Business-Management

curo/Business-Management

Fork 0

Commit Graph

Author	SHA1	Message	Date
curo1305	e2c55556ac	Switch JWT signing from HS256 to RS256 (4096-bit RSA) - Replace symmetric SECRET_KEY with JWT_PRIVATE_KEY / JWT_PUBLIC_KEY (PEM) - Add iat claim to every token - Add expand_newlines validator in config for single-line .env PEM values - Add scripts/generate_jwt_keys.py key-generation helper - Update security-auditor agent JWT checklist with RS256 enforcement rules - Mark RS256 as done in TODO.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 23:00:35 +02:00
curo1305	0af5e8cc24	Harden JWT: 8-hour expiry, add JWT vulnerability checks - Reduce ACCESS_TOKEN_EXPIRE_MINUTES from 24h to 8h (no permanent sessions) - Add JWT_PATTERNS to security_check.py: algorithm=none, verify_exp=False, multi-day timedelta, oversized EXPIRE_MINUTES, hardcoded secret - Add JWT security checklist to security-auditor agent - Document auth/session security items in TODO.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 22:54:53 +02:00
curo1305	f37c7ae55d	Add four custom subagent definitions - .claude/agents/backend-dev.md: advisory, read-only, FastAPI/SQLAlchemy expert - .claude/agents/frontend-dev.md: advisory, read-only, React/TS/TanStack expert - .claude/agents/ux-designer.md: advisory, read-only, UX + Figma MCP setup guide - .claude/agents/security-auditor.md: active, full write access, fixes vulnerabilities directly; uses claude-opus-4-6 for deeper reasoning Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 21:04:19 +02:00

Author

SHA1

Message

Date

curo1305

e2c55556ac

Switch JWT signing from HS256 to RS256 (4096-bit RSA)

- Replace symmetric SECRET_KEY with JWT_PRIVATE_KEY / JWT_PUBLIC_KEY (PEM)
- Add iat claim to every token
- Add expand_newlines validator in config for single-line .env PEM values
- Add scripts/generate_jwt_keys.py key-generation helper
- Update security-auditor agent JWT checklist with RS256 enforcement rules
- Mark RS256 as done in TODO.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-13 23:00:35 +02:00

curo1305

0af5e8cc24

Harden JWT: 8-hour expiry, add JWT vulnerability checks

- Reduce ACCESS_TOKEN_EXPIRE_MINUTES from 24h to 8h (no permanent sessions)
- Add JWT_PATTERNS to security_check.py: algorithm=none, verify_exp=False,
  multi-day timedelta, oversized EXPIRE_MINUTES, hardcoded secret
- Add JWT security checklist to security-auditor agent
- Document auth/session security items in TODO.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-13 22:54:53 +02:00

curo1305

f37c7ae55d

Add four custom subagent definitions

- .claude/agents/backend-dev.md: advisory, read-only, FastAPI/SQLAlchemy expert
- .claude/agents/frontend-dev.md: advisory, read-only, React/TS/TanStack expert
- .claude/agents/ux-designer.md: advisory, read-only, UX + Figma MCP setup guide
- .claude/agents/security-auditor.md: active, full write access, fixes
  vulnerabilities directly; uses claude-opus-4-6 for deeper reasoning

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-13 21:04:19 +02:00

3 Commits