feat: detect DB vs on-chain balance drift in reconciliation closes(#229)

[itzabdoull]

Closes #229

---

Security Changes

Type of Security Change

• SAST rule update
• Dependency vulnerability fix
• Exemption addition/renewal
• Security workflow modification
• Container image update
• Other: _______________

Vulnerability Details (if applicable)

CVE/Advisory ID:

• CVE-ID:
• GHSA-ID:

Affected Package:

• Name:
• Version:
• Severity: [ ] Critical [ ] High [ ] Medium [ ] Low

Fix Applied:

• Package version bump
• Code change to mitigate
• Configuration update
• Exemption granted (see below)

Exemption Request (if applicable)

Exemption ID: EXEMPT-___

Justification:

Mitigation Applied:

Expiry Date: YYYY-MM-DD (max 90 days from now)

Review Plan:

Testing

• Ran npm audit locally - output attached or no new vulnerabilities
• Security workflow passes on this branch
• Test suite passes: npm test
• Build succeeds: npm run build

Security Impact Analysis

Affected Components:

• Authentication/Authorization
• Payment processing
• Data encryption
• API endpoints
• Dependencies
• Container images
• CI/CD pipeline
• Other: _______________

Risk Assessment:

Documentation Updates

• Updated README.md (if workflow changed)
• Updated SECURITY-CI-SETUP.md (if process changed)
• Updated security-exemptions.json (if applicable)
• Added security notes to code comments

Checklist

• No secrets or keys committed
• No PII or sensitive data in logs
• All security scans pass (or exemptions documented)
• Branch protection requirements met
• Code review from security team (for critical changes)

Additional Notes

Test Output

# Paste npm test output here
npm test

# Paste npm audit output here (if relevant)
npm audit

[drips-wave]

@itzabdoull Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits