Harden local runtime safety and error handling
This commit is contained in:
Mikhail Chusavitin
@@ -25,6 +25,7 @@ QuoteForge is currently a **single-user thick client** bound to `localhost`.
|
||||
- The local HTTP/UI layer is not treated as a multi-user security boundary.
|
||||
- RBAC is not part of the active product contract for the local client.
|
||||
- The authoritative authentication boundary is the remote sync server and its DB credentials captured during setup.
|
||||
- Runtime startup must reject non-loopback `server.host` values; remote bind is not a supported deployment mode.
|
||||
- If the app is ever exposed beyond `localhost`, auth/RBAC must be reintroduced as an enforced perimeter before release.
|
||||
|
||||
### Price Freshness Indicators
|
||||
|
||||
Reference in New Issue
Block a user