# Brizzi HCE — Production Readiness (Langkah 1–6)

## 1) Hardening APDU & State Machine
- ✅ Structured APDU parser (`ApduParser`) sudah dipakai.
- ✅ Guard sesi/transaksi berbasis phase (`BrizziSession`).
- ✅ Validasi panjang APDU, timeout sesi, replay-duplicate, dan limit command-rate di service.

## 2) Command/Session Security (Sudah Dilakukan)
- ✅ Branching APDU terproteksi state (select → auth → command → commit/abort).
- ✅ Error SW dipisahkan untuk malformed, unsupported, rate-limit, dan security status.

## 3) Build & Obfuscation (Sudah Dilakukan)
- ✅ `release` tetap pakai R8 + shrink/resources.
- ✅ Baseline ProGuard rules untuk service/router/card classes.
- ✅ `debug` tetap non-minify agar troubleshooting.

## 4) Runtime & Platform Baseline (Baru)
- ✅ Tambah NFC permission di manifest.
- ✅ Nonaktifkan cleartext traffic (`usesCleartextTraffic=false`) + network security config.
- ✅ Tambah `FLAG_SECURE` di activity agar layar tidak bisa di-screen capture.

## 5) Monitoring & Incident Readiness (Wajib)
- Implement `audit log` terstruktur untuk event security (replay hit, rate-limit hit, auth fail).
- ✅ Menambahkan counter audit event di runtime:
  - `BrizziSecurityMetrics` menyimpan jumlah event keamanan dan command-response.
- Batasi log production ke metadata minimum (tanpa card data raw/APDU body).
- ✅ Export statistik sudah aktif:
  - success/fail command rate (`COMMAND_SUCCESS`, `COMMAND_FAIL`, `COMMAND_TOTAL`),
  - timeout/rate-limit/replay statistik terpisah,
  - incident threshold auto-alert (`COMMAND_RATE_LIMIT`, `REPLAY_DETECTED`, `APDU_PARSE_FAILED`, `AUTH_DENIED`, dll.).
- ✅ Incident report juga diekspor ke file lokal internal:
  - `security_metrics_report.txt` ditulis saat command selesai dan saat deactivation.

### Perintah cepat (opsional)
- Dump metrik (debug-only):
  - `adb shell am start -n com.korancrew.brizzi/.MainActivity -a com.korancrew.brizzi.ACTION_DUMP_METRICS`
- Reset metrik (debug-only):
  - `adb shell am start -n com.korancrew.brizzi/.MainActivity -a com.korancrew.brizzi.ACTION_RESET_METRICS`
- Catatan:
  - file log tambahan ada di:
    - `/data/data/com.korancrew.brizzi/files/security_metrics_report.txt` (dengan `run-as` pada debug)

## 6) Release Operations (Wajib)
- Siapkan signing config release dan keystore aman.
- Smoke test HCE end-to-end di device fisik:
  - select AID 1 & AID 3,
  - auth success/fail,
  - debit/credit + commit + abort,
  - update log/last transaction + commit,
  - replay/rate-limit handling.
- Lakukan QA dengan:
  - command invalid / malformed,
  - APDU burst,
  - NFC deactivation/reactivation,
  - timeout sesi.
- Pastikan Play Console/enterprise rollout memakai APK/AAB yang sudah ditandatangani.