40 lines
1.7 KiB
Markdown
40 lines
1.7 KiB
Markdown
# Security rules
|
|
|
|
These rules are always active.
|
|
|
|
Codex MUST NOT:
|
|
|
|
- commit secrets, tokens, passwords, private keys, API keys, or real credentials;
|
|
- disable authentication, authorization, TLS verification, CSRF protection, input validation, or security checks unless explicitly requested and documented in an ADR;
|
|
- introduce privileged containers unless explicitly justified in an ADR;
|
|
- use `latest` container tags;
|
|
- add unnecessary open ports;
|
|
- log credentials, tokens, session IDs, cookies, authorization headers, or sensitive payloads;
|
|
- weaken file permissions without justification;
|
|
- introduce dependencies without explaining why they are needed;
|
|
- ignore security-sensitive errors;
|
|
- store secrets in plain YAML, JSON, TOML, dotenv, shell scripts, Dockerfiles, or documentation.
|
|
|
|
Codex MUST:
|
|
|
|
- prefer least privilege for users, containers, services, and filesystem permissions;
|
|
- prefer reproducible builds;
|
|
- treat CI/CD, Docker, Ansible, deployment, reverse proxy, and authentication files as security-sensitive;
|
|
- document security-relevant assumptions;
|
|
- flag unclear security requirements before implementing risky behavior;
|
|
- update `docs/security.md` when security behavior changes.
|
|
|
|
## Security-sensitive changes
|
|
|
|
The following changes require explicit attention and may require an ADR:
|
|
|
|
- authentication or authorization changes;
|
|
- network exposure changes;
|
|
- TLS/certificate behavior changes;
|
|
- Docker privilege, capabilities, users, volumes, or network changes;
|
|
- Ansible privilege escalation changes;
|
|
- logging changes involving user data or sensitive data;
|
|
- dependency additions;
|
|
- deployment topology changes;
|
|
- backup, restore, retention, or data deletion behavior changes.
|