Add v3 backend/core hardening review document

[weroperking]

Motivation

• Provide a backend-first security and reliability hardening baseline for Betterbase focused on packages/server runtime/auth boundaries, migration safety, container/runtime defaults, and operational protections.
• Capture prioritized findings, severity, and actionable remediation steps so maintainers can triage P0/P1 items that materially reduce compromise risk.
• Supply an "AI reviewer operating manual" and reviewer blueprint to ensure consistent follow-up reviews and implementation work.

Description

• Add a new document docs/core/hardening-review-v3.md containing scope, plan, acceptance criteria, a findings list (F-01 through F-05) with file-level evidence, remediation recommendations, and a closure checklist.
• Include detailed issues: missing rate-limiting on admin/device endpoints (F-01), API key scopes stored but not enforced (F-02), reflected HTML interpolation in device verification page (F-03), non-transactional migration execution (F-04), and insecure local Docker defaults (F-05).
• Provide an AI reviewer operating manual, review blueprint by domain, severity rubric, and an implementation priority roadmap with prioritized fixes and follow-up PR guidance.
• Document acceptance gates and reviewer handoff format to make remediation PRs measurable and verifiable.

Testing

• No automated tests were run for this documentation-only change.
• This change is docs-only and does not alter runtime code paths or require unit/integration tests; CI doc linters may run depending on repository configuration.

---

Codex Task

Summary by CodeRabbit

• Documentation
  • Added comprehensive security hardening review documentation including identified findings, recommended fixes, implementation priorities, and a framework for future security audits.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0afc2217-418e-49c0-adcb-8a91ac271fc2

📥 Commits

Reviewing files that changed from the base of the PR and between 6051622 and f6decd8.

📒 Files selected for processing (1)

• docs/core/hardening-review-v3.md

---

Walkthrough

Adds comprehensive hardening review documentation for Betterbase backend/core, detailing security review scope, methodology, five findings across authentication, authorization, and infrastructure domains, with recommended fixes and implementation prioritization.

Changes

Cohort / File(s)	Summary
Hardening Review Documentation docs/core/hardening-review-v3.md	New security review artifact documenting findings in admin/device auth flows, API key enforcement, HTML injection risk, migration transactional safety, and Docker defaults; includes severity classifications, recommended remediations, closure gates, and backend audit framework.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/create-branch-for-back-end-code-review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}