Phil Skentelbery
e589f5bd6c
This commit resolves all documentation issues identified in the comprehensive review: CRITICAL FIXES: - Renumbered duplicate ADRs to eliminate conflicts: * ADR-022-migration-race-condition-fix → ADR-037 * ADR-022-syndication-formats → ADR-038 * ADR-023-microformats2-compliance → ADR-040 * ADR-027-versioning-strategy-for-authorization-removal → ADR-042 * ADR-030-CORRECTED-indieauth-endpoint-discovery → ADR-043 * ADR-031-endpoint-discovery-implementation → ADR-044 - Updated all cross-references to renumbered ADRs in: * docs/projectplan/ROADMAP.md * docs/reports/v1.0.0-rc.5-migration-race-condition-implementation.md * docs/reports/2025-11-24-endpoint-discovery-analysis.md * docs/decisions/ADR-043-CORRECTED-indieauth-endpoint-discovery.md * docs/decisions/ADR-044-endpoint-discovery-implementation.md - Updated README.md version from 1.0.0 to 1.1.0 - Tracked ADR-021-indieauth-provider-strategy.md in git DOCUMENTATION IMPROVEMENTS: - Created comprehensive INDEX.md files for all docs/ subdirectories: * docs/architecture/INDEX.md (28 documents indexed) * docs/decisions/INDEX.md (55 ADRs indexed with topical grouping) * docs/design/INDEX.md (phase plans and feature designs) * docs/standards/INDEX.md (9 standards with compliance checklist) * docs/reports/INDEX.md (57 implementation reports) * docs/deployment/INDEX.md (deployment guides) * docs/examples/INDEX.md (code samples and usage patterns) * docs/migration/INDEX.md (version migration guides) * docs/releases/INDEX.md (release documentation) * docs/reviews/INDEX.md (architectural reviews) * docs/security/INDEX.md (security documentation) - Updated CLAUDE.md with complete folder descriptions including: * docs/migration/ * docs/releases/ * docs/security/ VERIFICATION: - All ADR numbers now sequential and unique (50 total ADRs) - No duplicate ADR numbers remain - All cross-references updated and verified - Documentation structure consistent and well-organized These changes improve documentation discoverability, maintainability, and ensure proper version tracking. All index files follow consistent format with clear navigation guidance. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
52 lines
1.4 KiB
Markdown
52 lines
1.4 KiB
Markdown
# Security Documentation Index
|
|
|
|
This directory contains security-related documentation, vulnerability analyses, and security best practices.
|
|
|
|
## Security Guides
|
|
|
|
- **[indieauth-endpoint-discovery-security.md](indieauth-endpoint-discovery-security.md)** - Security considerations for IndieAuth endpoint discovery
|
|
|
|
## Security Topics
|
|
|
|
### Authentication & Authorization
|
|
- IndieAuth security
|
|
- Token management
|
|
- Session security
|
|
|
|
### Data Protection
|
|
- Secure storage
|
|
- Encryption
|
|
- Data privacy
|
|
|
|
### Network Security
|
|
- HTTPS enforcement
|
|
- Endpoint validation
|
|
- CSRF protection
|
|
|
|
## Security Principles
|
|
|
|
StarPunk follows these security principles:
|
|
- **Secure by Default**: Security is enabled by default
|
|
- **Minimal Attack Surface**: Fewer features mean fewer vulnerabilities
|
|
- **Defense in Depth**: Multiple layers of security
|
|
- **Fail Closed**: Deny access when uncertain
|
|
- **Principle of Least Privilege**: Minimal permissions by default
|
|
|
|
## Reporting Security Issues
|
|
|
|
If you discover a security vulnerability:
|
|
1. **Do NOT** create a public issue
|
|
2. Email security details to project maintainer
|
|
3. Allow time for patch before disclosure
|
|
4. Coordinated disclosure benefits everyone
|
|
|
|
## Related Documentation
|
|
- **[../decisions/](../decisions/)** - Security-related ADRs
|
|
- **[../standards/](../standards/)** - Security coding standards
|
|
- **[../architecture/](../architecture/)** - Security architecture
|
|
|
|
---
|
|
|
|
**Last Updated**: 2025-11-25
|
|
**Maintained By**: Documentation Manager Agent
|