feat: The Other Dude v9.0.1 — full-featured email system

ci: add GitHub Pages deployment workflow for docs site Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 17:46:37 -05:00
commit b840047e19
511 changed files with 106948 additions and 0 deletions
--- a/backend/app/models/key_set.py
+++ b/backend/app/models/key_set.py
@@ -0,0 +1,134 @@
+"""Key set and key access log models for zero-knowledge architecture."""
+
+import uuid
+from datetime import datetime
+
+from sqlalchemy import DateTime, ForeignKey, Integer, LargeBinary, Text, func
+from sqlalchemy.dialects.postgresql import UUID
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from app.database import Base
+
+
+class UserKeySet(Base):
+    """Encrypted key bundle for a user.
+
+    Stores the RSA private key (wrapped by AUK), tenant vault key
+    (wrapped by AUK), RSA public key, and key derivation salts.
+    One key set per user (UNIQUE on user_id).
+    """
+
+    __tablename__ = "user_key_sets"
+
+    id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        primary_key=True,
+        default=uuid.uuid4,
+        server_default=func.gen_random_uuid(),
+    )
+    user_id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("users.id", ondelete="CASCADE"),
+        nullable=False,
+        unique=True,
+    )
+    tenant_id: Mapped[uuid.UUID | None] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("tenants.id", ondelete="CASCADE"),
+        nullable=True,  # NULL for super_admin
+    )
+    encrypted_private_key: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    private_key_nonce: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    encrypted_vault_key: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    vault_key_nonce: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    public_key: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    pbkdf2_iterations: Mapped[int] = mapped_column(
+        Integer,
+        server_default=func.literal_column("650000"),
+        nullable=False,
+    )
+    pbkdf2_salt: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    hkdf_salt: Mapped[bytes] = mapped_column(
+        LargeBinary, nullable=False
+    )
+    key_version: Mapped[int] = mapped_column(
+        Integer,
+        server_default=func.literal_column("1"),
+        nullable=False,
+    )
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        nullable=False,
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        nullable=False,
+    )
+
+    # Relationships
+    user: Mapped["User"] = relationship("User")  # type: ignore[name-defined]
+    tenant: Mapped["Tenant | None"] = relationship("Tenant")  # type: ignore[name-defined]
+
+    def __repr__(self) -> str:
+        return f"<UserKeySet id={self.id} user_id={self.user_id} version={self.key_version}>"
+
+
+class KeyAccessLog(Base):
+    """Immutable audit trail for key operations.
+
+    Append-only: INSERT+SELECT only, no UPDATE/DELETE via RLS.
+    """
+
+    __tablename__ = "key_access_log"
+
+    id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        primary_key=True,
+        default=uuid.uuid4,
+        server_default=func.gen_random_uuid(),
+    )
+    tenant_id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("tenants.id", ondelete="CASCADE"),
+        nullable=False,
+    )
+    user_id: Mapped[uuid.UUID | None] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("users.id", ondelete="SET NULL"),
+        nullable=True,
+    )
+    action: Mapped[str] = mapped_column(Text, nullable=False)
+    resource_type: Mapped[str | None] = mapped_column(Text, nullable=True)
+    resource_id: Mapped[str | None] = mapped_column(Text, nullable=True)
+    key_version: Mapped[int | None] = mapped_column(Integer, nullable=True)
+    ip_address: Mapped[str | None] = mapped_column(Text, nullable=True)
+    # Phase 29 extensions for device credential access tracking
+    device_id: Mapped[uuid.UUID | None] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("devices.id"),
+        nullable=True,
+    )
+    justification: Mapped[str | None] = mapped_column(Text, nullable=True)
+    correlation_id: Mapped[str | None] = mapped_column(Text, nullable=True)
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        nullable=False,
+    )
+
+    def __repr__(self) -> str:
+        return f"<KeyAccessLog id={self.id} action={self.action!r}>"