Upload routes need reports, statements and ledgers. Read-only connector routes reject trading permission, withdrawal permission and broker-login password storage.
Your trading history is private evidence, not a public score feed.
TradeGospel is designed as a post-trade intelligence system. The browser uploads evidence and shows authorised report payloads; the protected TRS engine, scoring contracts and ownership checks stay server-side.
Files, hashes, reports, account context and improvement cycles are tied to the user account and account container. Public display requires a separate future authorisation flow.
Authenticated sessions use server-side records, HttpOnly cookies and CSRF protection for sensitive write and delete actions.
Accounts, evidence packages, reports, repair cycles, sessions and audit rows are checked against the authenticated owner.
Uploads are constrained by size and extension, hashed with SHA-256 and checked for duplicate package submission.
Evidence and report artifacts are stored outside the public website. Production can use private S3 or R2-compatible object storage.
The frontend does not calculate protected scoring internals or diagnosis precedence. It renders authorised report payloads.
Authentication, analysis submission, account actions and security-sensitive operations emit audit records for review.
Upload boundary
Client-side file checks improve the experience, but they are not the security boundary. The backend validates allowed file extensions and sizes, stores files outside the public website, records hashes and checks account ownership before analysis.
Production must add MIME inspection, archive-bomb protection, malware scanning and document quarantine before unrestricted public uploads.
Read-only broker connections
Broker connector routes are designed for read-only account snapshots: account state, positions, orders, margin, contract specifications and transport health. They do not place orders and do not request withdrawal access.
- Allowed scopes are limited to read-only account data where a connector exists.
- Blocked scopes include trading, withdrawals and broker login password storage.
- Account match is required before connector data joins an account container.
- Connectors are not report-authoritative until route certification allows that use.
Protected documents
Document passwords for protected PDFs are intended to exist only in the processing request and worker memory. They must not be logged, stored with the evidence, returned in error payloads or reused for broker access.
TradeGospel may need a document password for a locked statement. It does not need the password that signs into your broker account.
Required production integrations
This package contains the application security foundation, but several production controls must be operational before unrestricted launch.
- Malware and document-sandbox scanning before parsing.
- Email verification, password recovery, MFA or passkeys and recovery codes.
- Durable job queue, dead-letter handling and operational alerting.
- Centralised secrets management, backup encryption and restoration testing.
- Independent penetration testing and secure-code review.
- Published retention, deletion and incident notification schedules.
Incident response and disclosure
Before broad public launch, TradeGospel must publish incident owners, severity process, user-notification criteria, forensic-retention rules and a public service-status process.
Security reports should be sent to [email protected] once that mailbox is actively monitored. Researchers must not access, retain or disclose another user's evidence.
