This document defines the current security posture.
For each trust boundary, we list the relevant threats and required controls to mitigate those threats. This is not an exhaustive threat model but rather a summary of the most relevant issues for this project.
DATABASE_URLis required and must point to a non-production-safe environment unless explicitly intended otherwise
Security-relevant changes should include:
- malformed payload tests
- invalid-signature tests
- valid-signature tests
- claim-race regression tests
- smoke verification