6a6c04d34b
- Update all submodule URLs from gitea.centraal.wbd-rd.nl to gitea.wbd-rd.nl - Add settler as proper submodule in .gitmodules - Add agent skills, function anchors, decisions, and improvements - Add Docker configuration and scripts - Add manuals and third_party docs - Update .gitignore with secrets and build artifacts - Remove stale .tgz build artifact Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
57 lines
2.3 KiB
Markdown
57 lines
2.3 KiB
Markdown
---
|
|
name: evolv-ot-it-security
|
|
description: Perform OT/IT security analysis for EVOLV Node-RED automation systems. Use when reviewing admin endpoints, node input handling, configuration exposure, dependency risk, network/data flow boundaries, and secure-by-default behavior for operational technology integrations.
|
|
---
|
|
|
|
# EVOLV OT/IT Security
|
|
|
|
## Mission
|
|
Identify and reduce security risk while preserving operational reliability for process automation workloads.
|
|
|
|
## Harness Execution Contract
|
|
- Model trust boundaries first (admin HTTP, message ingress, external integrations).
|
|
- Define security invariants before edits:
|
|
- secure defaults stay secure unless explicitly approved
|
|
- no sensitive leakage in logs/UI/errors
|
|
- malformed control inputs are rejected predictably
|
|
- Support findings with reproducible evidence and concrete remediation steps.
|
|
|
|
## Scope
|
|
- Node-RED admin endpoints in node entry files
|
|
- Input validation across `msg.topic` and payload paths
|
|
- Exposure of sensitive config/secrets in code, logs, or UI
|
|
- Dependency and supply-chain concerns in node packages
|
|
|
|
## Security Workflow
|
|
1. Enumerate attack surface:
|
|
- HTTP admin routes
|
|
- message ingress topics/payloads
|
|
- external service interfaces
|
|
2. Validate input sanitization and type checks.
|
|
3. Check least-privilege assumptions and secret handling.
|
|
4. Evaluate failure modes for denial-of-service or unsafe operation.
|
|
5. Recommend pragmatic controls with minimal operational friction.
|
|
|
|
## Control Priorities
|
|
- Reject malformed or unauthorized control messages.
|
|
- Avoid leaking credentials, asset identifiers, or internal topology.
|
|
- Keep defaults safe; require explicit opt-in for risky behavior.
|
|
- Preserve auditability of critical control actions.
|
|
|
|
## Validation Expectations
|
|
- Add negative tests for malformed inputs and unauthorized paths.
|
|
- Confirm error paths are explicit and non-sensitive.
|
|
- Document residual risk when controls are deferred.
|
|
|
|
## Deliverables
|
|
Return:
|
|
- findings sorted by severity
|
|
- concrete remediation plan by file
|
|
- tests added for security regressions
|
|
- residual risks and compensating controls
|
|
|
|
Decision interview triggers:
|
|
- any change that relaxes authentication/authorization checks
|
|
- exposure of new admin routes or integration interfaces
|
|
- security control deferrals that require compensating controls
|