docs(C7): mark FMP key mitigation complete

2026-05-04 17:08:49 -07:00 · 2026-05-04 17:08:49 -07:00 · bed7f83f3c
commit bed7f83f3c
parent e2e189eede
2 changed files with 2 additions and 2 deletions
--- a/docs/AUDIT_REDESIGN.md
+++ b/docs/AUDIT_REDESIGN.md
@ -47,7 +47,7 @@ Status: ⬜ open · 🟦 in PR · ✅ fixed (commit hash on the right).
 | C4  | `/api/news` passes `symbols` through to Alpaca without validation.                                                                  | 🟡       | ✅     | 7c4b08c    |
 | C5  | Header `fetchMarketIndices` polls every 60 s even when the tab is hidden. Should pause via `document.visibilityState`.              | 🟡       | ✅     | e089832    |
 | C6  | `backend/.env.example` keeps `FMP_API_KEY=demo` AND `apiServer.ts` falls back to `'demo'`. Two sources of truth. Demo key is shared globally and rate-limited.  | 🟡       | ✅     | 1377bf2    |
-| C7  | FMP `apikey` is sent as a query string → leaks into proxy / CDN logs. FMP doesn't support headers, so the only mitigation is server-side caching (see C2). | 🟡       | ⬜     |            |
+| C7  | FMP `apikey` is sent as a query string → leaks into proxy / CDN logs. FMP doesn't support headers, so the only mitigation is server-side caching (see C2). | 🟡       | ✅     | e2e189e    |

 ## D. UX / UI polish

--- a/docs/COMPLETION_CHECKLIST.md
+++ b/docs/COMPLETION_CHECKLIST.md
@ -361,7 +361,7 @@ Expected platform result:
  missing `FMP_API_KEY` behaves. Prefer explicit missing-key failure for
  production and documented demo-only local behavior.

- [ ] `C7` Mitigate FMP key exposure.
+- [x] `C7` Mitigate FMP key exposure. Implementation: `e2e189e`.
  Acceptance: cache from `C2` is in place, logs avoid printing full FMP URLs
  with `apikey`, and docs explain that FMP requires query-string auth.