Adds ROADMAP.md — a prioritised, checkbox-driven security hardening plan for the FastAPI + PostgreSQL service. #62
Description
Adds ROADMAP.md — a prioritised, checkbox-driven security hardening plan for the FastAPI + PostgreSQL service.
What's in the roadmap
| Priority | Theme | Key items |
|---|---|---|
| 1 – Critical | Auth, rate-limiting, SQL safety | API-key/JWT middleware; slowapi rate limits; replace dynamic f-string SQL; validate/sanitise email HTML |
| 2 – High | Secrets, headers, error handling | Move secrets to a vault; add security response headers; narrow CORS; suppress stack traces from API responses; disable /docs in prod |
| 3 – Medium | Deps, logging, DB hardening | Pinned lockfile + pip-audit in CI; structured JSON logging; least-privilege DB user; SSL on Postgres; protect/remove admin endpoints |
| 4 – Low / Ongoing | CI/CD, API design, process | CodeQL/Bandit; Dependabot; branch protection; API versioning; quarterly secret rotation runbook |
48 actionable items total, each tracked with a checkbox so progress is visible at a glance.
No production code is changed in this PR — it is documentation only.