Complete task 4 backend security architecture docs
This commit is contained in:
@@ -337,7 +337,7 @@
|
||||
"details": "Source audit: .taskmaster/docs/audit-backend-stack-security-and-refactor-assessment-2026-05-24.md. This task is advisory/architecture-focused and should run in parallel with immediate hardening. It should produce the decision artifacts needed before any backend-core rewrite or provider migration is started.",
|
||||
"testStrategy": "Review and sign off each architecture document with backend, payments, frontend, and operations stakeholders. Confirm every open question has an owner or explicit deferred decision before implementation work begins.",
|
||||
"priority": "high",
|
||||
"status": "in-progress",
|
||||
"status": "done",
|
||||
"dependencies": [],
|
||||
"subtasks": [
|
||||
{
|
||||
@@ -371,52 +371,56 @@
|
||||
"title": "Specify funds ledger and escrow state machine",
|
||||
"description": "Define canonical money movement and legal state transitions before refactor or provider migration.",
|
||||
"details": "Create specs for FundsAccount, LedgerEntry, FundsBalance, gross paid, provider fees, platform fees, held, disputed, releasable, released, refunded, idempotency keys, reconciliation behavior, purchase request states, payment states, escrow/funds states, dispute states, valid transitions, forbidden transitions, and release/refund/admin override preconditions.",
|
||||
"status": "pending",
|
||||
"status": "done",
|
||||
"priority": "high",
|
||||
"dependencies": [
|
||||
2
|
||||
],
|
||||
"testStrategy": "Spec can be used to reject double-release, release-during-dispute, underfunded payout, and ambiguous provider-event scenarios.",
|
||||
"parentId": "undefined"
|
||||
"parentId": "undefined",
|
||||
"updatedAt": "2026-05-24T07:23:41.596Z"
|
||||
},
|
||||
{
|
||||
"id": 4,
|
||||
"title": "Create authorization matrix for REST and Socket.IO",
|
||||
"description": "Map every endpoint and realtime event to access level, ownership checks, state preconditions, rate-limit tier, and audit-log requirement.",
|
||||
"details": "Include public/authenticated/owner/buyer/seller/admin/support/service-role classifications. Socket.IO rooms must be server-derived from authenticated identity, not client-supplied user IDs.",
|
||||
"status": "pending",
|
||||
"status": "done",
|
||||
"priority": "high",
|
||||
"dependencies": [
|
||||
2
|
||||
],
|
||||
"testStrategy": "No route or socket event remains unmapped; implementation tasks can reference matrix rows directly.",
|
||||
"parentId": "undefined"
|
||||
"parentId": "undefined",
|
||||
"updatedAt": "2026-05-24T07:23:43.108Z"
|
||||
},
|
||||
{
|
||||
"id": 5,
|
||||
"title": "Decide session, passkey, and admin step-up architecture",
|
||||
"description": "Choose browser session model and high-risk admin authentication requirements.",
|
||||
"details": "Decide localStorage versus httpOnly cookies, access/refresh token lifetimes, CSRF strategy, refresh rotation, WebAuthn requirements, OAuth requirements, device/session revocation, and whether payouts/role changes require step-up authentication or two-person approval.",
|
||||
"status": "pending",
|
||||
"status": "done",
|
||||
"priority": "high",
|
||||
"dependencies": [
|
||||
2
|
||||
],
|
||||
"testStrategy": "Decision record lists chosen model, rejected alternatives, migration cost, and required implementation tasks.",
|
||||
"parentId": "undefined"
|
||||
"parentId": "undefined",
|
||||
"updatedAt": "2026-05-24T07:23:44.643Z"
|
||||
},
|
||||
{
|
||||
"id": 6,
|
||||
"title": "Specify webhook security and provider adapter contracts",
|
||||
"description": "Define provider-neutral payment interface and signed webhook processing rules.",
|
||||
"details": "Document createPayInIntent, getPayInStatus, handleProviderWebhook, createHostedPaymentLink, createReleaseInstruction, createRefundInstruction, getPayoutStatus, searchProviderPayments, raw-body signature verification, replay prevention, delivery ID idempotency, duplicate/unknown event behavior, retry semantics, dead-letter/replay storage, and alert thresholds.",
|
||||
"status": "pending",
|
||||
"status": "done",
|
||||
"priority": "high",
|
||||
"dependencies": [
|
||||
3
|
||||
],
|
||||
"testStrategy": "Contracts cover SHKeeper legacy, Request Network, manual/admin wallet, invalid signatures, duplicate deliveries, and missed webhook reconciliation.",
|
||||
"parentId": "undefined"
|
||||
"parentId": "undefined",
|
||||
"updatedAt": "2026-05-24T07:21:42.699Z"
|
||||
},
|
||||
{
|
||||
"id": 7,
|
||||
@@ -437,7 +441,7 @@
|
||||
"title": "Make backend-core stack decision",
|
||||
"description": "Choose whether the security-critical backend core remains TypeScript or moves to Go/Kotlin/Rust/Python.",
|
||||
"details": "Evaluate team capability, two-year maintainability, operational footprint, rewrite cost, dual-stack complexity, auditability, supply-chain exposure, and which modules belong in a payment/auth/escrow core versus the existing marketplace/chat API.",
|
||||
"status": "pending",
|
||||
"status": "done",
|
||||
"priority": "medium",
|
||||
"dependencies": [
|
||||
2,
|
||||
@@ -448,23 +452,25 @@
|
||||
7
|
||||
],
|
||||
"testStrategy": "Architecture decision record states chosen stack, scope of extraction, non-goals, migration phases, rollback criteria, and owners.",
|
||||
"parentId": "undefined"
|
||||
"parentId": "undefined",
|
||||
"updatedAt": "2026-05-24T07:21:45.258Z"
|
||||
},
|
||||
{
|
||||
"id": 9,
|
||||
"title": "Create migration and operational runbooks",
|
||||
"description": "Document rollout, rollback, and incident response for the selected backend/funds architecture.",
|
||||
"details": "Include SHKeeper legacy read path, provider feature flag, ledger backfill, validation report before enforcement, rollback criteria, webhook cutoff, manual reconciliation, failed webhook, duplicate/missing payment, stuck release, disputed release attempt, compromised admin, leaked API key, provider outage, chain/RPC outage, suspicious payment proof, and npm/package compromise.",
|
||||
"status": "pending",
|
||||
"status": "done",
|
||||
"priority": "medium",
|
||||
"dependencies": [
|
||||
8
|
||||
],
|
||||
"testStrategy": "Runbooks identify owner, trigger, detection signal, immediate action, recovery action, and post-incident documentation for each scenario.",
|
||||
"parentId": "undefined"
|
||||
"parentId": "undefined",
|
||||
"updatedAt": "2026-05-24T07:21:47.810Z"
|
||||
}
|
||||
],
|
||||
"updatedAt": "2026-05-24T06:43:04.699Z"
|
||||
"updatedAt": "2026-05-24T07:23:44.643Z"
|
||||
},
|
||||
{
|
||||
"id": "5",
|
||||
@@ -612,12 +618,12 @@
|
||||
],
|
||||
"metadata": {
|
||||
"version": "1.0.0",
|
||||
"lastModified": "2026-05-24T07:04:01.906Z",
|
||||
"lastModified": "2026-05-24T07:23:44.643Z",
|
||||
"taskCount": 5,
|
||||
"completedCount": 2,
|
||||
"completedCount": 4,
|
||||
"tags": [
|
||||
"master"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user