Scope
Post-implementation audit of multi-user E2EE fitness SaaS on ThinkCentre. Fill after code and isolation tests land. Pre-build controls: SAAS-Lifebot/security-design.
Status
Draft — pending implementation evidence.
Checklist (to complete)
- [ ] Two-user isolation tests green (A cannot read B)
- [ ]
psqlondaily_metrics.sealed_payloadshows non-readable ciphertext - [ ]
/api/statsNetwork tab: no plaintext values before client decrypt - [ ] Ingest with wrong key → 401; right key only owner’s rows grow
- [ ] Vault wrong password cannot unlock
- [ ] Delete user A leaves B intact
- [ ] Export only contains A for user A
- [ ] Logs during ingest: no body/metric samples
- [ ] Postgres not listening on
0.0.0.0 - [ ] Friend URL is HTTPS or Tailscale only
- [ ] LUKS active on data volume
- [ ] Backups encrypted
- [ ] Consent blocks chat/seed when missing
- [ ]
APP_SECRETcannot decrypt sealed health in unit test
Findings
None yet — complete after Phase 8.
Related
Compiled from
wiki/projects/SAAS-Lifebot/security-review.md · git is the source of truth