web/docs/security-hardening-checklist.md

# Security Hardening Checklist (Membership Flow)

## Wallet Intent and Signature

1. Enforce strict nonce uniqueness.
2. Enforce intent TTL.
3. Enforce origin allowlist.
4. Verify chain ID against allowlist.
5. Reject malformed or oversized signatures.
6. Reject replayed `intent_id`.

## Quote and Confirm

1. Use quote TTL and one-time confirmation semantics.
2. Bind quote to wallet and designation.
3. Confirm tx amount, currency, and contract destination exactly.
4. Confirm tx success status and finality threshold.
5. Idempotent confirm handling by `tx_hash` + `quote_id`.

## API Controls

1. Rate limits on intent, verify, quote, confirm, notify.
2. Request size limits.
3. Structured error responses without sensitive internals.
4. Correlation ID logging for all transitions.

## Data Integrity

1. Append-only audit records for state transitions.
2. Immutable receipt hash generation.
3. Versioned policy hash persistence with each quote and purchase.

## Operational Safety

1. Fail closed on RPC/node uncertainty.
2. Multi-RPC fallback with deterministic selection policy.
3. Emergency pause path for mint/checkout.
4. Key rotation runbook for issuer and system keys.