Security center

Your trading history is private evidence, not a public score feed.

TradeGospel is designed as a post-trade intelligence system. The browser uploads evidence and shows authorised report payloads; the protected TRS engine, scoring contracts and ownership checks stay server-side.

Post-trade only No order placement. No withdrawal access.

Upload routes need reports, statements and ledgers. Read-only connector routes reject trading permission, withdrawal permission and broker-login password storage.

Private by default Uploaded evidence is account-scoped.

Files, hashes, reports, account context and improvement cycles are tied to the user account and account container. Public display requires a separate future authorisation flow.

AuthenticationSession and CSRF controls

Authenticated sessions use server-side records, HttpOnly cookies and CSRF protection for sensitive write and delete actions.

OwnershipUser-scoped evidence access

Accounts, evidence packages, reports, repair cycles, sessions and audit rows are checked against the authenticated owner.

EvidenceHashes and duplicate detection

Uploads are constrained by size and extension, hashed with SHA-256 and checked for duplicate package submission.

StoragePrivate object storage path

Evidence and report artifacts are stored outside the public website. Production can use private S3 or R2-compatible object storage.

ReportsServer-side engine boundary

The frontend does not calculate protected scoring internals or diagnosis precedence. It renders authorised report payloads.

AuditImportant events are recorded

Authentication, analysis submission, account actions and security-sensitive operations emit audit records for review.

Upload boundary

Client-side file checks improve the experience, but they are not the security boundary. The backend validates allowed file extensions and sizes, stores files outside the public website, records hashes and checks account ownership before analysis.

Public scale requires quarantine.

Production must add MIME inspection, archive-bomb protection, malware scanning and document quarantine before unrestricted public uploads.

Read-only broker connections

Broker connector routes are designed for read-only account snapshots: account state, positions, orders, margin, contract specifications and transport health. They do not place orders and do not request withdrawal access.

  • Allowed scopes are limited to read-only account data where a connector exists.
  • Blocked scopes include trading, withdrawals and broker login password storage.
  • Account match is required before connector data joins an account container.
  • Connectors are not report-authoritative until route certification allows that use.

Protected documents

Document passwords for protected PDFs are intended to exist only in the processing request and worker memory. They must not be logged, stored with the evidence, returned in error payloads or reused for broker access.

Never send broker-login credentials.

TradeGospel may need a document password for a locked statement. It does not need the password that signs into your broker account.

Required production integrations

This package contains the application security foundation, but several production controls must be operational before unrestricted launch.

  • Malware and document-sandbox scanning before parsing.
  • Email verification, password recovery, MFA or passkeys and recovery codes.
  • Durable job queue, dead-letter handling and operational alerting.
  • Centralised secrets management, backup encryption and restoration testing.
  • Independent penetration testing and secure-code review.
  • Published retention, deletion and incident notification schedules.

Incident response and disclosure

Before broad public launch, TradeGospel must publish incident owners, severity process, user-notification criteria, forensic-retention rules and a public service-status process.

Security reports should be sent to [email protected] once that mailbox is actively monitored. Researchers must not access, retain or disclose another user's evidence.