docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models - Update API reference auth requirements - Add dispute module references and warning blocks - Add 2026-05-24 audit remediation callout to Overview - Generate task breakdowns and audit artifacts - Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
35
Taskmaster/Tasks/task-4-2.md
Normal file
35
Taskmaster/Tasks/task-4-2.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
taskmaster_id: "4.2"
|
||||
status: "done"
|
||||
priority: "high"
|
||||
depends_on: ["1"]
|
||||
parent_id: "4"
|
||||
source: "taskmaster"
|
||||
generated_at: "2026-05-24T07:15:25.199Z"
|
||||
---
|
||||
|
||||
# 4.2 - Produce threat model for escrow platform
|
||||
|
||||
- [x] 4.2 - Produce threat model for escrow platform #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-2 ⛔ tm-1
|
||||
|
||||
## Metadata
|
||||
|
||||
| Field | Value |
|
||||
| --- | --- |
|
||||
| Taskmaster ID | 4.2 |
|
||||
| Status | done |
|
||||
| Priority | high |
|
||||
| Dependencies | 1 |
|
||||
| Parent | 4 - Define backend security and refactor strategy from latest audit |
|
||||
|
||||
## Description
|
||||
|
||||
Document protected assets, actors, trust boundaries, and abuse cases for the financial marketplace.
|
||||
|
||||
## Details
|
||||
|
||||
Completed. Produced 09 - Audits/Threat Model - Amanat Escrow Platform.md. Contains: system description, 17 protected asset classes with sensitivity ratings, 11 actors with access levels and risk profiles, trust boundary diagram (Mermaid) with 10 boundary descriptions and current gaps, 23-threat catalog (T01-T23) with STRIDE categories and specific code-path references, risk summary matrix (6 Critical, 10 High, 6 Medium, 1 Low), threat-to-mitigation traceability matrix mapping 9 remediation docs to specific threats. Living document. Open verification items: Socket.IO room auth in socketService.ts, Telegram initData validation, actual lockfile versions for multer/axios/tanstack.
|
||||
|
||||
## Verification
|
||||
|
||||
Threat model maps each high-risk finding to at least one mitigation task or accepted risk.
|
||||
Reference in New Issue
Block a user