-
Notifications
You must be signed in to change notification settings - Fork 0
feat(security): outbound payload + response-read caps + TLS-on (M3b) #71
Copy link
Copy link
Open
Labels
area:deliveryDelivery loop / dispatcher / retry / signingDelivery loop / dispatcher / retry / signingarea:securitySSRF guard, signing, secret-at-rest, receiver verifySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityNormal priorityreadyHas acceptance criteria + DoD; pickable by the loopHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)SSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew featureNew feature
Description
Metadata
Metadata
Assignees
Labels
area:deliveryDelivery loop / dispatcher / retry / signingDelivery loop / dispatcher / retry / signingarea:securitySSRF guard, signing, secret-at-rest, receiver verifySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityNormal priorityreadyHas acceptance criteria + DoD; pickable by the loopHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)SSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew featureNew feature
Part of #9 (M3 epic). Decomposed slice M3b.
risk:critical— human-merge + design update. Notagent-labelled yet.Blocked by #70.
Acceptance criteria
Definition of done
Design: docs/concepts/security.md. Shares the delivery HTTP path with M3a (hence blocked-by).