Migrate to new Gitea instance (gitea.wbd-rd.nl)
- Update all submodule URLs from gitea.centraal.wbd-rd.nl to gitea.wbd-rd.nl - Add settler as proper submodule in .gitmodules - Add agent skills, function anchors, decisions, and improvements - Add Docker configuration and scripts - Add manuals and third_party docs - Update .gitignore with secrets and build artifacts - Remove stale .tgz build artifact Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
znetsixe
@@ -8,6 +8,14 @@ description: Perform OT/IT security analysis for EVOLV Node-RED automation syste
|
||||
## Mission
|
||||
Identify and reduce security risk while preserving operational reliability for process automation workloads.
|
||||
|
||||
## Harness Execution Contract
|
||||
- Model trust boundaries first (admin HTTP, message ingress, external integrations).
|
||||
- Define security invariants before edits:
|
||||
- secure defaults stay secure unless explicitly approved
|
||||
- no sensitive leakage in logs/UI/errors
|
||||
- malformed control inputs are rejected predictably
|
||||
- Support findings with reproducible evidence and concrete remediation steps.
|
||||
|
||||
## Scope
|
||||
- Node-RED admin endpoints in node entry files
|
||||
- Input validation across `msg.topic` and payload paths
|
||||
@@ -41,3 +49,8 @@ Return:
|
||||
- concrete remediation plan by file
|
||||
- tests added for security regressions
|
||||
- residual risks and compensating controls
|
||||
|
||||
Decision interview triggers:
|
||||
- any change that relaxes authentication/authorization checks
|
||||
- exposure of new admin routes or integration interfaces
|
||||
- security control deferrals that require compensating controls
|
||||
|
||||
Reference in New Issue
Block a user