Business-Management

Author	SHA1	Message	Date
curo1305	03fcc6e117	Document app container architecture and socket proxy requirement - TODO: add app container architecture section with socket proxy, network isolation, image allowlist, and Podman evaluation items - security-auditor: hard rules for never mounting raw Docker socket and never spawning privileged containers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 23:19:38 +02:00
curo1305	e2c55556ac	Switch JWT signing from HS256 to RS256 (4096-bit RSA) - Replace symmetric SECRET_KEY with JWT_PRIVATE_KEY / JWT_PUBLIC_KEY (PEM) - Add iat claim to every token - Add expand_newlines validator in config for single-line .env PEM values - Add scripts/generate_jwt_keys.py key-generation helper - Update security-auditor agent JWT checklist with RS256 enforcement rules - Mark RS256 as done in TODO.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 23:00:35 +02:00
curo1305	0af5e8cc24	Harden JWT: 8-hour expiry, add JWT vulnerability checks - Reduce ACCESS_TOKEN_EXPIRE_MINUTES from 24h to 8h (no permanent sessions) - Add JWT_PATTERNS to security_check.py: algorithm=none, verify_exp=False, multi-day timedelta, oversized EXPIRE_MINUTES, hardcoded secret - Add JWT security checklist to security-auditor agent - Document auth/session security items in TODO.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 22:54:53 +02:00
curo1305	f37c7ae55d	Add four custom subagent definitions - .claude/agents/backend-dev.md: advisory, read-only, FastAPI/SQLAlchemy expert - .claude/agents/frontend-dev.md: advisory, read-only, React/TS/TanStack expert - .claude/agents/ux-designer.md: advisory, read-only, UX + Figma MCP setup guide - .claude/agents/security-auditor.md: active, full write access, fixes vulnerabilities directly; uses claude-opus-4-6 for deeper reasoning Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 21:04:19 +02:00

4 Commits