-
Notifications
You must be signed in to change notification settings - Fork 0
feat(security): non-bypassable SSRF guard (M3a) #70
Copy link
Copy link
Open
Labels
area:deliveryDelivery loop / dispatcher / retry / signingDelivery loop / dispatcher / retry / signingarea:securitySSRF guard, signing, secret-at-rest, receiver verifySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityNormal priorityreadyHas acceptance criteria + DoD; pickable by the loopHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)SSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew featureNew feature
Description
Metadata
Metadata
Assignees
Labels
area:deliveryDelivery loop / dispatcher / retry / signingDelivery loop / dispatcher / retry / signingarea:securitySSRF guard, signing, secret-at-rest, receiver verifySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityNormal priorityreadyHas acceptance criteria + DoD; pickable by the loopHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)SSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew featureNew feature
Part of #9 (M3 epic). Decomposed slice M3a.
risk:critical— security-sensitive, human-merge + linked design update. Notagent-labelled yet (flip on when ready to supervise an autonomous build).Acceptance criteria
Definition of done
Design: docs/concepts/security.md; docs/design/decisions.md (#4). Foundational — M3b builds on this.