P0: Wire full connection architecture and close audit-readiness blockers

[GCagent]

Operator Update

Connect the full NoblePort revenue/control architecture and prioritize the audit blockers from the 2026-02-23 optimization report.

Target Flow

Stephanie.ai Avatar Intake -> FastAPI Intake API -> Postgres source of truth -> Proposal Engine -> Stripe deposit link -> Stripe webhook -> Deposit verified -> Schedule lock -> GCagent work order -> PermitStream/AWO/Invoice -> append-only audit log -> Warboard dashboard

Non-negotiable Rules

• No deposit -> no schedule
• No audit log -> no action
• Postgres is source of truth
• NoblePort Construction LLC is contracting entity on construction contracts
• Permit uncertainty -> HOLD / AHJ verification required
• Regulated investor/token communications -> human approval required

P0 Implementation Scope

1. Deploy/verify PostgreSQL persistence layer and backup strategy.
2. Add append-only audit_log with hash chain.
3. Add Stripe deposit webhook and payment verification path.
4. Enforce schedule_lock only after deposit_verified=true.
5. Add API rate limiting and request validation.
6. Replace deprecated crypto methods in audit integration with AES-256-GCM / createCipheriv.
7. Add retry/error handling for IPFS/Arweave/blockchain anchoring.
8. Add dashboard endpoints for revenue, risk, and audit state.

Source Report Findings

Optimization report lists overall system health at 78/100 and deliverables completion at 76.7%, but audit readiness only 64.75/100. Critical blockers include missing primary database deployment, missing connection pooling/backups, no rate limiting, no caching strategy, deprecated crypto methods, incomplete error handling, and missing audit/compliance documentation.

Acceptance Criteria

• /health returns OK.
• /ready verifies DB, Redis, Stripe config, and audit logger.
• Smoke test proves blocked_before_deposit=true, deposit_recorded=true, schedule_locked=true.
• Every state transition emits audit_log row with prev_hash and this_hash.
• Schedule write fails when no verified deposit exists.
• P0 crypto replacement covered by unit test.
• OpenAPI docs generated.

Labels

P0, audit-readiness, revenue-lock, stripe, postgres, security

[GCagent]

Update: Replit will manage Stripe secrets/keys through its Secrets/Environment system. Keep the application key-agnostic and do not hardcode any Stripe credentials.

Revised Stripe handling

• Read STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, and optional STRIPE_PRICE_ID / deposit config from environment only.
• /ready should verify required Stripe env names exist, but must never print values.
• Local .env.example should contain placeholders only.
• Replit Deployment Secrets become the source for live keys.
• Stripe webhook endpoint remains /webhooks/stripe.
• Deposit verification still writes to Postgres and audit_log before unlocking schedule.

Non-negotiable remains

Replit handles key custody, but NoblePort app still enforces:

• No verified Stripe deposit event -> no schedule lock.
• No audit_log write -> no state change.
• No exposed secrets in logs, OpenAPI examples, test output, or dashboard.