feat(tracking): add key rotation and worker abuse protections#295
Open
salmonumbrella wants to merge 3 commits intosteipete:mainfrom
Open
feat(tracking): add key rotation and worker abuse protections#295salmonumbrella wants to merge 3 commits intosteipete:mainfrom
salmonumbrella wants to merge 3 commits intosteipete:mainfrom
Conversation
…aders Drive search now detects raw API filter syntax (field comparisons, contains, membership, has) and passes it through instead of wrapping in fullText contains. Plain-text searches always append trashed=false to prevent false positives. Gmail MIME now RFC 2047-encodes display names with non-ASCII characters in From/To/Cc/Bcc/Reply-To headers using net/mail. Fixes steipete#254, fixes steipete#255 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Closes steipete#293 and steipete#294. - add TRACKING_KEY_V<n> secrets and current-version tracking metadata\n- add gmail track key rotate command and config metadata\n- persist all key versions and deploy rotated key set to worker\n- add per-IP rate limit + duplicate open dedupe in worker\n- harden bot detection heuristics and tokenized decryption compatibility\n
- Fix Go syntax error in IsConfigured() multiline return - Fix variable scoping bug in DecryptWithVersions (unmarshalErr) - Add admin auth to /q/ endpoint to protect IP/location data - Fix slice mutation in decryptionVersionOrder - Fix test configs missing AdminKey and --no-deploy flag position Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
gog gmail track key rotateCLI command (closes Security: Add key rotation mechanism for email tracking encryption #293)--filterquery pass-through forsearchandsearch-moresubcommandsTest plan
go test ./internal/tracking/... ./internal/cmd/...)/q/endpoint requires admin Bearer token (security fix from code review)Closes #293
Closes #294
🤖 Generated with Claude Code