Improvements
Complete

Real vendor proofs: identity (Logto), payments (Stripe), e-sign (Documenso), file scanning (S3 + ClamAV)

The four P0 real-vendor proofs, all green as of 2026-07-05:

  • Logto OIDC (5f7d770): the real identity path proven live in CI (plus a resetMfa 405 fix found en route).
  • Stripe (bf3950e): real signed webhook captured in test mode flipping an invoice to paid; unit_amount_decimal fix.
  • Documenso (prod): upload → send → signer email → real signing UI → document.completed webhook → Signed 1/1 → 225KB signed PDF downloaded. Found+fixed: bucket CORS missing, coolify network routing, clamd alias.
  • S3 + ClamAV (prod): clean path auto-accepted; quarantine path proven with a recorded EICAR drill (client upload → quarantined → correct portal/staff UX). The 2 dead-lettered events from the outage window were redriven in-app via the new dead-letter Retry (e98af74).

0 Comments

Sign in to comment

No comments yet. Be the first to share your thoughts!