Update release docs for M47: enforced CI gates, Go 1.25, mypy

- README: add M47 milestone, update CI evidence table (mypy,
  enforced vuln scanning, waiver mechanism)
- CONTRIBUTING: Go 1.25+, all 9 services, 399 Go + 718 Python tests,
  mypy/ruff instructions
- release-policy: enforced quality gates for stable/candidate,
  dependency enforcement column, waiver review in release prep
- security-status: add M47 row (CI enforcement hardening)
- support-lifecycle: Go 1.23→1.25

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: SecAI-Hub

CONTRIBUTING.md

@@ -7,7 +7,7 @@ how to set up your development environment, run tests, and submit changes.
 
 | Tool | Minimum Version | Purpose |
 |---|---|---|
-| Go | 1.22+ | Build Go services (registry, tool-firewall, airlock) |
+| Go | 1.25+ | Build Go services (9 services, see below) |
 | Python | 3.11+ | Build Python services (quarantine, UI, search mediator) |
 | shellcheck | Latest | Lint shell scripts |
 | git | 2.x | Version control |
@@ -30,9 +30,10 @@ cd SecAI_OS
 ### 2. Build Go Services
 
 ```bash
-cd services/registry   && go build ./... && cd ../..
-cd services/tool-firewall && go build ./... && cd ../..
-cd services/airlock    && go build ./... && cd ../..
+for svc in airlock registry tool-firewall gpu-integrity-watch mcp-firewall \
+           policy-engine runtime-attestor integrity-monitor incident-recorder; do
+  (cd "services/$svc" && go build ./...)
+done
 ```
 
 ### 3. Install Python Dependencies
@@ -54,39 +55,59 @@ shellcheck files/system/usr/libexec/secure-ai/*.sh
 
 ## Running Tests
 
-### Go Tests (26 tests)
+### Go Tests (399 tests across 9 services)
+
+```bash
+for svc in airlock registry tool-firewall gpu-integrity-watch mcp-firewall \
+           policy-engine runtime-attestor integrity-monitor incident-recorder; do
+  (cd "services/$svc" && go test -v -race ./...)
+done
+```
+
+### Python Tests (718 tests)
 
 ```bash
-cd services/registry      && go test ./... -v && cd ../..
-cd services/tool-firewall  && go test ./... -v && cd ../..
-cd services/airlock        && go test ./... -v && cd ../..
+pip install -r requirements-ci.txt
+PYTHONPATH=services python -m pytest tests/ -v
 ```
 
-### Python Tests (595+ tests)
+### Type Checking (mypy)
 
 ```bash
-pytest tests/ -v
+pip install -r requirements-ci.txt
+mypy --ignore-missing-imports \
+  services/common/ services/agent/agent/ \
+  services/quarantine/quarantine/ services/ui/ui/
 ```
 
 ### Shell Linting
 
 ```bash
-shellcheck files/system/usr/libexec/secure-ai/*.sh
+shellcheck files/system/usr/libexec/secure-ai/*.sh files/scripts/*.sh
 ```
 
 ### Run Everything
 
 ```bash
-# Go
-for svc in registry tool-firewall airlock; do
-  (cd "services/$svc" && go test ./... -v)
+# Go (9 services, 399 tests)
+for svc in airlock registry tool-firewall gpu-integrity-watch mcp-firewall \
+           policy-engine runtime-attestor integrity-monitor incident-recorder; do
+  (cd "services/$svc" && go test -v -race ./...)
 done
 
-# Python
-pytest tests/ -v
+# Python (718 tests)
+PYTHONPATH=services python -m pytest tests/ -v
+
+# Type check
+mypy --ignore-missing-imports \
+  services/common/ services/agent/agent/ \
+  services/quarantine/quarantine/ services/ui/ui/
+
+# Lint
+ruff check services/ tests/ --select E,F,W --ignore E501,E402
 
 # Shell
-shellcheck files/system/usr/libexec/secure-ai/*.sh
+shellcheck files/system/usr/libexec/secure-ai/*.sh files/scripts/*.sh
 ```
 
 ## Coding Standards

README.md

@@ -156,7 +156,7 @@ Every model passes through the same fully automatic pipeline:
 | **Updates** | Cosign-verified rpm-ostree, staged workflow, greenboot auto-rollback |
 | **Supply Chain** | Per-service CycloneDX SBOMs, SLSA3 provenance attestation, cosign-signed checksums |
 
-See [docs/threat-model.md](docs/threat-model.md) for threat classes, residual risks, and security invariants. See [docs/security-status.md](docs/security-status.md) for implementation status of all 46 milestones.
+See [docs/threat-model.md](docs/threat-model.md) for threat classes, residual risks, and security invariants. See [docs/security-status.md](docs/security-status.md) for implementation status of all 47 milestones.
 
 ### Verify Image Signatures
 
@@ -219,11 +219,11 @@ All CI jobs are defined in [`.github/workflows/ci.yml`](.github/workflows/ci.yml
 | Job | Workflow Link | What It Proves |
 |-----|--------------|---------------|
 | `go-build-and-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 399 Go tests across 9 services with `-race` (build, test, vet) |
-| `python-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 718 Python tests split into unit/integration + adversarial/acceptance, ruff lint, bandit security scan |
+| `python-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 718 Python tests (unit/integration + adversarial/acceptance), ruff lint, bandit security scan (enforced on HIGH/HIGH), mypy type checking |
 | `security-regression` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Adversarial test suite: prompt injection, policy bypass, containment, recovery |
 | `supply-chain-verify` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | SBOM generation via Syft, cosign availability, provenance keywords in release/build workflows |
 | `test-count-check` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Prevents documented test counts from drifting below actual (source of truth: [test-counts.json](docs/test-counts.json)) |
-| `dependency-audit` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Go vulnerability scanning (govulncheck) + Python dependency audit (pip-audit) |
+| `dependency-audit` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Enforced Go vulnerability scanning (govulncheck) + Python dependency audit (pip-audit) with [waiver mechanism](.github/vuln-waivers.json) |
 | `shellcheck` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Static analysis of all shell scripts (first-boot, build, verify-release, etc.) |
 | `policy-validate` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | YAML schema validation for all policy and recipe files |
 | `check-pins` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Verifies all GitHub Actions are pinned to specific commit SHAs (not tags) |
@@ -239,7 +239,7 @@ All CI jobs are defined in [`.github/workflows/ci.yml`](.github/workflows/ci.yml
 | [Threat Model](docs/threat-model.md) | Threat classes, invariants, residual risks |
 | [API Reference](docs/api.md) | HTTP API for all services |
 | [Policy Schema](docs/policy-schema.md) | Full policy.yaml schema reference |
-| [Security Status](docs/security-status.md) | Implementation status of all 46 milestones |
+| [Security Status](docs/security-status.md) | Implementation status of all 47 milestones |
 | [Test Matrix](docs/test-matrix.md) | Test coverage: 1,117 tests across Go and Python (see [test-counts.json](docs/test-counts.json)) |
 | [Compatibility Matrix](docs/compatibility-matrix.md) | GPU, VM, and hardware support |
 | [Security Test Matrix](docs/security-test-matrix.md) | Security feature test coverage |
@@ -376,7 +376,7 @@ See [docs/test-matrix.md](docs/test-matrix.md) for full breakdown.
 ## Roadmap
 
 <details>
-<summary>All 46 project milestones (click to expand)</summary>
+<summary>All 47 project milestones (click to expand)</summary>
 
 - [x] **Milestone 0** -- Threat model, dataflow, invariants, policy files
 - [x] **Milestone 1** -- Bootable OS, encrypted vault, GPU drivers
@@ -425,6 +425,7 @@ See [docs/test-matrix.md](docs/test-matrix.md) for full breakdown.
 - [x] **Milestone 44** -- Auditability and documentation hardening: test-count drift CI check, CI evidence links and badges, M4/M5 terminology disambiguation, audit quick-path doc, recovery runbook, verify-release script, security/product roadmap split
 - [x] **Milestone 45** -- Production readiness hardening: incident persistence (file-backed), graceful shutdown for all Go services, HTTP timeouts, systemd production hardening, first-boot validation, audit log rotation, CI vulnerability scanning, production operations guide
 - [x] **Milestone 46** -- Operational maturity: bootstrap trust gap fix (cosign verify before rebase), CI runs on all changes (removed paths-ignore for .md), Python quality gates (ruff + bandit + split test suites), docs-validation CI job, production-readiness checklist, SLOs, release channel policy, support lifecycle, sample verification output
+- [x] **Milestone 47** -- CI enforcement hardening: enforced vulnerability scanning (govulncheck + pip-audit + bandit fail on HIGH/HIGH) with waiver mechanism, mypy type checking for security-sensitive services, pinned reproducible Python CI dependencies, Go 1.23→1.25 (12 stdlib CVE fixes), verification-first bootstrap docs
 
 </details>
 

docs/release-policy.md

@@ -29,7 +29,7 @@ vMAJOR.MINOR.PATCH
 - **Tag format:** `v1.2.3`
 - **Image tag:** `ghcr.io/secai-hub/secai_os:latest`, `ghcr.io/secai-hub/secai_os:v1.2.3`
 - **Cadence:** As needed (security patches within 72 hours, features monthly)
-- **Quality gate:** Full [production-readiness checklist](production-readiness-checklist.md) must pass
+- **Quality gate:** Full [production-readiness checklist](production-readiness-checklist.md) must pass; all CI jobs green including enforced vulnerability scanning and mypy type checks
 - **Supply chain:** Cosign-signed, SBOM-attested, SLSA3 provenance
 - **Rollback:** Automatic via Greenboot; manual via `rpm-ostree rollback`
 
@@ -40,7 +40,7 @@ This is the only channel recommended for production use.
 - **Tag format:** `v1.2.3-rc.1`
 - **Image tag:** `ghcr.io/secai-hub/secai_os:candidate`
 - **Cadence:** Before each stable release
-- **Quality gate:** CI must pass; first-boot-check must pass; manual smoke testing required
+- **Quality gate:** CI must pass (including enforced govulncheck, pip-audit, bandit, mypy); first-boot-check must pass; manual smoke testing required
 - **Purpose:** Final validation before stable promotion
 - **Not for production use**
 
@@ -63,9 +63,12 @@ This is the only channel recommended for production use.
 # Ensure main is clean
 git checkout main && git pull
 
-# Verify CI is green
+# Verify CI is green (all 18 jobs must pass, including enforced vulnerability scans)
 gh run list --workflow=ci.yml --limit=1
 
+# Check for unexpired vulnerability waivers that may need review
+cat .github/vuln-waivers.json
+
 # Update version references (if any hardcoded)
 # Update CHANGELOG.md with release notes
 ```
@@ -156,14 +159,16 @@ Security patches are always released as patch versions (e.g., v1.2.3 → v1.2.4)
 
 ## Dependency Update Policy
 
-| Dependency Type | Update Frequency | Breaking Changes |
-|----------------|-----------------|------------------|
-| Go standard library | With Go version updates (semi-annual) | Major version only |
-| Go third-party | Monthly or on CVE | Patch/minor: auto; major: manual review |
-| Python packages | Monthly or on CVE | Pin to compatible ranges |
-| System packages (rpm-ostree) | With Fedora rebases | Follow Fedora release cycle |
-| GitHub Actions | Via Dependabot (auto-PR) | Review + CI must pass |
-| Container base image | With Fedora Atomic updates | Follow uBlue release cycle |
+| Dependency Type | Update Frequency | Breaking Changes | Enforcement |
+|----------------|-----------------|------------------|-------------|
+| Go standard library | With Go version updates (semi-annual) | Major version only | govulncheck fails CI on unwaived vulns |
+| Go third-party | Monthly or on CVE | Patch/minor: auto; major: manual review | govulncheck fails CI on unwaived vulns |
+| Python packages | Monthly or on CVE | Pinned in `requirements-ci.txt` | pip-audit fails CI on unwaived vulns |
+| System packages (rpm-ostree) | With Fedora rebases | Follow Fedora release cycle | -- |
+| GitHub Actions | Via Dependabot (auto-PR) | Review + CI must pass | check-pins verifies SHA pinning |
+| Container base image | With Fedora Atomic updates | Follow uBlue release cycle | cosign signature verification |
+
+Vulnerability waivers for reviewed/accepted findings are tracked in [`.github/vuln-waivers.json`](../.github/vuln-waivers.json) with mandatory expiry dates. Expired waivers automatically re-fail CI.
 
 ---
 

docs/security-status.md

@@ -1,6 +1,6 @@
 # Security Implementation Status
 
-This document is split into two sections. The first section covers **Security Assurance Controls** -- all implemented milestones (M0 through M46) that satisfy the M5 security assurance acceptance criteria. Every control listed there is complete and tested. The second section is the **Product Feature Roadmap**, which tracks planned product capabilities (Agent Mode Phases 2 and 3). These are product enhancements, not security assurance requirements; the M5 security posture is fully met without them.
+This document is split into two sections. The first section covers **Security Assurance Controls** -- all implemented milestones (M0 through M47) that satisfy the M5 security assurance acceptance criteria. Every control listed there is complete and tested. The second section is the **Product Feature Roadmap**, which tracks planned product capabilities (Agent Mode Phases 2 and 3). These are product enhancements, not security assurance requirements; the M5 security posture is fully met without them.
 
 Last updated: 2026-03-14
 
@@ -59,6 +59,7 @@ All M5 security assurance criteria are met. The controls below have been impleme
 | Auditability and documentation hardening | Implemented | M44 | Test-count drift CI check with single source of truth (docs/test-counts.json), CI evidence links and GitHub Actions badges in README, M4/M5 terminology disambiguation (project milestones vs M5 security assurance level), operator verification column in M5 control matrix, external audit quick-path doc, recovery runbook with concrete curl commands, verify-release.sh auditor script, sample release bundle doc, security-status split into assurance controls vs product roadmap |
 | Production readiness hardening | Implemented | M45 | Incident recorder file-backed persistence (survives restarts), graceful shutdown (SIGTERM/SIGINT with connection draining) for all 9 Go services, HTTP server timeouts for mcp-firewall and gpu-integrity-watch, systemd production hardening (TimeoutStartSec, TimeoutStopSec, StartLimitInterval, StartLimitBurst) for all 12 daemon units, first-boot health validation script, audit log rotation via logrotate, CI dependency vulnerability scanning (govulncheck + pip-audit), production operations guide (upgrade, key rotation, capacity limits, monitoring) |
 | Operational maturity | Implemented | M46 | Bootstrap trust gap fix (cosign verify before unverified rebase, documented trust gap rationale), CI runs on all changes (removed blanket paths-ignore for .md files), Python quality gates (ruff lint + bandit security scan + split test suites into unit/integration and adversarial/acceptance), docs-validation CI job (broken link detection, required docs check, test-counts.json validation), production-readiness checklist (formal release gate), SLOs (availability/latency/correctness targets + alerting thresholds), release channel policy (stable/candidate/dev + versioning + upgrade paths + security patch SLA), support lifecycle (hardware matrix, driver versions, support windows, deprecation policy, scope boundaries), CI evidence table with all 10 job descriptions and workflow links, sample verification output for verify-release.sh |
+| CI enforcement hardening | Implemented | M47 | Enforced vulnerability scanning: bandit fails CI on HIGH-severity/HIGH-confidence findings, govulncheck fails on unwaived Go vulns, pip-audit fails on unwaived Python vulns. Waiver mechanism (`.github/vuln-waivers.json`) with mandatory expiry dates for reviewed/accepted findings. mypy type checking gate for security-sensitive services (common, agent, quarantine, ui). Pinned reproducible Python CI dependencies (`requirements-ci.txt`). Go 1.23→1.25 upgrade fixing 12 stdlib CVEs (crypto/tls, crypto/x509, encoding/asn1, net/url, os). Flask 3.1.1→3.1.3 (GHSA-68rp-wp8r-4726). Verification-first bootstrap documentation (signed rebase as default quickstart, unverified bootstrap moved to labeled recovery section). |
 
 ---
 

docs/support-lifecycle.md

@@ -68,7 +68,7 @@ Last updated: 2026-03-14
 
 | Component | Version | Pinned | Notes |
 |-----------|---------|--------|-------|
-| Go (services) | 1.23 | Yes (go.mod) | 9 Go services |
+| Go (services) | 1.25 | Yes (go.mod) | 9 Go services |
 | Python | 3.12 | Yes (Fedora 42 default) | 6 Python services |
 | llama.cpp | Latest stable | Via build | LLM inference engine |
 | Flask | 3.x | Via pip | Web UI framework |