WB-R-1 — Operator denies tenant CRUD actions performed via admin API
Component: Wallet Backend. Mitigations: Admin API on separate port with bearer token; no action-level audit log. Action: Emit structured audit log for all admin API mutations
| Property | Value |
|---|---|
| Section | Repudiation |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUDIT-01 | Structured Security Event Logging |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md