Add attack surface audit artifacts

- Add advisory, entrypoint, and candidate scan outputs
- Capture dependency intelligence and cross-service attack surface notes

piolium/attack-surface/variant-summary.md

@@ -0,0 +1,17 @@
+# Phase 12 Variant Summary
+
+Variant analysis reviewed surviving findings in `piolium/findings-draft/` and searched code/attack-surface artifacts for sibling sources, sinks, and flow shapes. `piolium/attack-pattern-registry.json` was not present, so no registry update could be made.
+
+## Confirmed variants
+
+1. `piolium/findings-draft/p12-001-unauthenticated-nats-market-event-injection.md` — expands the confirmed unauthenticated `flow.news` producer-impersonation flaw to the other trusted market/derived NATS subjects consumed by API, compute, and candles.
+2. `piolium/findings-draft/p12-002-candles-jetstream-redelivery-duplicates-derived-candles.md` — same JetStream side-effects-before-ack idempotency gap as compute, present in the candles worker.
+
+## Searches performed
+
+- HTML injection/XSS: only `apps/web/app/terminal.tsx` uses `dangerouslySetInnerHTML` and the regex sanitizer pattern.
+- Admin proxy: only `apps/web/app/api/admin/synthetic/*` injects a server bearer token into public Next route proxying.
+- WebSocket auth/origin: unauthenticated upgrade pattern is centralized in `services/api/src/index.ts`; no additional WS servers found.
+- NATS producer trust: API consumer binding matrix and worker subscriptions show additional subjects accepting schema-only messages from the unauthenticated broker.
+- JetStream redelivery/idempotency: candles worker matches the compute side-effect-before-ack shape.
+- Infrastructure exposure: root compose exposure finding remains centralized to root `docker-compose.yml`; production compose does not publish infra ports directly in the same way.