npm - recall-os - Versions diffs - 0.2.0 → 0.2.1 - Mend

recall-os 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/examples/generated-python-fastapi/docs/20-security/SECURITY_MODEL.md CHANGED Viewed

@@ -1,11 +1,32 @@
 # Security Model
-## Current Status
+## Status
-Draft.
+Draft — fill the prompted sections below with this repository's real model as it grows.
+`recall doctor` flags these as warnings once the repository has real work (a feature, module, or
+accepted decision).
 ## Baseline Rules
-- Do not commit secrets.
-- Do not read or copy `.env` files into docs.
+- Never commit secrets or credentials, and never read or copy `.env` files into docs.
+- Validate and authorize untrusted input at every trust boundary.
 - Do not add network, telemetry, cloud, MCP runtime, or AI API behavior without explicit review.
+## Authentication And Authorization
+Describe how this repository authenticates users or clients and how it authorizes actions, including
+where those checks live.
+## Secrets And Configuration
+Describe where secrets live, how they are injected, and how configuration is kept out of version
+control.
+## Sensitive Data
+Describe the sensitive or personal data this repository handles, and how it is protected at rest and
+in transit.
+## Dependencies And Supply Chain
+Describe how third-party dependencies are vetted, pinned, and updated.

package/examples/generated-python-fastapi/docs/20-security/THREAT_MODEL.md CHANGED Viewed

@@ -1,7 +1,39 @@
 # Threat Model
-## Current Status
+## Status
-Draft.
+Draft — replace the prompts below with this repository's real analysis as it grows. `recall doctor`
+flags these as warnings once the repository has real work (a feature, module, or accepted decision).
-Track repository-specific risks here as the project evolves.
+## Assets
+Describe what this repository must protect: user data, credentials, money, availability, or
+reputation.
+## Entry Points
+Describe where untrusted input enters: HTTP endpoints, webhooks, file uploads, queues, CLI input, or
+third-party callbacks.
+## Trust Boundaries
+Describe where trust changes: client to server, service to database, your code to third-party APIs.
+## Threats
+Describe the concrete threats that apply to this repository, by category:
+- Spoofing — how identities are faked or sessions stolen.
+- Tampering — how requests, data, or builds are altered (injection, mass assignment).
+- Repudiation — actions that must remain auditable.
+- Information disclosure — how sensitive data or secrets could leak.
+- Denial of service — how the system can be overwhelmed or abused.
+- Elevation of privilege — how a user could gain access they should not have.
+## Mitigations
+Describe the control in place or planned for each threat above.
+## Open Risks
+Describe accepted or unresolved risks and who owns them.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "recall-os",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Architecture-neutral repository memory for AI-assisted software teams.",
   "packageManager": "pnpm@10.12.3",
   "type": "module",