Gap analysis of the codebase vs the plan surfaced surfaces with no QA home: - DB migration system (idempotency/rollback/fresh==migrated, money conversions) - encryption-key lifecycle (missing/rotated key → graceful degrade, no plaintext/leak) - container deploy (docker-entrypoint: dir perms chmod 700, non-root, run migrations) - update-check phone-home (external request → disclosed + opt-out) - rate-limiter completeness (backupOperationLimiter, skipRateLimitIfNoUsers) Added the B16 batch + playbook, and extended B0 recon to enumerate middleware/workers/migrations/deploy so future cycles can't miss them. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| images | ||
| Authentik-Integration.md | ||
| CSRF-SPA-Setup.md | ||
| Engineering_Reference_Manual.md | ||
| Engineering_Reference_promp.md | ||
| QA_PLAN.md | ||
| RATE_LIMITING_ENHANCEMENT.md | ||
| ROADMAP_REDESIGN_PLAN.md | ||
| ROADMAP_UI_AUDIT.md | ||
| UI_IMPROVEMENTS.md | ||
| advisory_non_bill_transaction_filters_us_ms_5000.json | ||
| cents-migration-plan.md | ||
| merchant_store_match_us_nems_online_5k_v0_2.json | ||
| top_200_us_subscriptions.csv | ||
| top_200_us_subscriptions_researched_2026-06-06.json | ||