Context
SECURITY.md covers reporting, but the app stores the address and wallet id in localStorage and signs transactions client-side, which deserves a documented policy.
Scope
- Document what is stored client-side, the no-secrets rule, and the wallet-signing trust model.
Acceptance criteria
- SECURITY.md describes client-side data handling and the signing model.
Pointers
SECURITY.md, src/wallet/WalletProvider.tsx.
Context
SECURITY.mdcovers reporting, but the app stores the address and wallet id in localStorage and signs transactions client-side, which deserves a documented policy.Scope
Acceptance criteria
Pointers
SECURITY.md,src/wallet/WalletProvider.tsx.