Improvements
Complete
Security & reliability hardening wave (H-series / WS-series)
The 2026-07-02→04 hardening push, all shipped:
- Redis sliding-window rate limiting, fail-closed on auth paths (H5)
- Real Sentry-protocol error tracking wired at web/worker seams + /api/health depth + dead-letter admin with in-app Retry (H8, WS-12, e98af74)
- Daily DB backups + restore drill + runbook (H7)
- Enforced nonce CSP + frame-ancestors (H4); staff-MFA gate (H6); prod fake-driver fence (H3)
- Payments webhook retry-exactly-once (H10/H11); session expiry + fail-closed middleware (WS-6/WS-4); revoked-contact session hole (C1)
- CI unblocked, deploy gated on green CI, E2E re-armed as CI+deploy gate (H1/H2/WS-1)
- Real-OpenFGA authz path proven in CI (tenant isolation, deny-by-default, revocation)
- Booking concurrency idempotency (WS-11); data-lifecycle purge + magic-byte sniff (WS-9)
0 Comments
Sign in to comment
No comments yet. Be the first to share your thoughts!