docs(audit): align documentation with post-remediation backend reality

- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
Siavash Sameni
2026-05-24 11:16:29 +04:00
parent b824ca0435
commit 4cf5c49274
74 changed files with 5964 additions and 81 deletions

View File

@@ -0,0 +1,35 @@
---
taskmaster_id: "2.5"
status: "done"
priority: "medium"
depends_on: ["1"]
parent_id: "2"
source: "taskmaster"
generated_at: "2026-05-24T07:15:25.199Z"
---
# 2.5 - Lock Socket.IO room joins to authenticated context
- [x] 2.5 - Lock Socket.IO room joins to authenticated context #taskmaster #priority/medium #status/done 🔼 🆔 tm-2-5 ⛔ tm-1
## Metadata
| Field | Value |
| --- | --- |
| Taskmaster ID | 2.5 |
| Status | done |
| Priority | medium |
| Dependencies | 1 |
| Parent | 2 - Implement platform audit remediation plan |
## Description
Remove trust in client-supplied user/buyer/seller room IDs.
## Details
Validate socket handshake token, derive server-side room membership, reject mismatched joins, and monitor suspicious join attempts.
## Verification
A user cannot subscribe to another user's rooms; legitimate realtime notifications still arrive.