Commit Graph

2 Commits

Author SHA1 Message Date
davide 50d8e7f21a docs(security): disclose AI-assisted testing methodology
Documents the concrete techniques used (adversarial fake-server simulation
of a lying indexing server, property-based fuzzing, targeted security code
review) rather than a generic "AI-reviewed" claim, and states explicitly
that this complements rather than replaces independent security review.
2026-07-02 23:38:25 +02:00
davide a8d48bedad docs: add SECURITY.md with threat model and SPV trust assumptions
Covers: what the wallet protects against (AES-GCM at rest, Merkle SPV
verification, TLS TOFU pinning) and what it does not (compromised OS,
eclipse attacks, traffic analysis). Documents key/seed management,
encryption parameters, TLS pinning behaviour, backup guidance, and
known v1 limitations (no Tor, no coin control, no hardware wallet).
2026-06-13 21:15:41 +02:00