stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
8318b26370abf84ed42548da4cee8f0567d08dee
git.stella-ops.org/docs/notifications/security/webhook-ack-hardening.md
StellaOps Bot f214edff82 feat: Add Storybook configuration and motion tokens implementation 
- Introduced Storybook configuration files (`main.ts`, `preview.ts`, `tsconfig.json`) for Angular components.
- Created motion tokens in `motion-tokens.ts` to define durations, easing functions, and transforms.
- Developed a Storybook story for motion tokens showcasing their usage and reduced motion fallback.
- Added SCSS variables for motion durations, easing, and transforms in `_motion.scss`.
- Implemented accessibility smoke tests using Playwright and Axe for automated accessibility checks.
- Created portable and sealed bundle structures with corresponding JSON files for evidence locker.
- Added shell script for verifying notify kit determinism.
2025-12-04 21:36:06 +02:00

444 B
Raw Blame History

Webhook and ack security (NR6)

  • Webhooks must use HMAC-SHA256 with per-tenant rotating secrets or mTLS/DPoP. hmac_id maps to secret material.
  • Ack URLs carry signed tokens (nonce, audience, tenant_id, delivery_id, expires_at) and are single-use. Reject replay or expired tokens.
  • Enforce allowlists for domains and paths per tenant; deny wildcards.
  • Capture failures in observability pipeline and DLQ with redrive after investigation.