From 772b4bfc19f0fc1b34c5132c021309eb89a1447d Mon Sep 17 00:00:00 2001 From: Saravana Achu Mac Date: Tue, 5 May 2026 09:41:17 -0700 Subject: [PATCH] docs(roadmap): record production config hardening --- docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md b/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md index f29897b..1316a15 100644 --- a/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md +++ b/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md @@ -138,7 +138,7 @@ Acceptance criteria: Goal: production starts fail closed and do not silently run with development-only security. -- [ ] **P3.1** Change backend config validation so production cannot use default `JWT_SECRET`, memory DB, disabled encryption by accident, or missing Cosmos credentials. Keep test/dev ergonomics intact. Commit: +- [x] **P3.1** Change backend config validation so production cannot use default `JWT_SECRET`, memory DB, disabled encryption by accident, or missing Cosmos credentials. Keep test/dev ergonomics intact. Commit: `e7d381f`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `node --import tsx --input-type=module -e "import { parseConfig } from './src/lib/config.ts'; ..."` accepted a safe production env and rejected unsafe defaults; `git diff --check`. Added exported `parseConfig()`, safe string boolean parsing, development JWT defaulting only for non-production ergonomics, production rejection for default/short JWT secrets, memory DB, missing Cosmos endpoint/key/database, disabled field encryption, and production memory key provider. - [ ] **P3.2** Add tests for production config validation: missing secret, default secret, memory DB in production, missing Cosmos env, encryption provider requirements. Commit: - [ ] **P3.3** Review all unauthenticated backend endpoints. Keep `/health`, `/api/bootstrap`, and public share reads intentional; protect diagnostics or make them explicitly dev/admin-gated. Commit: - [ ] **P3.4** Add or verify rate limiting and abuse controls for public share, auth-facing, prompt, intake, and LLM-backed endpoints using shared platform patterns where available. Commit: