28 lines
1.5 KiB
JSON
28 lines
1.5 KiB
JSON
{
|
|
"phase": 1,
|
|
"phaseLabel": "Build MVP — Fix remaining HIGH security issues",
|
|
"status": "high-security-issues-open",
|
|
"product": "DocFast — HTML/Markdown to PDF API",
|
|
"currentPriority": "Fix ALL remaining HIGH security issues. These ARE launch blockers per investor. 1) Container runs as root — add non-root user in Dockerfile. 2) Unlimited free signup abuse — add per-IP rate limiting on signup endpoint. 3) CORS wildcard on auth routes — restrict to docfast.dev origin only. 4) In-memory usage tracking resets on restart — persist to disk/volume. Fix all, deploy, QA verify. Do NOT move to Phase 2 until all resolved.",
|
|
"infrastructure": {
|
|
"domain": "docfast.dev",
|
|
"url": "https://docfast.dev",
|
|
"server": "docfast-1 (CAX11, nbg1)",
|
|
"serverIP": "167.235.156.214",
|
|
"sshKey": "/home/openclaw/.ssh/docfast"
|
|
},
|
|
"credentials": {
|
|
"file": "/home/openclaw/.openclaw/workspace/.credentials/docfast.env",
|
|
"keys": ["HETZNER_API_TOKEN", "STRIPE_SECRET_KEY"],
|
|
"NEVER_READ_DIRECTLY": true
|
|
},
|
|
"team": {
|
|
"structure": "CEO + specialist sub-agents",
|
|
"ceo": "Plans, delegates, reviews. Does NOT code. Only one who makes financial decisions.",
|
|
"specialists": ["Backend Developer", "UI/UX Developer", "QA Tester", "Security Expert", "Marketing Agent"],
|
|
"workflow": "CEO spawns specialists → specialists do work → CEO spawns QA → QA verifies → CEO reviews"
|
|
},
|
|
"blockers": [],
|
|
"startDate": "2026-02-14",
|
|
"sessionCount": 17
|
|
}
|