@elnora-ai/linear 1.0.0 → 1.1.0

package/templates/OPS-DAT-data-mod.md

@@ -0,0 +1,98 @@
+# OPS-DAT: Production Data Modification
+
+## Quick Reference
+- **SLA:** 1-2 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Data Modifications
+
+## Required Labels
+- `Type: bug`
+- `Flag: security`
+- `Layer: backend`
+
+## Issue Template
+```markdown
+## Production Data Modification Request
+
+**Request ID:** OPS-DAT-YYYY-XXX
+**Request Date:** [YYYY-MM-DD]
+**Requestor:** [Name]
+**Urgency:** [Emergency / Standard]
+
+## Modification Details
+- **Database:** [Production database name]
+- **Table(s):** [Affected tables]
+- **Record Count:** [Estimated number of records affected]
+- **Modification Type:** [UPDATE / DELETE / INSERT / Correction]
+
+## Business Justification
+[Explain why this modification is needed and why it cannot be done through the application]
+
+## Data Description
+**Records to be modified:**
+[Describe the specific records - criteria for selection]
+
+**Current State:**
+[What the data looks like now]
+
+**Desired State:**
+[What the data should look like after modification]
+
+## Pre-Modification Checklist
+- [ ] Recent backup verified (within last [X] hours)
+- [ ] Query tested on development database
+- [ ] Peer review completed
+- [ ] Rollback plan prepared
+
+## SQL Query
+```sql
+-- VERIFICATION: Check records before modification
+SELECT [columns]
+FROM [table]
+WHERE [conditions];
+
+-- Expected affected rows: [X]
+
+-- MODIFICATION (within transaction)
+BEGIN TRANSACTION;
+
+UPDATE/DELETE [table]
+SET [columns] = [values]
+WHERE [conditions];
+
+-- Verify changes
+SELECT [columns]
+FROM [table]
+WHERE [conditions];
+
+-- If correct: COMMIT;
+-- If incorrect: ROLLBACK;
+```
+
+## Rollback Plan
+```sql
+-- Rollback query if needed
+[Reverse operation SQL]
+```
+
+## Approvals
+- [ ] Peer review by: _________________ Date: _______
+- [ ] CTO approval: _________________ Date: _______ (required)
+- [ ] Data owner notification: _________________ Date: _______
+
+## Execution Log
+- **Executed by:** [Name]
+- **Execution time:** [YYYY-MM-DD HH:MM]
+- **Records affected:** [Actual count]
+- **Transaction status:** [COMMITTED / ROLLED BACK]
+
+## Verification
+- [ ] Post-modification query run
+- [ ] Results match expected outcome
+- [ ] Application functionality verified
+- [ ] No unintended side effects
+
+## Documentation
+- [ ] Change logged
+- [ ] Audit trail preserved
+```

package/templates/RCA-DOC-root-cause.md

@@ -0,0 +1,105 @@
+# RCA-DOC: Root Cause Analysis
+
+## Quick Reference
+- **SLA:** 3-20 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Root Cause Analysis
+
+## Timeline by Severity
+| Severity | RCA Deadline |
+|----------|--------------|
+| Sev 0 | 3 business days |
+| Sev 1 | 5 business days |
+| Sev 2 | 10 business days |
+| Sev 3 | 20 business days |
+
+## Required Labels
+- `Type: research`
+- `Flag: security` (if security incident)
+- `Flag: compliance`
+- `Layer: [affected area]`
+
+## Issue Template
+```markdown
+## Root Cause Analysis
+
+**RCA ID:** RCA-YYYY-XXX
+**Incident Reference:** [Link to incident ticket]
+**Incident Date:** [YYYY-MM-DD]
+**RCA Completion Deadline:** [YYYY-MM-DD]
+
+## Executive Summary
+[2-3 sentence summary of incident and root cause]
+
+## Incident Summary
+- **Incident Type:** [Type]
+- **Severity:** [Sev 0-3]
+- **Duration:** [X hours Y minutes]
+- **Impact:** [Summary of impact]
+
+## Timeline Reconstruction
+| Time | Event | Source |
+|------|-------|--------|
+| | | |
+
+## Problem Statement
+[Clear statement of what went wrong]
+
+## Root Cause Analysis
+
+### 5 Whys Analysis
+1. Why did [immediate cause] happen?
+   - Because [reason 1]
+2. Why did [reason 1] happen?
+   - Because [reason 2]
+3. Why did [reason 2] happen?
+   - Because [reason 3]
+4. Why did [reason 3] happen?
+   - Because [reason 4]
+5. Why did [reason 4] happen?
+   - Because [ROOT CAUSE]
+
+### Root Cause
+[Statement of the fundamental root cause]
+
+### Contributing Factors
+1. [Factor 1]
+2. [Factor 2]
+3. [Factor 3]
+
+## What Went Well
+- [Positive 1]
+- [Positive 2]
+
+## What Could Be Improved
+- [Improvement 1]
+- [Improvement 2]
+
+## Corrective Actions
+
+### Immediate Actions (Completed)
+| Action | Owner | Status |
+|--------|-------|--------|
+| | | Done |
+
+### Short-term Actions (1-2 weeks)
+| Action | Owner | Target Date | Ticket |
+|--------|-------|-------------|--------|
+| | | | |
+
+### Long-term Actions (1-3 months)
+| Action | Owner | Target Date | Ticket |
+|--------|-------|-------------|--------|
+| | | | |
+
+## Preventive Measures
+[How will we prevent similar incidents in the future?]
+
+## Lessons Learned
+[Key takeaways for the team]
+
+## Sign-off
+- [ ] RCA Author: _________________ Date: _______
+- [ ] Team Lead Review: _________________ Date: _______
+- [ ] Management Approval: _________________ Date: _______
+```

package/templates/RSK-ASS-assessment.md

@@ -0,0 +1,87 @@
+# RSK-ASS: Risk Assessment
+
+## Quick Reference
+- **SLA:** 30 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Risk Assessments
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Flag: security`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## Risk Assessment
+
+**Assessment ID:** RSK-ASS-YYYY-XXX
+**Assessment Date:** [YYYY-MM-DD]
+**Assessment Type:** [Annual / Triggered / Ad-hoc]
+**Trigger:** [Annual schedule / Organizational change / Technology change / Incident / Other]
+
+## Scope
+[Define what's being assessed - full ISMS, specific system, specific process]
+
+## Assessment Team
+- **Lead:** [Name]
+- **Participants:** [Names]
+
+## Methodology
+- Risk assessment framework: [e.g., ISO 27005]
+- Likelihood scale: [1-5 or Low/Medium/High]
+- Impact scale: [1-5 or Low/Medium/High]
+- Risk calculation: [Likelihood x Impact]
+
+## Asset Inventory
+| Asset | Type | Owner | Criticality |
+|-------|------|-------|-------------|
+| | | | |
+
+## Threat Identification
+| Threat | Source | Target Assets |
+|--------|--------|---------------|
+| | | |
+
+## Vulnerability Assessment
+| Vulnerability | Affected Assets | Current Controls |
+|---------------|-----------------|------------------|
+| | | |
+
+## Risk Register
+| Risk ID | Risk Description | Asset | Threat | Vulnerability | Likelihood | Impact | Risk Level | Treatment |
+|---------|------------------|-------|--------|---------------|------------|--------|------------|-----------|
+| | | | | | | | | |
+
+## Risk Evaluation
+
+### High Risks Requiring Treatment
+| Risk ID | Risk | Current Level | Treatment Decision |
+|---------|------|---------------|-------------------|
+| | | | |
+
+### Accepted Risks
+| Risk ID | Risk | Level | Justification for Acceptance |
+|---------|------|-------|------------------------------|
+| | | | |
+
+## Risk Treatment Plan
+[Create linked issues for each risk requiring treatment]
+
+| Risk ID | Treatment | Control(s) | Owner | Target Date | Status |
+|---------|-----------|------------|-------|-------------|--------|
+| | | | | | |
+
+## Residual Risk Assessment
+| Risk ID | Original Level | After Treatment | Acceptable? |
+|---------|----------------|-----------------|-------------|
+| | | | |
+
+## Statement of Applicability Impact
+[Document any changes needed to SoA based on this assessment]
+
+## Sign-off
+- [ ] Risk Assessment completed by: _________________ Date: _______
+- [ ] Reviewed by ISMS Governance Council: _________________ Date: _______
+- [ ] Risk Treatment Plan approved: _________________ Date: _______
+```

package/templates/RSK-VND-vendor.md

@@ -0,0 +1,113 @@
+# RSK-VND: Third-Party Vendor Assessment
+
+## Quick Reference
+- **SLA:** 30 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Vendor Assessments
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Flag: security`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## Third-Party Vendor Assessment
+
+**Assessment ID:** RSK-VND-YYYY-XXX
+**Assessment Date:** [YYYY-MM-DD]
+**Assessment Type:** [New Vendor / Annual Review / Change Reassessment]
+
+## Vendor Information
+- **Vendor Name:** [Company name]
+- **Service Description:** [What service they provide]
+- **Contract Start Date:** [If known]
+- **Contract Value:** [Annual value if known]
+- **Primary Contact:** [Name, email]
+
+## Data Access Assessment
+### Data Types Accessed
+- [ ] Customer data
+- [ ] Employee data
+- [ ] Financial data
+- [ ] Intellectual property
+- [ ] Production systems access
+- [ ] No sensitive data access
+
+### Access Method
+- [ ] Direct system access
+- [ ] Data export/transfer
+- [ ] API integration
+- [ ] Physical access
+- [ ] No direct access
+
+## Security Assessment
+
+### Certifications and Audits
+| Certification | Status | Expiry Date | Verified |
+|---------------|--------|-------------|----------|
+| SOC 2 Type II | | | [ ] |
+| ISO 27001 | | | [ ] |
+| Other: | | | [ ] |
+
+### Security Controls Checklist
+| Control Area | Adequate? | Notes |
+|--------------|-----------|-------|
+| Information Security Policy | Yes/No/NA | |
+| Access Control | Yes/No/NA | |
+| Encryption (at rest and in transit) | Yes/No/NA | |
+| Incident Response | Yes/No/NA | |
+| Business Continuity | Yes/No/NA | |
+| Employee Background Checks | Yes/No/NA | |
+| Secure Development (if applicable) | Yes/No/NA | |
+| Vulnerability Management | Yes/No/NA | |
+
+### Documentation Reviewed
+- [ ] SOC 2 Type II report
+- [ ] ISO 27001 certificate
+- [ ] Security questionnaire response
+- [ ] Privacy policy
+- [ ] Terms of service
+- [ ] Data processing agreement
+
+## Risk Assessment
+
+### Identified Risks
+| Risk | Likelihood | Impact | Risk Level | Mitigation |
+|------|------------|--------|------------|------------|
+| | | | | |
+
+### Risk Level: [High / Medium / Low]
+
+## Contractual Requirements
+- [ ] NDA/CDA in place
+- [ ] Data processing agreement required
+- [ ] Security requirements in contract
+- [ ] SLA defined
+- [ ] Right to audit clause
+- [ ] Exit/transition clause
+
+## Decision
+
+### Recommendation
+- [ ] **Approve** - Vendor meets security requirements
+- [ ] **Approve with Conditions** - Requires additional controls (specify below)
+- [ ] **Reject** - Unacceptable security posture
+- [ ] **Defer** - Requires additional information
+
+### Conditions (if applicable)
+[List any conditions that must be met]
+
+### Risk Acceptance (if applicable)
+[Document any residual risks being accepted and justification]
+
+## Approvals
+- [ ] Assessment completed by: _________________ Date: _______
+- [ ] Security review by: _________________ Date: _______
+- [ ] Final approval by: _________________ Date: _______
+
+## Ongoing Monitoring
+- Annual review date: [YYYY-MM-DD]
+- Review trigger events: [List events that require reassessment]
+```

package/templates/SEC-INC-incident.md

@@ -0,0 +1,76 @@
+# SEC-INC: Security Incident Response
+
+## Quick Reference
+- **SLA:** 15min-72hrs (severity-based)
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Security Incidents
+
+## Required Labels
+- `Type: bug`
+- `Layer: devops` or `Layer: backend`
+- `Flag: security`
+- `Flag: compliance`
+- Severity label (see classification)
+
+## Severity Classification
+| Severity | Response Time | Post-Review | Examples |
+|----------|---------------|-------------|----------|
+| Sev 0 (Critical) | 15 minutes | 3 days | Data breach, full outage, active attack |
+| Sev 1 (High) | 1 hour | 5 days | Partial outage, unauthorized access attempt |
+| Sev 2 (Medium) | 4 hours | 10 days | Failed control, suspicious activity |
+| Sev 3 (Low) | 24 hours | 20 days | Policy violation, near-miss |
+
+## Issue Template
+```markdown
+## Security Incident Report
+
+**Incident ID:** SEC-YYYY-XXX
+**Date/Time Discovered:** [YYYY-MM-DD HH:MM UTC]
+**Date/Time Reported:** [YYYY-MM-DD HH:MM UTC]
+**Severity:** [Sev 0 / Sev 1 / Sev 2 / Sev 3]
+
+## Classification
+- **Incident Type:** [Denial of Service / Unauthorized Access / Malicious Code / Data Breach / Policy Violation / Other]
+- **Affected Systems:** [List systems/services affected]
+- **Data Involved:** [Yes/No - if Yes, describe data types]
+- **Customer Impact:** [Yes/No - if Yes, describe impact]
+
+## Initial Assessment
+[Brief description of what happened and initial impact assessment]
+
+## Detection Method
+- [ ] Automated monitoring/alerting
+- [ ] User report
+- [ ] Security scan
+- [ ] Third-party notification
+- [ ] Other: ___
+
+## Containment Actions Taken
+- [ ] Isolated affected systems
+- [ ] Preserved evidence (logs, screenshots)
+- [ ] Reset compromised credentials
+- [ ] Other: ___
+
+## Timeline of Events
+| Time | Event |
+|------|-------|
+| | |
+
+## Escalation
+- [ ] CTO notified (required for Sev 0/1)
+- [ ] Legal notified (if data involved)
+- [ ] Customer notification required? [Yes/No]
+
+## Next Steps
+1. [Action item]
+2. [Action item]
+
+## Resources
+- Incident Response Process: `/security-compliance/incident-management/incident-response-process.md`
+- RCA Template: Create linked RCA-DOC issue if Sev 0/1/2
+```
+
+## Escalation Rules
+- Sev 0/1: Immediate notification to CTO
+- Customer data involved: Notify Legal/CEO
+- Breach determination: CEO + Legal review required

package/templates/SEC-PEN-pentest.md

@@ -0,0 +1,58 @@
+# SEC-PEN: Penetration Test Remediation
+
+## Quick Reference
+- **SLA:** 30-90 days (severity-based)
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Pentest Remediation
+
+## Required Labels
+- `Type: bug`
+- `Flag: security`
+- `Source: Penetration Test`
+- Severity label based on finding risk rating
+
+## Issue Template
+```markdown
+## Penetration Test Finding Remediation
+
+**Finding ID:** [From pentest report, e.g., PT-2025-001]
+**Test Date:** [YYYY-MM-DD]
+**Testing Firm:** [e.g., Workstreet]
+**Report Section:** [Reference to report section]
+
+## Finding Details
+- **Title:** [Finding title from report]
+- **Severity:** [Critical / High / Medium / Low]
+- **CVSS Score:** [X.X] (if provided)
+- **Category:** [OWASP Top 10 category if applicable]
+
+## Description
+[Copy finding description from pentest report]
+
+## Affected Component
+- **URL/Endpoint:** [Affected URL or API endpoint]
+- **System:** [Frontend / Backend / Infrastructure]
+
+## Proof of Concept
+[Summary of how tester exploited the vulnerability]
+
+## Recommended Remediation
+[Copy recommendation from pentest report]
+
+## Our Remediation Plan
+[Describe specific steps we will take]
+
+## Acceptance Criteria
+- [ ] Vulnerability remediated
+- [ ] Verified by internal testing
+- [ ] Ready for re-test by penetration tester
+
+## Verification
+- [ ] Internal verification complete
+- [ ] Re-test requested from [Testing Firm]
+- [ ] Re-test passed
+
+## References
+- Full Report: [Link to pentest report in Notion]
+- Related CVEs: [If applicable]
+```

package/templates/SEC-VLN-vulnerability.md

@@ -0,0 +1,69 @@
+# SEC-VLN: Vulnerability Remediation
+
+## Quick Reference
+- **SLA:** 30-90 days (severity-based)
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Vulnerability Management
+
+## Required Labels
+- `Type: bug`
+- `Flag: security`
+- `Source: Vulnerability Scan` OR `Source: CodeQL` OR `Source: Penetration Test`
+- Severity label based on CVSS score
+
+## Severity to SLA Mapping
+| Severity | CVSS Score | Remediation SLA |
+|----------|------------|-----------------|
+| Critical | 9.0-10.0 | 30 days |
+| High | 7.0-8.9 | 30 days |
+| Medium | 4.0-6.9 | 60 days |
+| Low | 0.1-3.9 | 90 days |
+
+## Issue Template
+```markdown
+## Vulnerability Remediation
+
+**Vulnerability ID:** [CVE-XXXX-XXXXX or internal ID]
+**First Detected:** [YYYY-MM-DD]
+**Detection Source:** [Dependabot / CodeQL / AWS Inspector / Penetration Test / Manual]
+**Remediation Deadline:** [YYYY-MM-DD] (per SLA)
+
+## Vulnerability Details
+- **Affected Component:** [Package/library/system name]
+- **Current Version:** [x.x.x]
+- **Fixed Version:** [x.x.x] (if known)
+- **CVSS Score:** [X.X]
+- **Severity:** [Critical / High / Medium / Low]
+
+## Description
+[Brief description of the vulnerability and potential impact]
+
+## Affected Systems
+- [ ] Frontend
+- [ ] Backend (.NET)
+- [ ] AI Server (Python)
+- [ ] Infrastructure (AWS)
+
+## Business Impact Assessment
+[Describe potential business impact if exploited]
+
+## Proposed Remediation
+- [ ] Upgrade dependency to version [x.x.x]
+- [ ] Apply security patch
+- [ ] Configuration change
+- [ ] Code fix
+- [ ] Accept risk (requires documented justification)
+
+## Risk Treatment Plan (if SLA cannot be met)
+[Document justification and extended timeline if applicable]
+
+## Verification
+- [ ] Fix implemented
+- [ ] Re-scanned to confirm resolution
+- [ ] No regression in functionality
+
+## References
+- CVE Link: [URL]
+- Advisory: [URL]
+- Fix PR: [URL]
+```

package/templates/SLA-AVL-availability.md

@@ -0,0 +1,86 @@
+# SLA-AVL: Platform Availability Incident
+
+## Quick Reference
+- **SLA:** 1hr-14 days (severity-based)
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Availability Incidents
+
+## Severity Classification
+| Severity | Description | Response SLA | Resolution Target |
+|----------|-------------|--------------|-------------------|
+| Critical | Complete outage | 1 hour | 8 hours |
+| Medium | Core function impaired | 4 hours | 3 business days |
+| Low | Minor issues | 1 business day | 14 business days |
+
+## Required Labels
+- `Type: bug`
+- `Layer: [affected layer]`
+- Severity label based on impact
+
+## Issue Template
+```markdown
+## Platform Availability Incident
+
+**Incident ID:** SLA-AVL-YYYY-XXX
+**Start Time:** [YYYY-MM-DD HH:MM UTC]
+**Detection Time:** [YYYY-MM-DD HH:MM UTC]
+**Severity:** [Critical / Medium / Low]
+
+## Impact Assessment
+- **Services Affected:** [List affected services]
+- **Users Affected:** [All / Partial - describe scope]
+- **Customer Impact:** [Description of customer-facing impact]
+- **Workaround Available:** [Yes - describe / No]
+
+## Incident Description
+[Brief description of the outage/issue]
+
+## Timeline
+| Time (UTC) | Event |
+|------------|-------|
+| | Issue started |
+| | Issue detected |
+| | Investigation started |
+| | |
+
+## Investigation
+
+### Initial Assessment
+[What was observed, initial hypothesis]
+
+### Root Cause
+[If identified - otherwise "Under investigation"]
+
+### Affected Components
+- [ ] Frontend
+- [ ] Backend API
+- [ ] Database
+- [ ] AI Server
+- [ ] AWS Infrastructure
+- [ ] Third-party service: [Name]
+
+## Resolution
+
+### Actions Taken
+1. [Action 1]
+2. [Action 2]
+
+### Resolution Time
+- **Incident End Time:** [YYYY-MM-DD HH:MM UTC]
+- **Total Duration:** [X hours Y minutes]
+- **Resolution SLA Met:** [Yes / No]
+
+## Customer Communication
+- [ ] Status page updated
+- [ ] Affected customers notified
+- [ ] Resolution notification sent
+
+## Follow-up Required
+- [ ] Root Cause Analysis (create linked RCA-DOC if Critical/Medium)
+- [ ] Preventive measures identified
+- [ ] Post-mortem scheduled
+
+## SLA Credit Assessment
+- **Uptime this month:** [XX.XX%]
+- **Credit applicable:** [Yes - X% / No]
+```