diff --git a/hermes-sovereign/security/security_pr_checklist.yml b/hermes-sovereign/security/security_pr_checklist.yml new file mode 100644 index 00000000..29ee9d15 --- /dev/null +++ b/hermes-sovereign/security/security_pr_checklist.yml @@ -0,0 +1,99 @@ +name: "🔒 Security PR Checklist" +description: "Use this when your PR touches authentication, file I/O, external API calls, or other sensitive paths." +title: "[Security Review]: " +labels: ["security", "needs-review"] +body: + - type: markdown + attributes: + value: | + ## Security Pre-Merge Review + Complete this checklist before requesting review on PRs that touch **authentication, file I/O, external API calls, or secrets handling**. + + - type: input + id: pr-link + attributes: + label: Pull Request + description: Link to the PR being reviewed + placeholder: "https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/pulls/XXX" + validations: + required: true + + - type: dropdown + id: change-type + attributes: + label: Change Category + description: What kind of sensitive change does this PR make? + multiple: true + options: + - Authentication / Authorization + - File I/O (read/write/delete) + - External API calls (outbound HTTP/network) + - Secret / credential handling + - Command execution (subprocess/shell) + - Dependency addition or update + - Configuration changes + - CI/CD pipeline changes + validations: + required: true + + - type: checkboxes + id: secrets-checklist + attributes: + label: Secrets & Credentials + options: + - label: No secrets, API keys, or credentials are hardcoded + required: true + - label: All sensitive values are loaded from environment variables or a secrets manager + required: true + - label: Test fixtures use fake/placeholder values, not real credentials + required: true + + - type: checkboxes + id: input-validation-checklist + attributes: + label: Input Validation + options: + - label: All external input (user, API, file) is validated before use + required: true + - label: File paths are validated against path traversal (`../`, null bytes, absolute paths) + - label: URLs are validated for SSRF (blocked private/metadata IPs) + - label: Shell commands do not use `shell=True` with user-controlled input + + - type: checkboxes + id: auth-checklist + attributes: + label: Authentication & Authorization (if applicable) + options: + - label: Authentication tokens are not logged or exposed in error messages + - label: Authorization checks happen server-side, not just client-side + - label: Session tokens are properly scoped and have expiry + + - type: checkboxes + id: supply-chain-checklist + attributes: + label: Supply Chain + options: + - label: New dependencies are pinned to a specific version range + - label: Dependencies come from trusted sources (PyPI, npm, official repos) + - label: No `.pth` files or install hooks that execute arbitrary code + - label: "`pip-audit` passes (no known CVEs in added dependencies)" + + - type: textarea + id: threat-model + attributes: + label: Threat Model Notes + description: | + Briefly describe the attack surface this change introduces or modifies, and how it is mitigated. + placeholder: | + This PR adds a new outbound HTTP call to the OpenRouter API. + Mitigation: URL is hardcoded (no user input), response is parsed with strict schema validation. + + - type: textarea + id: testing + attributes: + label: Security Testing Done + description: What security testing did you perform? + placeholder: | + - Ran validate_security.py — all checks pass + - Tested path traversal attempts manually + - Verified no secrets in git diff