Skip to content

epic: security hardening + receiver verify #9

Description

@williamdewitt

Epic — decompose into ready issues before pickup.

Security hardening + receiver verification.

  • Non-bypassable SSRF guard (HTTPS-only, IP filtering, connect-time anti-rebinding, no-redirect, policy seam).
  • Outbound payload cap + response-read cap; TLS-on.
  • Secret-at-rest via host IDataProtectionProvider.
  • Receiver WebhookVerifier (UC-6) + timestamp replay protection.

Risk: critical — every sub-issue is security-sensitive and needs a linked design update.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:securitySSRF guard, signing, secret-at-rest, receiver verifyepicA north-star milestone-level item to decomposepriority:p2Normal priorityrisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions