rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61)
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61) Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
This commit was merged in pull request #61.
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
# Security Architecture — CapaKraken
|
||||
# Security Architecture — Nexus
|
||||
|
||||
> Version: 1.0 | Date: 2026-03-27
|
||||
|
||||
@@ -68,7 +68,7 @@ publicProcedure
|
||||
- The admin settings mutation no longer persists new secret values into `SystemSettings`; secret inputs must be provisioned through environment or a deployment-time secret manager, and legacy database copies can be cleared explicitly
|
||||
- The admin UI now exposes runtime secret source/status plus an explicit "clear legacy DB secrets" cleanup path so operators can complete the migration without direct database writes
|
||||
- Production startup now validates Auth.js runtime configuration and refuses to boot if `AUTH_SECRET`/`NEXTAUTH_SECRET` is missing, left on a known development placeholder, paired with a non-HTTPS public auth URL, shorter than 32 characters, or failing a Shannon-entropy check (≥ 3.5 bits/char)
|
||||
- User passwords: minimum 12 characters, maximum 128 characters; single `PASSWORD_MIN_LENGTH` / `PASSWORD_MAX_LENGTH` constant (`@capakraken/shared/constants`) is imported by every client-side pre-submit validator and server-side Zod schema — prevents client/server policy drift
|
||||
- User passwords: minimum 12 characters, maximum 128 characters; single `PASSWORD_MIN_LENGTH` / `PASSWORD_MAX_LENGTH` constant (`@nexus/shared/constants`) is imported by every client-side pre-submit validator and server-side Zod schema — prevents client/server policy drift
|
||||
|
||||
#### Secret rotation
|
||||
|
||||
@@ -223,7 +223,7 @@ cannot escalate to JS execution in this application.
|
||||
## 10. Dependency Security
|
||||
|
||||
- **Dependabot** configured for automated dependency updates
|
||||
- `pnpm audit` runs in the scheduled [nightly-security.yml](/home/hartmut/Documents/Copilot/capakraken/.github/workflows/nightly-security.yml) workflow, and high-signal architecture guardrails run on every PR in [ci.yml](/home/hartmut/Documents/Copilot/capakraken/.github/workflows/ci.yml)
|
||||
- `pnpm audit` runs in the scheduled [nightly-security.yml](/home/hartmut/Documents/Copilot/nexus/.github/workflows/nightly-security.yml) workflow, and high-signal architecture guardrails run on every PR in [ci.yml](/home/hartmut/Documents/Copilot/nexus/.github/workflows/ci.yml)
|
||||
- Lockfile integrity verified on install
|
||||
- transitive audit hotspots such as `flatted` and `picomatch` are pinned through root `pnpm.overrides` to keep dev-tooling CVEs from drifting back in through nested dependencies
|
||||
- runtime workbook parsing and export generation now use `exceljs` boundaries instead of direct `xlsx` usage in application, engine, and web paths
|
||||
@@ -246,7 +246,7 @@ Browser -> Next.js (port 3100) -> tRPC -> Prisma -> PostgreSQL (port 5433)
|
||||
|
||||
### Authentication and Access
|
||||
|
||||
- PostgreSQL uses password-based authentication (`capakraken` user with strong password)
|
||||
- PostgreSQL uses password-based authentication (`nexus` user with strong password)
|
||||
- Connection restricted to the Docker internal network (port 5433 on host, 5432 inside container)
|
||||
- No direct internet access to the database — all queries routed through Prisma ORM via the application layer
|
||||
- Application uses a single database user; no shared or anonymous access
|
||||
@@ -264,7 +264,7 @@ Browser -> Next.js (port 3100) -> tRPC -> Prisma -> PostgreSQL (port 5433)
|
||||
- `log_statement=ddl` — all DDL statements (CREATE, ALTER, DROP)
|
||||
- `log_min_duration_statement=1000` — slow queries (>1s) logged for performance review
|
||||
- `log_line_prefix='%t [%p] %u@%d '` — timestamp, PID, user, and database in every log line
|
||||
- **SUPERUSER removed** from the application database user (`capakraken`); hardening script at `scripts/harden-postgres.sh`
|
||||
- **SUPERUSER removed** from the application database user (`nexus`); hardening script at `scripts/harden-postgres.sh`
|
||||
- **Minimal privilege grants**: application user has only SELECT, INSERT, UPDATE, DELETE on tables and USAGE/SELECT on sequences — no CREATE, DROP, or SUPERUSER capabilities
|
||||
|
||||
### Recommendations for Further Production Hardening
|
||||
|
||||
Reference in New Issue
Block a user