPs.

Co-authored-by: Cursor <[email protected]>
Keep Redis per-wallet quotas as the authoritative abuse control while
allowing tens of devices behind one public IP.

Co-authored-by: Cursor <[email protected]>
Pin the test to 1 request/minute so it no longer depends on the
production per-IP default of 300.

Co-authored-by: Cursor <[email protected]>
@aliXsed
aliXsed merged commit ceccd55 into main Jul 17, 2026
5 checks passed
@aliXsed
aliXsed deleted the feat/attestation-hardening-ops branch July 17, 2026 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant