docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models - Update API reference auth requirements - Add dispute module references and warning blocks - Add 2026-05-24 audit remediation callout to Overview - Generate task breakdowns and audit artifacts - Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
35
Taskmaster/Tasks/task-4-5.md
Normal file
35
Taskmaster/Tasks/task-4-5.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
taskmaster_id: "4.5"
|
||||
status: "pending"
|
||||
priority: "high"
|
||||
depends_on: ["2"]
|
||||
parent_id: "4"
|
||||
source: "taskmaster"
|
||||
generated_at: "2026-05-24T07:15:25.199Z"
|
||||
---
|
||||
|
||||
# 4.5 - Decide session, passkey, and admin step-up architecture
|
||||
|
||||
- [ ] 4.5 - Decide session, passkey, and admin step-up architecture #taskmaster #priority/high #status/pending ⏫ 🆔 tm-4-5 ⛔ tm-2
|
||||
|
||||
## Metadata
|
||||
|
||||
| Field | Value |
|
||||
| --- | --- |
|
||||
| Taskmaster ID | 4.5 |
|
||||
| Status | pending |
|
||||
| Priority | high |
|
||||
| Dependencies | 2 |
|
||||
| Parent | 4 - Define backend security and refactor strategy from latest audit |
|
||||
|
||||
## Description
|
||||
|
||||
Choose browser session model and high-risk admin authentication requirements.
|
||||
|
||||
## Details
|
||||
|
||||
Decide localStorage versus httpOnly cookies, access/refresh token lifetimes, CSRF strategy, refresh rotation, WebAuthn requirements, OAuth requirements, device/session revocation, and whether payouts/role changes require step-up authentication or two-person approval.
|
||||
|
||||
## Verification
|
||||
|
||||
Decision record lists chosen model, rejected alternatives, migration cost, and required implementation tasks.
|
||||
Reference in New Issue
Block a user