Add security audit, recommendations, and issue analysis#738
Open
joshpainter wants to merge 8 commits intoxch-dev:mainfrom
Open
Add security audit, recommendations, and issue analysis#738joshpainter wants to merge 8 commits intoxch-dev:mainfrom
joshpainter wants to merge 8 commits intoxch-dev:mainfrom
Conversation
Four documents from a comprehensive codebase review: - CLAUDE.md: Project reference with architecture, key paths, and patterns - AUDIT.md: Security audit with 3 critical, 3 high, 5 medium findings - RECOMMENDATIONS.md: UI maintainability and project improvement suggestions - ISSUES.md: All 10 open issues with code-level analysis and implementation tasks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update AUDIT.md, CLAUDE.md, and RECOMMENDATIONS.md to properly assess security findings against a trusted-device threat model. Native desktop/mobile wallets rely on OS-level protection, consistent with Chia GUI, Electrum, and MetaMask. Former "critical" findings reclassified as design observations or defense-in-depth items. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Keychain empty password: note optional user password is a planned feature (not just an enhancement suggestion) - SQLite unencrypted: reframe as "by design" — stores public blockchain data, not secrets. Neither reference wallet nor Goby encrypts theirs. - Remove SQLCipher recommendation from audit summary table - Update CLAUDE.md and RECOMMENDATIONS.md for consistency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added detailed summaries and implementation tasks for the remaining 24 issues (xch-dev#565, xch-dev#397, xch-dev#390, xch-dev#381, xch-dev#327, xch-dev#296, xch-dev#281, xch-dev#279, xch-dev#252, xch-dev#251, xch-dev#270, xch-dev#278, xch-dev#206, xch-dev#628, xch-dev#626, xch-dev#619, xch-dev#618, xch-dev#617, xch-dev#612, xch-dev#587, xch-dev#198, xch-dev#131, xch-dev#119, xch-dev#7). Updated the priority matrix to cover all 34 issues. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sections 2.1 and 2.2 marked as implemented with links to PR xch-dev#739, which adds 170 frontend tests and 98 Rust tests. Updated summary matrix and strategic recommendations accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Issues xch-dev#691, xch-dev#390, xch-dev#726, xch-dev#723 are now addressed in the bugfixes-p1 branch (PR xch-dev#740). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split batched PR xch-dev#740 into per-issue PRs: - xch-dev#691 → PR xch-dev#741 - xch-dev#390 → PR xch-dev#742 - xch-dev#726 → PR xch-dev#743 - xch-dev#723 → PR xch-dev#744 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document 1-PR-per-issue policy, branch naming conventions, and fork workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
🤖 Generated with Claude Code