← Security

Security Changelog

Material changes to Catch’s security posture. Vulnerability disclosures, control improvements, subprocessor changes, and certification progress. Minor operational changes are not logged here.

2026-04-20Controls

Cross-workspace data isolation verified; AI architecture transparency section added

  • Completed a full audit of all AI/ML data paths in the Catch backend. Confirmed that Catch operates no proprietary AI models — Anthropic's Claude API is the sole inference surface. All other processing is deterministic code, static rules, or configuration. Report filed at docs/security/investigations/model-inventory.md.
  • Deleted the memory_org table and all associated code paths (SF-002). This was the only code path in the system that aggregated customer data across workspaces without workspace isolation. The table was empty in production and its only writer was dead code, but the path existed in code and has now been removed. No cross-workspace aggregation path remains in the codebase.
  • Added an explicit section to the security page: 'How Catch improves over time without training on your data.' The section clarifies that Catch uses Anthropic's Claude as its inference engine, does not operate proprietary AI models, and does not train, fine-tune, or update any model using customer content.
  • Strengthened the workspace isolation description to reflect current state: no code path in the system aggregates customer data across workspaces for cross-customer analysis.
2026-04-20Controls

Tier 1 and Tier 2 security controls shipped (SEC-004, SEC-008, SEC-050, SEC-058, SEC-059, SEC-060, SEC-065)

  • SEC-060: Preview environment isolation gate added to both backend (FastAPI startup) and frontend (Next.js instrumentation). Non-production environments that connect to production database hosts now refuse to start with a clear error and fix instructions.
  • SEC-008: All 15 /debug/* endpoints migrated onto a FastAPI router with router-level authentication and rate limiting (10 req/min per IP). Structurally impossible to add an unguarded debug route going forward.
  • SEC-065: CI gate added that fails builds containing non-approved LLM provider imports (openai, cohere, mistral, google.generativeai, huggingface_hub InferenceClient, boto3 Bedrock). Only Anthropic is an approved provider.
  • SEC-058: Classification headers (@data-classification, @rls-required, @retention-rule) added to all 45 existing migrations. CI gate now enforces headers on all future migrations.
  • SEC-059: CI gate added that verifies @rls-required:true migrations contain actual RLS SQL and flags permissive USING(true) policies without an explicit approval annotation.
  • SEC-004: Static credential audit across both repos. All four checks came back clean: service role key properly scoped, DATABASE_URL not exposed in frontend, OAuth tokens never returned raw, frontend Supabase client uses anon key only. One medium debt finding (content_platform_connections plaintext tokens) tracked for Sprint 2.
  • SEC-050: Envelope encryption design completed for Sprint 2 implementation. Two-tier key hierarchy (master key to workspace key to field values), migration strategy with completion-gated fallback, and activation triggers including a hard 2027-04-20 deadline.
2026-04-18Controls

Sprint 0 security controls shipped

  • SEC-007: Created services/utils/redact.py with redact_email() helper. All 6 inline email[:3] patterns in services/ replaced with the helper to prevent partial email addresses from appearing in logs.
  • SEC-007b: Replaced all 9 print() calls in services/audit_onboarding.py with structured logger calls. Python logging infrastructure added to the module.
  • SEC-041: Reviewed 860 except blocks across 100 files in services/. 851 classified safe-to-swallow (Bucket A). 9 Bucket B sites fixed: token_crypto.py now raises on encrypted-bytes decrypt failure instead of silently returning None; execution_controller.py HMAC signing now raises if TOKEN_ENCRYPTION_KEY is absent instead of falling back to a known default; 8 sync services (HubSpot, Salesforce, Outlook, Outlook Calendar, Calendar, Zoom, Teams Chat, Google Meet) now log ERROR before plaintext token fallback.
  • CI gate added: test_logging_safety.py catches raw email patterns in logger calls. GitHub Actions workflow added to run the gate on every push to main.
2026-04-18Endpoints

Debug and internal endpoint access controls hardened

  • /api/internal/audit/generate-data and /api/internal/audit/generate-pdf were unauthenticated. Added verify_internal_key Bearer token requirement.
  • /debug/commitment/{id} was unauthenticated. Added _check_debug_secret query-string gate.
  • /debug/contexts-created-since was returning raw email body content (first 200 characters). Changed to return character length only.
  • /debug/workspace-counts probe sample was returning commitment descriptions. Changed to return id and status only.
  • /debug/integration-connections was exposing account_email in full across workspaces. Added _redact_for_debug() helper — shows first 3 characters of local part only.
  • /debug/resolve-context was returning Python tracebacks in HTTP responses. Tracebacks now go to Railway logs only; HTTP response returns a generic error message.
2026-04-18Page

Security page published at usecatch.io/security

  • Published this security page describing data collection, protection controls, honest limitations, who can access data, retention schedule, user controls, incident response process, and subprocessor list.

Entries above cover changes from April 2026 onward. This changelog is maintained as part of Catch’s commitment to operational transparency. To report a vulnerability, email security@usecatch.io with a subject line starting with “VULN:”.