Task 2
+Implement platform audit remediation plan
+Address the code-backed security and consistency issues identified in the 2026-05-24 platform audit remediation PRD.
+Details and test strategy
+Source PRD: .taskmaster/docs/prd-platform-audit-remediation-plan-2026-05-24.md. Target backend hardening first, then documentation/runtime alignment. Delivery order suggested by PRD: security/auth, rate limiting, passkeys, Web3 verification, socket hardening, dispute hold controls, docs/API alignment.
+Test strategy: Add focused regression tests for route auth/ownership, passkey challenge/verification, Web3 verification semantics, socket authorization, rate limiting tiers, and payout/release dispute holds. Update API docs after behavior is implemented.
+ +Subtasks (7)
+-
+
-
+ + 2.1 + Secure unauthenticated endpoints and owner enforcement + pending + high ++
Require authenticateToken and owner/admin checks on exposed payment, AI, and legacy notification routes.
+ +
+ -
+ + 2.2 + Re-enable and scope rate limiting + pending + high ++
Restore global and route-tiered rate limits for public-sensitive paths.
+Depends on: 2.1
+
+ -
+ + 2.3 + Replace stubbed passkey/WebAuthn flow + pending + high ++
Implement production-grade WebAuthn registration/authentication and shared challenge storage.
+Depends on: 2.1
+
+ -
+ + 2.4 + Strengthen DePay/Web3 payment verification + pending + high ++
Verify transaction recipient, token contract, and amount, not only receipt success.
+Depends on: 2.1
+
+ -
+ + 2.5 + Lock Socket.IO room joins to authenticated context + pending + medium ++
Remove trust in client-supplied user/buyer/seller room IDs.
+Depends on: 2.1
+
+ -
+ + 2.6 + Enforce dispute hold before payout and release operations + pending + medium ++
Add payment hold state and central release/refund guards that block disputed funds.
+Depends on: 2.1, 2.4
+
+ -
+ + 2.7 + Align documentation, API references, and runtime enums + pending + medium ++
Normalize disputed/payment/request status docs and implementation references after security behavior changes.
+Depends on: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6
+