19 lines
1.1 KiB
Markdown
19 lines
1.1 KiB
Markdown
## 1. Runtime Stability Hardening
|
|
|
|
- [x] 1.1 Add startup validation for `SECRET_KEY` and environment-aware secure defaults.
|
|
- [x] 1.2 Register centralized shutdown hooks to stop cache updater, realtime sync worker, Redis client, and DB engine.
|
|
- [x] 1.3 Isolate database health probing from request pool and keep degraded signal contract stable.
|
|
- [x] 1.4 Normalize pool-exhausted response metadata and retry headers across API error paths.
|
|
|
|
## 2. Security Baseline Enforcement
|
|
|
|
- [x] 2.1 Add CSRF token issuance/validation for form posts and JSON mutation endpoints.
|
|
- [x] 2.2 Update login flow to rotate session identity on successful authentication.
|
|
- [x] 2.3 Replace JS-context template interpolation in `hold_detail.html` with JSON-safe serialization.
|
|
|
|
## 3. Verification and Documentation
|
|
|
|
- [x] 3.1 Add tests for startup secret guard, CSRF rejection, and session-rotation behavior.
|
|
- [x] 3.2 Add lifecycle tests/validation for shutdown cleanup and health endpoint behavior under pool saturation.
|
|
- [x] 3.3 Update README/README.mdj runtime hardening sections and operator rollout notes.
|