allan-gar2x

HYDRA-013 — WebSocket URL Exposure + Emergency-Login Architecture

Issue: #7704
Severity: LOW (P3) · Category: Information Disclosure
Date: 2026-04-13
Related PR (merged): #7708 — acute risks mitigated
Closed by: #7700 (WebSocket URL portion)

---

allan-gar2x

HYDRA-008 / HYDRA-013 — Implementation Plan & Security Review

Issues: #7700 · #7704
Severity: MEDIUM (P2) · Category: Information Disclosure
Date: 2026-04-13

---

Vulnerability Summary

allan-gar2x

AWS Cost Investigation — April 10, 2026

Triggered by: AWS Budget Notification — "$90/day All Accounts Budget" Account: 806877424398 (MilliononMars management) Budget: $2,700.00/month | Alert threshold: $2,295.00 (85%) | Actual (Apr 1–9): $2,480.72 Investigated: April 10, 2026 at ~12:30 PM

---

Bottom Line Up Front

allan-gar2x

OWASP ZAP Workflow Failure Analysis — MillionOnMars/lumina5

Workflow: website-owasp-zap.yml (zap-website-scan job) Analysis Date: 2026-04-06 (updated 2026-04-07) Runs Analyzed: 24071373481 (most recent, 2026-04-07), 23993183349 (Sunday 2026-04-05 scheduled), 23992526959 (2026-04-05 manual), 23699538988 (2026-03-29 manual)

---

Summary

allan-gar2x

AWS SES Sending Limit Increase — Additional Information

Hello,

Thank you for the follow-up. We're happy to provide full detail on our use case.

---

About Our Product

allan-gar2x

Starlight Practice — AWS SES Implementation Plan

Context

We're building the messaging feature — appointment reminders, billing notices, wellness check notifications, and patient onboarding emails. We need AWS SES configured before the dev team can wire it into the backend.

• Environments: Staging + Production
• AWS Region: us-east-2 (same as existing infra)

allan-gar2x

Starlight Practice — AWS SES Full Implementation Plan

Context

Building the messaging feature — appointment reminders, billing notices, wellness check notifications, and patient onboarding emails. AWS SES must be configured before the dev team can wire it into the backend.

• Environments: Staging (dev) + Production
• AWS Region: us-east-2

allan-gar2x

Deployment Order

Step 1 — Apply prod (starlightpractice.com is root domain, apply first)

cd accounts/starlightpractice-prod
tofu init
tofu plan
tofu apply

allan-gar2x

WAF CloudWatch Logs Insights — Caching Strategy & Cost Analysis

Project: lumina5 / bike4mind
Date: 2026-03-31
Branch: feat(secops)/waf-updates-cloudwatch

---

Current Architecture (No Server-Side Cache)

allan-gar2x

Profile Security Dashboard — Tab-Based Layout Implementation Plan

For agentic workers: REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (- [ ]) syntax for tracking.

Goal: Replace the single-pane SecuritySummaryContent.tsx with a full tab-based layout — Overview + 6 category tabs — matching the Admin Security Dashboard's visual structure.

Architecture: SecurityTabLayout.tsx owns activeTab local state and renders a TabList + lazy TabPanels. SecurityOverviewTab assembles existing hook data into the overview layout. Six focused tab components handle individual categories. All new components use Sheet (not Card), theme.palette.security.* tokens, and theme.palette.mode (never useColorScheme).

Tech Stack: React, MUI Joy (Tabs, TabList, TabPanel, Sheet, Chip, Stack, Typography), @mui/icons-material, @tanstack/react-query, Vitest + React T