SecAI-Hub
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 6 additions & 2 deletions b/‎.github/workflows/build.yml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 43 additions & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 43 additions & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 10 additions & 0 deletions b/‎.gitignore‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 4 additions & 2 deletions b/‎README.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎docs/production-operations.md‎
Lines changed: 158 additions & 0 deletions b/‎docs/production-operations.md‎
Lines changed: 158 additions & 0 deletions
diff --git a/‎docs/security-status.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/security-status.md‎
Lines changed: 1 addition & 0 deletions
@@ -37,11 +37,15 @@ jobs:
           pr_event_number: ${{ github.event.number }}
           maximize_build_space: true
 
+      - name: Set lowercase image ref
+        if: github.event_name != 'pull_request'
+        run: echo "IMAGE_REF=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV"
+
       - name: Generate SBOM
         if: github.event_name != 'pull_request'
         uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
         with:
-          image: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
+          image: ${{ env.IMAGE_REF }}
           format: cyclonedx-json
           output-file: sbom.cdx.json
 
@@ -51,6 +55,6 @@ jobs:
           cosign attest --type cyclonedx \
             --predicate sbom.cdx.json \
             --key env://COSIGN_PRIVATE_KEY \
-            ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
+            "$IMAGE_REF"
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
@@ -94,7 +94,9 @@ jobs:
           shellcheck -s bash \
             files/system/usr/libexec/secure-ai/*.sh \
             files/scripts/build-services.sh \
-            files/scripts/generate-mok.sh
+            files/scripts/generate-mok.sh \
+            files/scripts/first-boot-check.sh \
+            files/scripts/verify-release.sh
 
   policy-validate:
     name: Validate YAML configs
@@ -258,3 +260,43 @@ jobs:
 
       - name: Check test counts for drift
         run: bash .github/scripts/check-test-counts.sh
+
+  dependency-audit:
+    name: Dependency Vulnerability Audit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: "1.23"
+
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: "3.12"
+
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Go vulnerability scan
+        run: |
+          echo "=== Go Dependency Vulnerability Scan ==="
+          VULN_ERRORS=0
+          for svc in airlock registry tool-firewall gpu-integrity-watch mcp-firewall \
+                     policy-engine runtime-attestor integrity-monitor incident-recorder; do
+            echo "--- ${svc} ---"
+            cd "services/${svc}"
+            govulncheck ./... || VULN_ERRORS=$((VULN_ERRORS + 1))
+            cd ../..
+          done
+          if [ $VULN_ERRORS -gt 0 ]; then
+            echo "WARNING: $VULN_ERRORS service(s) have known vulnerabilities"
+          fi
+
+      - name: Python dependency audit
+        run: |
+          pip install pip-audit pyyaml flask requests
+          echo "=== Python Dependency Audit ==="
+          pip-audit --strict --desc || echo "WARNING: Python dependencies have known vulnerabilities"
@@ -7,6 +7,16 @@ cosign.private
 
 # Go
 services/*/vendor/
+# Compiled Go binaries (match service directory name)
+services/airlock/airlock
+services/registry/registry
+services/tool-firewall/tool-firewall
+services/gpu-integrity-watch/gpu-integrity-watch
+services/mcp-firewall/mcp-firewall
+services/policy-engine/policy-engine
+services/runtime-attestor/runtime-attestor
+services/integrity-monitor/integrity-monitor
+services/incident-recorder/incident-recorder
 
 # Python
 __pycache__/
 
@@ -151,7 +151,7 @@ Every model passes through the same fully automatic pipeline:
 | **Updates** | Cosign-verified rpm-ostree, staged workflow, greenboot auto-rollback |
 | **Supply Chain** | Per-service CycloneDX SBOMs, SLSA3 provenance attestation, cosign-signed checksums |
 
-See [docs/threat-model.md](docs/threat-model.md) for threat classes, residual risks, and security invariants. See [docs/security-status.md](docs/security-status.md) for implementation status of all 44 milestones.
+See [docs/threat-model.md](docs/threat-model.md) for threat classes, residual risks, and security invariants. See [docs/security-status.md](docs/security-status.md) for implementation status of all 45 milestones.
 
 ### Verify Image Signatures
 
@@ -229,7 +229,7 @@ Each CI job produces specific security evidence:
 | [Threat Model](docs/threat-model.md) | Threat classes, invariants, residual risks |
 | [API Reference](docs/api.md) | HTTP API for all services |
 | [Policy Schema](docs/policy-schema.md) | Full policy.yaml schema reference |
-| [Security Status](docs/security-status.md) | Implementation status of all 44 milestones |
+| [Security Status](docs/security-status.md) | Implementation status of all 45 milestones |
 | [Test Matrix](docs/test-matrix.md) | Test coverage: 1,117 tests across Go and Python (see [test-counts.json](docs/test-counts.json)) |
 | [Compatibility Matrix](docs/compatibility-matrix.md) | GPU, VM, and hardware support |
 | [Security Test Matrix](docs/security-test-matrix.md) | Security feature test coverage |
@@ -258,6 +258,7 @@ Each CI job produces specific security evidence:
 | [Audit Quick Path](docs/audit-quick-path.md) | External auditor step-by-step verification guide |
 | [Recovery Runbook](docs/recovery-runbook.md) | Operator procedures for degradation, containment, and recovery |
 | [Sample Release Bundle](docs/sample-release-bundle.md) | Release artifact structure and verification commands |
+| [Production Operations](docs/production-operations.md) | First-boot checks, upgrades, key rotation, monitoring, capacity |
 
 ### Install Guides
 
@@ -408,6 +409,7 @@ See [docs/test-matrix.md](docs/test-matrix.md) for full breakdown.
 - [x] **Milestone 42** -- Enforcement wiring + CI supply chain verification
 - [x] **Milestone 43** -- Stronger isolation: sandbox tightening, adversarial tests, CI security regression, MCP isolation, recovery ceremonies, M5 acceptance suite
 - [x] **Milestone 44** -- Auditability and documentation hardening: test-count drift CI check, CI evidence links and badges, M4/M5 terminology disambiguation, audit quick-path doc, recovery runbook, verify-release script, security/product roadmap split
+- [x] **Milestone 45** -- Production readiness hardening: incident persistence (file-backed), graceful shutdown for all Go services, HTTP timeouts, systemd production hardening, first-boot validation, audit log rotation, CI vulnerability scanning, production operations guide
 
 </details>
 
 
@@ -0,0 +1,158 @@
+# Production Operations Guide
+
+## First Boot
+
+After imaging and booting the appliance for the first time:
+
+```bash
+sudo /usr/libexec/secure-ai/first-boot-check.sh
+```
+
+This validates:
+- All core services are running
+- Health endpoints respond
+- Attestation state is verified
+- Integrity monitor baseline is established
+- No open incidents
+- Service token is present
+- No services exposed on public interfaces
+
+## Upgrade Procedure
+
+1. **Pre-upgrade snapshot** (if supported by hardware):
+   ```bash
+   rpm-ostree status              # Record current deployment
+   sudo cp /var/lib/secure-ai/data/incidents.jsonl /tmp/incidents-backup.jsonl
+   ```
+
+2. **Pull update**:
+   ```bash
+   rpm-ostree upgrade
+   ```
+
+3. **Reboot and verify**:
+   ```bash
+   sudo systemctl reboot
+   # After reboot:
+   sudo /usr/libexec/secure-ai/first-boot-check.sh
+   ```
+
+4. **Rollback if needed**:
+   ```bash
+   rpm-ostree rollback
+   sudo systemctl reboot
+   ```
+
+## Log Rotation
+
+Audit logs are rotated automatically via `/etc/logrotate.d/secure-ai`:
+- **Audit JSONL** (`/var/lib/secure-ai/logs/*.jsonl`): daily, 30 days retained, max 50MB per file
+- **Incident store** (`/var/lib/secure-ai/data/*.jsonl`): weekly, 12 weeks retained, max 100MB
+
+To manually trigger rotation:
+```bash
+sudo logrotate -f /etc/logrotate.d/secure-ai
+```
+
+## Key Rotation
+
+### Service Token
+
+The inter-service bearer token at `/run/secure-ai/service-token`:
+
+1. Generate new token:
+   ```bash
+   openssl rand -hex 32 > /tmp/new-token
+   ```
+
+2. Replace atomically:
+   ```bash
+   sudo mv /tmp/new-token /run/secure-ai/service-token
+   sudo chmod 0640 /run/secure-ai/service-token
+   ```
+
+3. Restart all services (they read token at startup):
+   ```bash
+   sudo systemctl restart secure-ai-*.service
+   ```
+
+### HMAC Signing Key (Attestation Bundles)
+
+1. Generate new key:
+   ```bash
+   openssl rand 32 > /tmp/new-hmac-key
+   ```
+
+2. Replace and restart attestor:
+   ```bash
+   sudo mv /tmp/new-hmac-key /run/secure-ai/attestation-hmac-key
+   sudo chmod 0640 /run/secure-ai/attestation-hmac-key
+   sudo systemctl restart secure-ai-runtime-attestor
+   ```
+
+### Cosign Signing Key (Image & Release)
+
+Rotate via the GitHub repository secrets. Update `SIGNING_SECRET` in repository settings, then trigger a new build.
+
+## Monitoring
+
+### Service Health
+
+All services expose `/health` on their localhost ports:
+
+| Service | Port | Endpoint |
+|---------|------|----------|
+| Policy Engine | 8500 | `/health` |
+| Registry | 8470 | `/health` |
+| Tool Firewall | 8475 | `/health` |
+| Runtime Attestor | 8505 | `/health` |
+| Integrity Monitor | 8510 | `/health` |
+| Incident Recorder | 8515 | `/health` |
+| MCP Firewall | 8496 | `/health` |
+| GPU Integrity Watch | 8495 | `/health` |
+
+### Incident Dashboard
+
+```bash
+# Open incidents
+curl -s http://127.0.0.1:8515/api/v1/stats | python3 -m json.tool
+
+# Attestation state
+curl -s http://127.0.0.1:8505/api/v1/verify | python3 -m json.tool
+
+# Integrity status
+curl -s http://127.0.0.1:8510/api/v1/status | python3 -m json.tool
+```
+
+### Journal Logs
+
+```bash
+# All Secure AI services
+journalctl -u 'secure-ai-*' --since "1 hour ago"
+
+# Specific service
+journalctl -u secure-ai-incident-recorder -f
+
+# Security events only
+journalctl -u 'secure-ai-*' -g 'FAIL\|DENIED\|degraded\|violation' --since today
+```
+
+## Capacity Limits
+
+| Resource | Service | Default Limit | Notes |
+|----------|---------|---------------|-------|
+| Memory | Agent | 512MB | Increase for large context windows |
+| Memory | Registry | 128MB | Scales with model count |
+| Memory | Policy Engine | 128MB | Scales with rule count |
+| CPU | Agent | 50% | Primary workload |
+| CPU | GPU Integrity | 15% | Background monitoring |
+| Incidents | Recorder | 1000 max | Oldest trimmed; persisted to disk |
+| Models | Registry | Unlimited | Bounded by vault size |
+
+## Graceful Shutdown
+
+All Go services handle SIGTERM for clean shutdown:
+- In-flight HTTP requests complete (up to 10s drain)
+- Incident recorder flushes persistence file
+- Audit log files are closed cleanly
+- systemd `TimeoutStopSec=15` enforces hard deadline
@@ -57,6 +57,7 @@ All M5 security assurance criteria are met. The controls below have been impleme
 | Enforcement wiring + CI supply chain verification | Implemented | M42 | Integrity monitor -> incident recorder reporting, runtime attestor -> incident recorder reporting, incident recorder -> containment action execution (freeze agent, disable airlock, force vault relock, quarantine model), CI SBOM generation verification via Syft, cosign availability check, release workflow provenance validation |
 | Stronger isolation (M5 hardening) | Implemented | M43 | Per-service sandbox tightening (device cgroups, resource limits, namespace isolation), agent execution compartmentalization (step signatures, subprocess isolation, per-step capability re-validation), workspace hard walls (symlink/hardlink/FD-reuse detection), model worker isolation profiles, formal adversarial test suite (prompt injection, policy bypass, containment, GPU tamper), CI security regression gate, MCP-specific isolation (trust tier enforcement, per-tool profiles, session binding, dynamic registration denial), recovery ceremony (ack + re-attestation), latched degraded states, severity escalation rules, forensic bundle export (signed), M5 control matrix doc, supply chain provenance doc, M5 acceptance suite (30 tests) |
 | Auditability and documentation hardening | Implemented | M44 | Test-count drift CI check with single source of truth (docs/test-counts.json), CI evidence links and GitHub Actions badges in README, M4/M5 terminology disambiguation (project milestones vs M5 security assurance level), operator verification column in M5 control matrix, external audit quick-path doc, recovery runbook with concrete curl commands, verify-release.sh auditor script, sample release bundle doc, security-status split into assurance controls vs product roadmap |
+| Production readiness hardening | Implemented | M45 | Incident recorder file-backed persistence (survives restarts), graceful shutdown (SIGTERM/SIGINT with connection draining) for all 9 Go services, HTTP server timeouts for mcp-firewall and gpu-integrity-watch, systemd production hardening (TimeoutStartSec, TimeoutStopSec, StartLimitInterval, StartLimitBurst) for all 12 daemon units, first-boot health validation script, audit log rotation via logrotate, CI dependency vulnerability scanning (govulncheck + pip-audit), production operations guide (upgrade, key rotation, capacity limits, monitoring) |
 
 ---