973 B
973 B
Task 4: Define backend security and refactor strategy from latest audit
Status: pending
Priority: high
Source audit: .taskmaster/docs/audit-backend-stack-security-and-refactor-assessment-2026-05-24.md
Convert the backend stack security/refactor assessment into concrete architecture decisions, documentation deliverables, and developer handoff criteria.
This is an advisory/architecture task. It should run in parallel with immediate backend hardening rather than block urgent remediation.
Subtasks:
- Assign security ownership and launch decision criteria.
- Produce threat model for escrow platform.
- Specify funds ledger and escrow state machine.
- Create authorization matrix for REST and Socket.IO.
- Decide session, passkey, and admin step-up architecture.
- Specify webhook security and provider adapter contracts.
- Define secure build and supply-chain policy.
- Make backend-core stack decision.
- Create migration and operational runbooks.