Gan, Jimmy ddaf3c6cee security: Sprint 00 — critical security fixes (OPC WS auth, Transmission creds, SECRET_KEY, passkey rate limit)
- Add JWT token auth to OPC WebSocket (unauthenticated → 403, per-user tracking)
- Externalize Transmission RPC credentials to TRANSMISSION_USER/PASS env vars
- Remove hardcoded SECRET_KEY fallback from dev compose
- Rate-limit passkey register options endpoint at 5/minute
- Add PDD (docs/improvement-plan.md) and sprint specs (specs/)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 13:31:25 +08:00
2026-03-30 12:33:37 +08:00
2026-03-30 11:26:56 +08:00
S
Description
No description provided
Readme 4.2 MiB
Languages
Python 58.2%
Svelte 32.2%
JavaScript 5.6%
Shell 3.3%
Dockerfile 0.3%
Other 0.3%