content(opsec): endpoint security tiers and DPRK liveness verification#400
Open
artemisclaw82 wants to merge 2 commits intosecurity-alliance:developfrom
Open
content(opsec): endpoint security tiers and DPRK liveness verification#400artemisclaw82 wants to merge 2 commits intosecurity-alliance:developfrom
artemisclaw82 wants to merge 2 commits intosecurity-alliance:developfrom
Conversation
* Chore/travel guide update (#291)
* upgrade the travel guide
* upgrade tldr travel guide
* update travel guide
* SEAL Certifications (#294)
* Certs fix (#296)
* Update overview.mdx
* Update overview.mdx
* Update overview.mdx
* Update overview.mdx
* Update certified-partners.mdx
* Update overview.mdx
* Update overview.mdx
* Certs fix (#297)
* Update overview.mdx
* Update overview.mdx
* Update overview.mdx
* Update overview.mdx
* Update certified-partners.mdx
* Update overview.mdx
* Update overview.mdx
* Update certified-partners.mdx
* Update certified-partners.mdx
* Treasury ops (#247)
* fix: update README.md for clarity and consistency in incident management playbooks
* refactor: enhance transaction verification documentation for clarity and security protocols
- Streamlined address verification steps and clarified requirements for test transactions.
- Updated security protocols for large transfers, including anti-social-engineering measures.
- Improved formatting and consistency throughout the document for better readability.
* feat: add Treasury Operations guide for large cryptocurrency transfers
- Introduced a new section in the vocs.config.ts for Treasury Operations, including a guide on transaction verification for large transfers.
- Created a comprehensive documentation file for Treasury Transaction Verification, detailing security protocols, verification steps, and best practices for handling significant cryptocurrency movements.
- Updated fetched-tags.json to include relevant tags for the new guide.
* refactor: update transaction verification documentation for clarity and best practices
- Revised sections on deposit address selection for both institutional custody and self-custody multisigs, emphasizing the importance of using established addresses.
- Enhanced address verification protocols, including detailed steps for verifying multisig configurations.
- Clarified critical instructions for address confirmation during transactions, ensuring security against phishing and address poisoning.
- Improved overall formatting and consistency for better readability.
* refactor: improve transaction verification documentation and fix tag path
- Enhanced clarity and formatting throughout the transaction verification guide, including detailed steps for address verification and test transactions.
- Updated the tag path in fetched-tags.json to reflect the correct directory structure for the transaction verification documentation.
- Added additional best practices for security during large cryptocurrency transfers, ensuring comprehensive coverage of verification protocols.
* feat: add new section for Custodial Inventory & Controls in Treasury Operations
- Introduced a new item in the Treasury Operations guide, linking to the Custodial Inventory & Controls documentation for enhanced resource accessibility.
* fix: update Ethereum confirmation requirements in transaction verification documentation
- Changed the confirmation requirement for Ethereum from 12 confirmations (~2.5 minutes) to 2 epochs (~12.8 minutes) for improved accuracy.
* refactor: enhance Treasury Operations documentation with impact assessments and operational classifications
- Added sections on financial, operational, and regulatory impacts for account unavailability.
- Updated impact classification table to include regulatory considerations and adjusted financial exposure metrics.
- Revised operational assessment notes to reflect changes in account value thresholds and approval requirements for transactions.
* chore: add spacing for improved readability in Treasury Operations documentation
- Added extra line breaks in the classification registration and documentation section to enhance visual clarity and separation of content.
* feat: expand Treasury Operations documentation with Zero Trust Architecture and security monitoring guidelines
- Added a new section on Zero Trust Architecture alternatives, detailing bastion host and cloud workspace isolation approaches for enhanced security.
- Introduced security monitoring and logging recommendations for organizations managing critical accounts, emphasizing the use of SIEM and audit logs for effective oversight.
* refactor: streamline security monitoring section in Treasury Operations documentation
- Removed redundant header for the Security Monitoring & Logging section to improve clarity and flow.
- Maintained focus on centralized security monitoring recommendations for critical and high impact accounts.
* feat: add DeFi Risk Assessment reference to Treasury Operations documentation
- Included a link to the DeFi Risk Assessment Guide for recommended procedures related to DeFi interactions.
- Enhanced the documentation to provide clearer guidance for security measures in decentralized finance contexts.
* feat: introduce Custodial Treasury Security framework in documentation
- Added a new section titled "Custodial Treasury Security: Inventory & Controls Framework" to enhance guidance on custodial account management.
- Included tags and contributor information for better resource categorization and attribution.
- Integrated components for improved documentation structure and user engagement.
* refactor: update Zero Trust Architecture section in Treasury Operations documentation
- Revised the description of Zero Trust architecture to emphasize continuous verification of users, devices, and context.
- Enhanced clarity in the bastion host and cloud workspace isolation approaches, including specific security measures and risk reduction strategies.
- Improved overall readability and consistency in the documentation.
* feat: update Treasury Operations documentation with guide link and contributor details
- Reintroduced the "Guide: Large Cryptocurrency Transfers" link in the Treasury Operations configuration for better resource accessibility.
- Added a new contributor role for review in the transaction verification documentation to enhance attribution.
- Updated fetched-tags.json to include relevant tags for the custodial inventory and transaction verification sections.
* feat: enhance Treasury Operations documentation with detailed controls for account classifications
- Updated the impact and operational classification table to include comprehensive controls for each account type, emphasizing security measures and specific requirements.
- Added detailed descriptions for low, medium, and high-risk accounts, including transaction limits, monitoring, and approval processes.
- Revised device security and access protocols to strengthen custody access and ensure compliance with best practices.
* feat: update Treasury Operations configuration and documentation
- Modified the link for "Custodial Inventory & Controls" to point to the new classification page.
- Added new entries for "Registration Documents" and "Enhanced Controls for High-Risk Accounts" in the Treasury Operations configuration.
- Deleted the outdated "Custodial Treasury Security: Inventory & Controls Framework" documentation to streamline resources and improve clarity.
* feat: enhance Treasury Operations documentation with custody/MPC policy thresholds and engine rules
- Added a new section detailing custody/MPC policy thresholds, including approver requirements and suggested thresholds for various treasury operations.
- Introduced core rule elements for custody policy engines, outlining transaction rules and actions.
- Expanded on the definitions of policy scope to clarify operational contexts and approval processes.
* feat: update fetched-tags.json for Treasury Operations classifications
- Modified existing classification paths and added new entries for "Classification" and "Enhanced Controls" under Treasury Operations.
- Improved categorization of tags to better reflect operational roles and risk management strategies.
* Update docs/pages/treasury-operations/enhanced-controls.mdx
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Update docs/pages/treasury-operations/transaction-verification.mdx
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Update contributors and enhance documentation attribution
- Added Elliot Friedman as a contributor in contributors.json.
- Updated contributor lists in transaction verification, enhanced controls, and classification documentation to include Elliot Friedman for improved attribution.
* Update contributors.json to standardize job titles and descriptions
- Changed job titles and descriptions for contributors to singular form for consistency.
- Added missing details for Elliot Friedman, including website and company information.
* added overview.mdx
* feat: add Overview section to Treasury Operations configuration and tags
- Introduced a new "Overview" entry in the Treasury Operations configuration with a corresponding link.
- Updated fetched-tags.json to include classification for the new Overview section, enhancing categorization for Treasury Ops documentation.
* fix merge
---------
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Wallet security multisig content (#275)
* Add Multisig for Protocols section to vocs.config.ts
- Introduced a new section for Multisig, including links to Overview, Signing & Verification, Private Key & Seed Phrase Management, and Tools & Resources.
- Enhanced navigation structure to improve user access to multisig-related content.
* Enhance Multisig for Protocols section in vocs.config.ts
- Updated navigation links to reflect new structure for the Multisig section.
- Added detailed subsections including General Rules, Multisig Administration, and For Signers with specific links for better user guidance.
- Improved overall organization to facilitate easier access to multisig-related content.
* Update Multisig for Protocols documentation and navigation links
- Enhanced the Multisig for Protocols section by adding detailed subsections and improving navigation links for better user experience.
- Updated links in various documents to ensure consistency and accessibility, including links to related topics such as Emergency Procedures, General Rules, and Hardware Wallet Setup.
- Added frontmatter tags and contributor information to relevant documents for better categorization and attribution.
* Update links in Multisig for Protocols documentation for consistency
- Corrected links in offboarding, ongoing management, planning and classification, and setup and configuration documents to ensure they point to the correct sections.
- Enhanced clarity and accessibility of documentation by standardizing link formats.
* Fix formatting of "Eternal Safe" references in Multisig documentation
- Updated the formatting of "Safe{Wallet}" to "Safe\{Wallet\}" for consistency across the backup infrastructure and signing when UI is down documentation.
- Ensured uniformity in documentation presentation to enhance clarity.
* Fix formatting issues in Multisig documentation
- Updated the financial exposure thresholds in the planning and classification section to use escape characters for less than and greater than symbols for improved clarity.
- Ensured consistent formatting across the documentation to enhance readability and maintain standards.
* Update image links in Multisig for Protocols documentation
- Replaced local image paths with direct links to hosted images for better accessibility and consistency across the documentation.
- Removed obsolete image files to streamline the asset management.
* Add contributors to contributors.json
- Added new contributor profiles for Isaac Patka, Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella, including their roles, company affiliations, and social media links.
- Enhanced the contributors.json file to reflect the expanded contributor base and improve attribution in documentation.
* Update prohibited practices section in seed phrase security documentation
- Reformatted the list of prohibited practices for better clarity and emphasis.
- Ensured consistent presentation of security guidelines to enhance user understanding.
* Update Multisig documentation to replace 'Training Checklist' with 'Implementation Checklist'
- Changed references in the vocs.config.ts, general-rules.mdx, and overview.mdx files to reflect the new 'Implementation Checklist' terminology.
- Deleted the outdated 'training-checklist.mdx' file to streamline documentation and avoid confusion.
* Remove GitHub and Twitter links for contributors in contributors.json
- Updated the profiles of Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella to set their GitHub and Twitter links to null, reflecting a change in their social media presence.
- Ensured the contributors.json file remains accurate and up-to-date for proper attribution in documentation.
* Remove Emergency Contacts section from Multisig for Protocols overview documentation
- Deleted the Emergency Contacts subsection to streamline the content and focus on essential information.
- Ensured the overview remains concise and relevant for users seeking guidance on multisig operations.
* Revise Quick Start section in Multisig for Protocols overview documentation
- Updated the Quick Start section to provide clearer guidance for new users, including direct links to relevant subsections for setup, signing, and emergency procedures.
- Enhanced the structure to improve navigation and accessibility of essential information for multisig operations.
* Update minimum security standards link in Multisig for Protocols overview documentation
- Revised the reference to minimum security standards to include a direct link for better accessibility.
- Ensured clarity in the core principles section to enhance user understanding of security requirements.
* Reorder use case table in planning and classification section of Multisig documentation
- Adjusted the order of entries in the use case table for better logical flow and readability.
- Ensured that the table maintains clarity in presenting impact, operational needs, and standard thresholds for multisig operations.
* Standardize formatting for regular reviews in the planning and classification section of Multisig documentation. Ensured consistent presentation to enhance clarity and readability for users.
* Update link in setup and configuration section of Multisig documentation to direct users to the Registration & Documentation page for improved navigation and clarity.
* Update multisig documentation to streamline the update template section by replacing the detailed template with a direct link to the new template location in the Registration & Documentation page, enhancing user navigation and clarity.
* Remove regular reviews section from the planning and classification documentation in the multisig for protocols guide to streamline content and focus on essential classification guidance.
* Clarify standard threshold for Protocol Parameters in the multisig planning and classification documentation by specifying higher thresholds for upgrades (7/9+), enhancing guidance for users on operational assessments.
* Fix punctuation in timelock configuration documentation for multisig protocols to enhance clarity and readability.
* Refactor multisig documentation to consolidate seed phrase security guidance
- Removed the 'Seed Phrase Security' page and integrated its content into the 'Private Key Management' section for improved clarity and accessibility.
- Updated links across various documentation pages to reflect the new structure, ensuring users are directed to the consolidated guidance on seed phrase and private key management.
- Enhanced the overall organization of multisig protocols documentation to streamline user navigation and understanding.
* Update documentation to replace 'Private Key Management' references with 'Seed Phrase Management'
- Renamed all instances of 'Private Key & Seed Phrase Management' to 'Seed Phrase Management' across various documentation pages for consistency and clarity.
- Removed the 'private-key-management.mdx' file as its content has been integrated into the updated structure, streamlining the documentation for wallet security.
- Updated links in the multisig protocols documentation to direct users to the new seed phrase management guidance.
* Enhance multisig documentation by adding steps for publishing verified signatures
- Included additional steps for users to publish verified signatures on Etherscan, improving the clarity of the verification process.
- Emphasized the importance of entering plain text messages and ensuring the signature includes the 0x prefix for successful verification.
* Update multisig documentation to include additional reviewer for clarity
- Added 'pinalikefruit' as a reviewer alongside 'dickson' in multiple documentation pages to enhance the review process and ensure comprehensive oversight.
- This change applies to various sections including administration, backup infrastructure, communication setup, and more, improving the collaborative aspect of documentation maintenance.
* Refactor multisig documentation to update backup infrastructure references
- Removed the 'Backup Infrastructure' section and replaced it with 'Backup Signing & Infrastructure' across multiple documentation pages for clarity and consistency.
- Deleted the outdated 'backup-infrastructure.mdx' and 'signing-when-ui-is-down.mdx' files, consolidating their content into the new structure.
- Updated links and checklist items to reflect the new terminology, ensuring users have access to the most relevant and accurate information regarding backup procedures.
* Refactor multisig documentation to remove 'Ongoing Management' section
- Deleted the 'Ongoing Management' page and integrated its content into the 'Registration & Documentation' section for improved clarity and organization.
- Updated references across multiple documentation pages to reflect this change, ensuring users have access to consolidated management procedures.
- Enhanced the overall structure of the documentation to streamline user navigation and understanding.
* Update multisig documentation to replace 'Timelock Configuration' references with 'Use Case Specific Requirements → Timelock Configuration'
- Removed direct links to the 'Timelock Configuration' page and updated them to point to the relevant section within 'Use Case Specific Requirements' for better context and navigation.
- Enhanced clarity by adding a dedicated 'Timelock Configuration' section within the 'Use Case Specific Requirements' page, providing detailed guidance on its implementation and considerations.
- Updated multiple documentation pages to reflect these changes, ensuring consistency and improved user experience.
* Refactor multisig documentation to streamline overview section
- Removed duplicate 'Registration & Documentation' entry for clarity and conciseness.
- Deleted the 'Backup Signing & Infrastructure' link to simplify the overview and focus on essential topics.
- Updated the structure of the overview section to enhance user navigation and understanding of multisig protocols.
* Update multisig documentation for improved clarity and navigation
- Removed empty 'Overview' entries in the table of contents for 'Multisig Administration' and 'For Signers' sections to enhance readability.
- Updated links in various sections to provide clearer references, such as changing 'Section 2.3' to 'Signer Rotation' and 'Section 2.1' to 'Thresholds & Configuration'.
- Streamlined documentation by ensuring consistent terminology and improving user guidance throughout the multisig protocols.
* Refactor multisig documentation to remove outdated sections and improve navigation
- Deleted the 'Overview' entries from the 'Multisig Administration' and 'For Signers' sections to enhance clarity and streamline the table of contents.
- Removed the 'administration.mdx' and 'for-signers.mdx' files, consolidating their content into more relevant sections for better user guidance.
- Updated the fetched tags to reflect the removal of these sections, ensuring accurate tagging across the documentation.
* Update multisig documentation to include additional contributor and improve clarity
- Added 'dickson' as a contributor to multiple documentation pages to enhance collaborative oversight.
- Updated various sections to reflect this change, ensuring comprehensive contributor representation.
- Made minor adjustments to improve clarity in the text, such as changing "this guide" to "this page" for consistency across documentation.
* Update multisig documentation to standardize terminology and improve clarity
- Replaced instances of "ex." with "eg." for consistency in examples across multiple documentation pages.
- Made minor adjustments to enhance clarity in the text, ensuring a more uniform presentation of information related to multisig protocols.
* Enhance multisig documentation with additional resources and security guidance
- Added a note regarding the maintenance status of local/alternative UIs, emphasizing their use as emergency options.
- Included links to the Safe Android app and its availability on major app stores for user convenience.
- Expanded the section on network explorers by providing a broader list of options for transaction exploration, improving user access to resources.
- Introduced a new guideline recommending the use of a separate browser or profile for signing to enhance security during transaction verification.
* Update multisig documentation to enhance verification processes and remove outdated references
- Introduced new sections for 'Safe Multisig: Step-by-Step Verification' and 'Squads Multisig: Step-by-Step Verification' to provide detailed guidance on transaction verification.
- Updated links throughout the documentation to replace references to the deleted 'Transaction Verification & Signing' page, ensuring users have access to current verification resources.
- Enhanced clarity by adding key definitions related to EVM transaction verification and emphasizing best practices for multisig signing processes.
- Removed outdated content and streamlined references to improve navigation and user experience across the documentation.
* Refactor multisig documentation to remove outdated 'General Rules' references and enhance security guidance
- Deleted the 'General Rules' page and replaced references throughout the documentation with links to 'Secure Multisig Best Practices' for improved clarity and consistency.
- Updated various sections to ensure all links point to the new best practices resource, enhancing user access to current security guidelines.
- Streamlined documentation by removing redundant content and ensuring all references align with the latest security protocols.
* Enhance multisig documentation with updated access options and improved formatting
- Reformatted import statements for consistency and readability.
- Added access options for 'Eternal Safe' and 'Squads Public Client' with GitHub links for user convenience.
- Improved clarity by adjusting formatting in various sections, including the use of italics for emphasis.
- Updated fetched tags to include relevant categories for new documentation sections, ensuring accurate tagging and improved resource organization.
* Update multisig documentation to include development flags for enhanced clarity
- Added 'dev: true' flags to various sections and items in the multisig documentation to indicate development status.
- Updated links for 'Safe Multisig' and 'Squads Multisig' verification processes to reflect their development status.
- Enhanced the 'Multisig for Protocols' section by marking all items as development-related, improving clarity for users regarding the current state of the documentation.
* Enhance multisig documentation with comprehensive signing guidelines and verification processes
- Added detailed signing guidelines emphasizing the use of hardware wallets, secure environments, and communication protocols among signers.
- Expanded sections on transaction verification for both SOL and USDS transfers, including step-by-step instructions and example interpretations of instruction data.
- Improved clarity by restructuring content and adding links to relevant transaction simulation tools and resources.
- Updated the signing process documentation to reinforce best practices and ensure signers are well-informed before executing transactions.
* Refine travel security guidelines in multisig documentation
- Updated the travel considerations section to improve clarity by removing emoji indicators and presenting the information in a straightforward list format.
- Enhanced the organization of what to bring and what not to bring, ensuring users have clear and concise travel security recommendations.
* Enhance multisig documentation with improved image formatting and descriptions
- Centered the image for the Eternal Safe network selection and added a descriptive caption to enhance user understanding.
- Improved visual presentation of the setup instructions for better clarity and engagement.
* remove wallet-security stuff back to develop
* Adding back multisig content in wallet security
* Update seed phrase management documentation with a direct link to EthCC swag for seed splitting guidance
* Update hardware wallet terminology in multisig verification documentation
* Add link to Classification Matrix for threshold selection in multisig best practices
* Remove unnecessary line break in seed phrase management documentation
* Update wallet security documentation to include new sections on Safe Multisig verification and Seed Phrase Management, while removing the Private Key Management link.
* Refactor wallet security documentation by consolidating recommended tools for multisig verification, replacing detailed tool descriptions with a link to the Tools & Resources page.
* Add Lido Safe TX Hashes Calculation tool to wallet security resources
* Update hardware wallet setup references and consolidate documentation for multisig protocols
* Update wallet security documentation to replace hardware wallet setup link with intermediates & medium funds section, enhancing resource organization.
* Remove recommended devices section from intermediates & medium funds documentation to streamline content and focus on initial setup guidelines.
* fix: update safe mobile app references and titles (#292)
The doc was pointing to the old Safe{Wallet} application & not to Safe{Mobile}.
* Add DevOps & Infrastructure certification and enhance existing certification details (#304)
- Introduced a new certification for DevOps & Infrastructure in vocs.config.ts and overview.mdx.
- Updated descriptions for existing certifications in overview.mdx for clarity.
- Added new controls related to incident response and workspace security in their respective markdown files.
- Enhanced security measures with additional controls for device supply chain and insider threat management in workspace security documentation.
* pnpm update
* making the page with proper heading + table of content (#311)
* making the deadlinks error just a warning (#312)
* Revert "Add DevOps & Infrastructure certification and enhance existing certif…" (#317)
This reverts commit 1148af5305d06828af687e9c1376df42726a0bfc.
* Fix node version requirement for local testing (#318)
* fix: update Node.js requirement to v22+ for vocs compatibility
vocs >=1.2.0 requires Node.js 22+ due to usage of globSync from node:fs.
Updated devcontainer Dockerfile and CONTRIBUTING.md accordingly.
See: https://github.com/wevm/vocs/blob/main/package.json
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* shorten comments
* fix: update Node.js version in contributing.mdx
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* Restructuring opsec domain (#299)
* restructuring opsec domain
* finalise the opsec revamp
* Updating tags!
* Removing build errors by vite on deadlinks
* fix import paths + deadlinks
---------
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Co-authored-by: Sara Russo <sararusso984@gmail.com>
* Restore automated tag colors and fix broken link (#310)
* add tags color generator
* adding missing tags, colors and styling for tags + fix broken link
---------
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* Add Isaac and Dickson as stewards (#316)
* Update contributor roles and descriptions in contributors.json
- Changed roles for Dickson Wu and Isaac Patka from "contributor" to "steward".
- Enhanced descriptions to reflect their stewardship responsibilities, providing clearer attribution in documentation.
* Update contributor description for Safe Harbor in contributors.json
- Revised the description for the Safe Harbor contributor to clarify their role as "Steward of Safe Harbor & Steward of SEAL Certs," enhancing the accuracy of contributor attributions.
* Clarifications on DNSSEC and CAA sections (#314)
making the page with proper heading + table of content (#311)
making the deadlinks error just a warning (#312)
Revert "Add DevOps & Infrastructure certification and enhance existing certif…" (#317)
This reverts commit 1148af5305d06828af687e9c1376df42726a0bfc.
Fix node version requirement for local testing (#318)
* fix: update Node.js requirement to v22+ for vocs compatibility
vocs >=1.2.0 requires Node.js 22+ due to usage of globSync from node:fs.
Updated devcontainer Dockerfile and CONTRIBUTING.md accordingly.
See: https://github.com/wevm/vocs/blob/main/package.json
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* shorten comments
* fix: update Node.js version in contributing.mdx
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Restructuring opsec domain (#299)
* restructuring opsec domain
* finalise the opsec revamp
* Updating tags!
* Removing build errors by vite on deadlinks
* fix import paths + deadlinks
---------
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Co-authored-by: Sara Russo <sararusso984@gmail.com>
Restore automated tag colors and fix broken link (#310)
* add tags color generator
* adding missing tags, colors and styling for tags + fix broken link
---------
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Add Isaac and Dickson as stewards (#316)
* Update contributor roles and descriptions in contributors.json
- Changed roles for Dickson Wu and Isaac Patka from "contributor" to "steward".
- Enhanced descriptions to reflect their stewardship responsibilities, providing clearer attribution in documentation.
* Update contributor description for Safe Harbor in contributors.json
- Revised the description for the Safe Harbor contributor to clarify their role as "Steward of Safe Harbor & Steward of SEAL Certs," enhancing the accuracy of contributor attributions.
clarify CAA use further
minor content structure
further work after discussion with maintainer
making the page with proper heading + table of content (#311)
making the deadlinks error just a warning (#312)
Revert "Add DevOps & Infrastructure certification and enhance existing certif…" (#317)
This reverts commit 1148af5305d06828af687e9c1376df42726a0bfc.
Fix node version requirement for local testing (#318)
* fix: update Node.js requirement to v22+ for vocs compatibility
vocs >=1.2.0 requires Node.js 22+ due to usage of globSync from node:fs.
Updated devcontainer Dockerfile and CONTRIBUTING.md accordingly.
See: https://github.com/wevm/vocs/blob/main/package.json
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* shorten comments
* fix: update Node.js version in contributing.mdx
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Restore automated tag colors and fix broken link (#310)
* add tags color generator
* adding missing tags, colors and styling for tags + fix broken link
---------
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Add Isaac and Dickson as stewards (#316)
* Update contributor roles and descriptions in contributors.json
- Changed roles for Dickson Wu and Isaac Patka from "contributor" to "steward".
- Enhanced descriptions to reflect their stewardship responsibilities, providing clearer attribution in documentation.
* Update contributor description for Safe Harbor in contributors.json
- Revised the description for the Safe Harbor contributor to clarify their role as "Steward of Safe Harbor & Steward of SEAL Certs," enhancing the accuracy of contributor attributions.
* Add branch-aware robots.txt (#330)
* adding CF function to create a branch-aware robot.txt
* making robots.txt on main be aligned with the SEAL's one
* taking out comments from robots.txt on develop
* clarify location (#326)
* fixing md-linter path (replacing older from mdbook to favor vocs) (#331)
* chore(deps): bump hono in the npm_and_yarn group across 1 directory (#337)
Bumps the npm_and_yarn group with 1 update in the / directory: [hono](https://github.com/honojs/hono).
Updates `hono` from 4.10.7 to 4.11.4
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.10.7...v4.11.4)
---
updated-dependencies:
- dependency-name: hono
dependency-version: 4.11.4
dependency-type: indirect
dependency-group: npm_and_yarn
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add meta descriptions to every page for SEO enhancement (#324)
* Add meta descriptions to every page for SEO enhancement
* adding meta description guidance in the contributing.mdx + CONTRIBUTING.md files
* Tweaked some of the descriptions, so that they are all under 160 chars
Added some more detailed guidance and examples on good description writing to CONTRIBUTING.mdx
Disclaimer - Claude wrote, I reviewed.
* - Improved, more detailed titles for pages, staying under 60 char limit to avoid Google truncation
- Added guidance and examples for good title writing to contributing.mdx
- Add orgname suffix to page titles:
- \"| Security Alliance\" for titles ≤41 chars
- \"| SEAL\" for longer titles (keeping total ≤60 chars)
---------
Co-authored-by: smagdali <stefan@whitelabel.org>
* [multisig] independent transaction verification requirement (#335)
* Add independent transaction verification requirement
* Update sfc-multisig-ops.mdx
* Improve formatting of transaction verification description
Reformat description for independent transaction verification requirement for better readability.
* Update sfc-multisig-ops.mdx
* remove misadded files (#338)
* Enhancement: Adding SMTP DANE section to DNS security (#329)
* first draft
smtp dane
* further work after discussion with maintainer
---------
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* Bump up react-router-dom dep (#341)
* chore(deps): bump react-router (#345)
Bumps the npm_and_yarn group with 1 update in the / directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router).
Updates `react-router` from 7.10.0 to 7.12.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router)
---
updated-dependencies:
- dependency-name: react-router
dependency-version: 7.12.0
dependency-type: indirect
dependency-group: npm_and_yarn
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Chore - expand overview of each framework page (#344)
* Add overview of all fw + links to go directly to the overview of that fw
* Create component to make the overview of each fws branch-aware + added linking to all the overiew pages
* remove comments from the component
* adding custom 404 that doesn't redirect (#327)
* adding custom 404 + its style file
* renaming css vars
* Badge system for contributors (#346)
* add basic badge display + contributors structure in the db
* add badges + legend of the badges + the possibility to be steward of more than 1 fw
* add badge legend to spotlight-zone.mdx
* Improved tooltip & legend styles + role badges position + badges dates + improved constants organization
* Fix/twitter preview image (#347)
* Fix Twitter preview image cropping
* Using png for preview image
* Integrating W3OSC's Multisig content into Frameworks (#303)
* Add Multisig for Protocols section to vocs.config.ts
- Introduced a new section for Multisig, including links to Overview, Signing & Verification, Private Key & Seed Phrase Management, and Tools & Resources.
- Enhanced navigation structure to improve user access to multisig-related content.
* Enhance Multisig for Protocols section in vocs.config.ts
- Updated navigation links to reflect new structure for the Multisig section.
- Added detailed subsections including General Rules, Multisig Administration, and For Signers with specific links for better user guidance.
- Improved overall organization to facilitate easier access to multisig-related content.
* Update Multisig for Protocols documentation and navigation links
- Enhanced the Multisig for Protocols section by adding detailed subsections and improving navigation links for better user experience.
- Updated links in various documents to ensure consistency and accessibility, including links to related topics such as Emergency Procedures, General Rules, and Hardware Wallet Setup.
- Added frontmatter tags and contributor information to relevant documents for better categorization and attribution.
* Update links in Multisig for Protocols documentation for consistency
- Corrected links in offboarding, ongoing management, planning and classification, and setup and configuration documents to ensure they point to the correct sections.
- Enhanced clarity and accessibility of documentation by standardizing link formats.
* Fix formatting of "Eternal Safe" references in Multisig documentation
- Updated the formatting of "Safe{Wallet}" to "Safe\{Wallet\}" for consistency across the backup infrastructure and signing when UI is down documentation.
- Ensured uniformity in documentation presentation to enhance clarity.
* Fix formatting issues in Multisig documentation
- Updated the financial exposure thresholds in the planning and classification section to use escape characters for less than and greater than symbols for improved clarity.
- Ensured consistent formatting across the documentation to enhance readability and maintain standards.
* Update image links in Multisig for Protocols documentation
- Replaced local image paths with direct links to hosted images for better accessibility and consistency across the documentation.
- Removed obsolete image files to streamline the asset management.
* Add contributors to contributors.json
- Added new contributor profiles for Isaac Patka, Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella, including their roles, company affiliations, and social media links.
- Enhanced the contributors.json file to reflect the expanded contributor base and improve attribution in documentation.
* Update prohibited practices section in seed phrase security documentation
- Reformatted the list of prohibited practices for better clarity and emphasis.
- Ensured consistent presentation of security guidelines to enhance user understanding.
* Update Multisig documentation to replace 'Training Checklist' with 'Implementation Checklist'
- Changed references in the vocs.config.ts, general-rules.mdx, and overview.mdx files to reflect the new 'Implementation Checklist' terminology.
- Deleted the outdated 'training-checklist.mdx' file to streamline documentation and avoid confusion.
* Remove GitHub and Twitter links for contributors in contributors.json
- Updated the profiles of Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella to set their GitHub and Twitter links to null, reflecting a change in their social media presence.
- Ensured the contributors.json file remains accurate and up-to-date for proper attribution in documentation.
* Remove Emergency Contacts section from Multisig for Protocols overview documentation
- Deleted the Emergency Contacts subsection to streamline the content and focus on essential information.
- Ensured the overview remains concise and relevant for users seeking guidance on multisig operations.
* Revise Quick Start section in Multisig for Protocols overview documentation
- Updated the Quick Start section to provide clearer guidance for new users, including direct links to relevant subsections for setup, signing, and emergency procedures.
- Enhanced the structure to improve navigation and accessibility of essential information for multisig operations.
* Update minimum security standards link in Multisig for Protocols overview documentation
- Revised the reference to minimum security standards to include a direct link for better accessibility.
- Ensured clarity in the core principles section to enhance user understanding of security requirements.
* Reorder use case table in planning and classification section of Multisig documentation
- Adjusted the order of entries in the use case table for better logical flow and readability.
- Ensured that the table maintains clarity in presenting impact, operational needs, and standard thresholds for multisig operations.
* Standardize formatting for regular reviews in the planning and classification section of Multisig documentation. Ensured consistent presentation to enhance clarity and readability for users.
* Update link in setup and configuration section of Multisig documentation to direct users to the Registration & Documentation page for improved navigation and clarity.
* Update multisig documentation to streamline the update template section by replacing the detailed template with a direct link to the new template location in the Registration & Documentation page, enhancing user navigation and clarity.
* Remove regular reviews section from the planning and classification documentation in the multisig for protocols guide to streamline content and focus on essential classification guidance.
* Clarify standard threshold for Protocol Parameters in the multisig planning and classification documentation by specifying higher thresholds for upgrades (7/9+), enhancing guidance for users on operational assessments.
* Fix punctuation in timelock configuration documentation for multisig protocols to enhance clarity and readability.
* Refactor multisig documentation to consolidate seed phrase security guidance
- Removed the 'Seed Phrase Security' page and integrated its content into the 'Private Key Management' section for improved clarity and accessibility.
- Updated links across various documentation pages to reflect the new structure, ensuring users are directed to the consolidated guidance on seed phrase and private key management.
- Enhanced the overall organization of multisig protocols documentation to streamline user navigation and understanding.
* Update documentation to replace 'Private Key Management' references with 'Seed Phrase Management'
- Renamed all instances of 'Private Key & Seed Phrase Management' to 'Seed Phrase Management' across various documentation pages for consistency and clarity.
- Removed the 'private-key-management.mdx' file as its content has been integrated into the updated structure, streamlining the documentation for wallet security.
- Updated links in the multisig protocols documentation to direct users to the new seed phrase management guidance.
* Enhance multisig documentation by adding steps for publishing verified signatures
- Included additional steps for users to publish verified signatures on Etherscan, improving the clarity of the verification process.
- Emphasized the importance of entering plain text messages and ensuring the signature includes the 0x prefix for successful verification.
* Update multisig documentation to include additional reviewer for clarity
- Added 'pinalikefruit' as a reviewer alongside 'dickson' in multiple documentation pages to enhance the review process and ensure comprehensive oversight.
- This change applies to various sections including administration, backup infrastructure, communication setup, and more, improving the collaborative aspect of documentation maintenance.
* Refactor multisig documentation to update backup infrastructure references
- Removed the 'Backup Infrastructure' section and replaced it with 'Backup Signing & Infrastructure' across multiple documentation pages for clarity and consistency.
- Deleted the outdated 'backup-infrastructure.mdx' and 'signing-when-ui-is-down.mdx' files, consolidating their content into the new structure.
- Updated links and checklist items to reflect the new terminology, ensuring users have access to the most relevant and accurate information regarding backup procedures.
* Refactor multisig documentation to remove 'Ongoing Management' section
- Deleted the 'Ongoing Management' page and integrated its content into the 'Registration & Documentation' section for improved clarity and organization.
- Updated references across multiple documentation pages to reflect this change, ensuring users have access to consolidated management procedures.
- Enhanced the overall structure of the documentation to streamline user navigation and understanding.
* Update multisig documentation to replace 'Timelock Configuration' references with 'Use Case Specific Requirements → Timelock Configuration'
- Removed direct links to the 'Timelock Configuration' page and updated them to point to the relevant section within 'Use Case Specific Requirements' for better context and navigation.
- Enhanced clarity by adding a dedicated 'Timelock Configuration' section within the 'Use Case Specific Requirements' page, providing detailed guidance on its implementation and considerations.
- Updated multiple documentation pages to reflect these changes, ensuring consistency and improved user experience.
* Refactor multisig documentation to streamline overview section
- Removed duplicate 'Registration & Documentation' entry for clarity and conciseness.
- Deleted the 'Backup Signing & Infrastructure' link to simplify the overview and focus on essential topics.
- Updated the structure of the overview section to enhance user navigation and understanding of multisig protocols.
* Update multisig documentation for improved clarity and navigation
- Removed empty 'Overview' entries in the table of contents for 'Multisig Administration' and 'For Signers' sections to enhance readability.
- Updated links in various sections to provide clearer references, such as changing 'Section 2.3' to 'Signer Rotation' and 'Section 2.1' to 'Thresholds & Configuration'.
- Streamlined documentation by ensuring consistent terminology and improving user guidance throughout the multisig protocols.
* Refactor multisig documentation to remove outdated sections and improve navigation
- Deleted the 'Overview' entries from the 'Multisig Administration' and 'For Signers' sections to enhance clarity and streamline the table of contents.
- Removed the 'administration.mdx' and 'for-signers.mdx' files, consolidating their content into more relevant sections for better user guidance.
- Updated the fetched tags to reflect the removal of these sections, ensuring accurate tagging across the documentation.
* Update multisig documentation to include additional contributor and improve clarity
- Added 'dickson' as a contributor to multiple documentation pages to enhance collaborative oversight.
- Updated various sections to reflect this change, ensuring comprehensive contributor representation.
- Made minor adjustments to improve clarity in the text, such as changing "this guide" to "this page" for consistency across documentation.
* Update multisig documentation to standardize terminology and improve clarity
- Replaced instances of "ex." with "eg." for consistency in examples across multiple documentation pages.
- Made minor adjustments to enhance clarity in the text, ensuring a more uniform presentation of information related to multisig protocols.
* Enhance multisig documentation with additional resources and security guidance
- Added a note regarding the maintenance status of local/alternative UIs, emphasizing their use as emergency options.
- Included links to the Safe Android app and its availability on major app stores for user convenience.
- Expanded the section on network explorers by providing a broader list of options for transaction exploration, improving user access to resources.
- Introduced a new guideline recommending the use of a separate browser or profile for signing to enhance security during transaction verification.
* Update multisig documentation to enhance verification processes and remove outdated references
- Introduced new sections for 'Safe Multisig: Step-by-Step Verification' and 'Squads Multisig: Step-by-Step Verification' to provide detailed guidance on transaction verification.
- Updated links throughout the documentation to replace references to the deleted 'Transaction Verification & Signing' page, ensuring users have access to current verification resources.
- Enhanced clarity by adding key definitions related to EVM transaction verification and emphasizing best practices for multisig signing processes.
- Removed outdated content and streamlined references to improve navigation and user experience across the documentation.
* Refactor multisig documentation to remove outdated 'General Rules' references and enhance security guidance
- Deleted the 'General Rules' page and replaced references throughout the documentation with links to 'Secure Multisig Best Practices' for improved clarity and consistency.
- Updated various sections to ensure all links point to the new best practices resource, enhancing user access to current security guidelines.
- Streamlined documentation by removing redundant content and ensuring all references align with the latest security protocols.
* Enhance multisig documentation with updated access options and improved formatting
- Reformatted import statements for consistency and readability.
- Added access options for 'Eternal Safe' and 'Squads Public Client' with GitHub links for user convenience.
- Improved clarity by adjusting formatting in various sections, including the use of italics for emphasis.
- Updated fetched tags to include relevant categories for new documentation sections, ensuring accurate tagging and improved resource organization.
* Update multisig documentation to include development flags for enhanced clarity
- Added 'dev: true' flags to various sections and items in the multisig documentation to indicate development status.
- Updated links for 'Safe Multisig' and 'Squads Multisig' verification processes to reflect their development status.
- Enhanced the 'Multisig for Protocols' section by marking all items as development-related, improving clarity for users regarding the current state of the documentation.
* Enhance multisig documentation with comprehensive signing guidelines and verification processes
- Added detailed signing guidelines emphasizing the use of hardware wallets, secure environments, and communication protocols among signers.
- Expanded sections on transaction verification for both SOL and USDS transfers, including step-by-step instructions and example interpretations of instruction data.
- Improved clarity by restructuring content and adding links to relevant transaction simulation tools and resources.
- Updated the signing process documentation to reinforce best practices and ensure signers are well-informed before executing transactions.
* Refine travel security guidelines in multisig documentation
- Updated the travel considerations section to improve clarity by removing emoji indicators and presenting the information in a straightforward list format.
- Enhanced the organization of what to bring and what not to bring, ensuring users have clear and concise travel security recommendations.
* Enhance multisig documentation with improved image formatting and descriptions
- Centered the image for the Eternal Safe network selection and added a descriptive caption to enhance user understanding.
- Improved visual presentation of the setup instructions for better clarity and engagement.
* remove wallet-security stuff back to develop
* Adding back multisig content in wallet security
* Update seed phrase management documentation with a direct link to EthCC swag for seed splitting guidance
* Update hardware wallet terminology in multisig verification documentation
* Add link to Classification Matrix for threshold selection in multisig best practices
* Remove unnecessary line break in seed phrase management documentation
* Update wallet security documentation to include new sections on Safe Multisig verification and Seed Phrase Management, while removing the Private Key Management link.
* Refactor wallet security documentation by consolidating recommended tools for multisig verification, replacing detailed tool descriptions with a link to the Tools & Resources page.
* Add Lido Safe TX Hashes Calculation tool to wallet security resources
* Update hardware wallet setup references and consolidate documentation for multisig protocols
* Update wallet security documentation to replace hardware wallet setup link with intermediates & medium funds section, enhancing resource organization.
* Remove recommended devices section from intermediates & medium funds documentation to streamline content and focus on initial setup guidelines.
* Add new policies for multisig operations and enhance monitoring requirements
- Introduced new policies for wallet segregation, contract-level access controls, hardware wallet standards, dedicated signing addresses, dedicated signing environments, and signer diversity requirements.
- Enhanced the monitoring and alerts section to include protection against tampering and alerts for configuration changes or unauthorized access.
* Update multisig documentation with new hardware wallet standards and security practices
- Added requirements for hardware wallet procurement and authenticity verification.
- Revised existing policies for hardware wallet capabilities, dedicated signing addresses, and signer device security.
- Introduced new sections on network security, including dedicated signing machines and monitoring tools.
- Enhanced guidelines for wallet segregation and external signer requirements to improve overall security posture.
* Enhance multisig security documentation with new operational guidelines
- Added sections on dedicated signing machines, air-gapped machine options, and advanced OS-level controls for improved security.
- Introduced immutable monitoring channels to ensure tamper-proof alert systems.
- Updated wallet security practices to include brute force protection and enhanced signer composition requirements.
- Revised signing process to mandate verification of transaction data across multiple devices and channels.
* Update contributor information and enhance multisig documentation
- Added new contributor "auditware" to the contributors list across multiple documentation files.
- Updated contributor roles in the multisig security documentation to include "auditware" for improved collaboration and recognition.
* Update multisig operations documentation with seed phrase security enhancements
- Added new section on organizational seed phrase security, detailing disaster, theft, and operator loss resistance.
- Introduced guidelines for seed phrase encryption and advanced backup options, including key splitting and multi-share backups.
- Updated existing content to reflect new standards for seed phrase management in multisig contexts.
* Update docs/pages/certs/sfc-multisig-ops.mdx
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Refactor secure multisig signing process documentation for clarity
- Improved formatting by breaking long sentences into shorter, clearer statements.
- Enhanced readability of the simulation notes section regarding timelocks by adjusting line breaks.
- Ensured consistency in the presentation of critical signing steps and verification processes.
* bold title in tools-&-resources.mdx
* Enhance multisig documentation with critical simulation warnings
- Added a warning about the potential for simulation spoofing across multiple documentation pages, emphasizing the need for critical thinking and good judgment during transaction reviews.
- Ensured consistency in the presentation of simulation notes to improve user awareness of risks associated with transaction simulations.
* Update intermediates & medium funds documentation to enhance security guidelines
- Removed the section on supply chain integrity to streamline content and focus on essential physical security measures for hardware wallets.
- Improved clarity by emphasizing the importance of physical security in asset storage.
* Update seed phrase management documentation to enhance security guidelines
- Reformatted the list of prohibited practices for better clarity and emphasis.
- Added a note to avoid storing seed phrases in password managers, reinforcing security best practices.
- Clarified the importance of using trusted devices and avoiding untrusted sources for seed phrase management.
* Enhance multisig setup and configuration documentation with advanced security warnings
- Added a section on advanced contract-level controls, emphasizing the importance of thorough research, auditing, extensive testing, and understanding risks before implementation.
- Provided guidelines to ensure users are aware of the potential consequences of incorrect configurations or incompatible guards.
* Add hardware wallets section to tools & resources documentation
- Introduced a new section on hardware wallets, highlighting their security benefits and the importance of keeping private keys offline.
- Included a link to a comprehensive review of the top cryptocurrency hardware wallets for 2025, detailing security features and usability recommendations.
* Update docs/pages/wallet-security/seed-phrase-management.mdx
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Update docs/pages/wallet-security/seed-phrase-management.mdx
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Enhance seed phrase management documentation with encryption warnings
- Added a warning about the risks associated with custom encryption schemes, emphasizing the potential for permanent inaccessibility of funds if the method is forgotten.
- Clarified that seed phrases should never be stored in plain text or on internet-connected devices, and provided optional encryption methods for additional protection.
* Clarify encryption considerations for seed phrases in wallet security documentation
- Added a note on the risks of unencrypted seed phrases, highlighting the permanent compromise of wallets if discovered.
- Emphasized the potential for forgetting encryption methods when restoring wallets, while noting the low likelihood of discovery if stored securely.
* Add note on shard storage risks in seed phrase management documentation
- Included a warning about avoiding the storage of shards in primary residences to mitigate risks of targeted attacks such as kidnapping or home invasions.
- Reinforced the importance of using secure locations for shard storage to enhance overall wallet security.
* Refactor wallet security documentation for signing and verification
- Updated links in the wallet security documentation to reflect the new structure under the "Signing and Verification" section.
- Created dedicated pages for "Safe Multisig: Step-by-Step Verification," "Secure Multisig Signing Process," and "Squads Multisig: Step-by-Step Verification" to enhance clarity and accessibility.
- Emphasized the importance of verification processes and best practices for secure signing in multisig transactions.
* Update import paths in wallet security documentation for signing and verification
- Adjusted import statements to reflect the new directory structure for components in multiple documentation files related to multisig signing and verification.
---------
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
* Revert "Revert "Add DevOps & Infrastructure certification and enhance existin…" (#334)
This reverts commit 7ad0306fffeb24081f61721009065a2d1d5ff3e4.
* Making the searchbar indexer not run in local builds (#348)
* Integrating w3os discord guide into frameworks (#321)
* Add security best practices for Discord management and update contributor details
- Enhanced the Discord management documentation with a new summary section outlining key security measures.
- Introduced a comprehensive account security checklist for individuals and team members.
- Updated contributor information to include Auditware, reflecting their role and contributions.
- Streamlined content for clarity and improved organization of security measures and guidelines.
* Update Individual Account Security checklist with correct Discord paths
- Updated all checklist items to use proper User Settings paths
- Added instructions for removing phone number and saving backup codes
- Changed Privacy & Safety to Content & Social paths
- Updated DM filtering to use "Filter all" option
Co-authored-by: NFTDreww
* Remove deprecated Safety Setup options that Discord changed
- Removed Content Filter section (no longer in Discord)
- Removed "CAPTCHA all accounts" option
- Removed Timeout section (moved to different location)
- Removed Permissions section (now part of community setup flow)
- Removed Membership Screening section (separate flow for age-restricted servers)
Co-authored-by: NFTDreww
* Update AutoMod section with correct path and logging recommendation
- Changed path from "Server Settings > AutoMod" to "Server Settings > Safety Setup > AutoMod"
- Removed deprecated "Explicit image filter" line
- Added recommendation to create private channel for AutoMod logs
Co-authored-by: NFTDreww
* Update Server Overview path to Engagement section
- Changed from "Server Settings > Overview" to "Server Settings > Engagement > Default Notification Settings"
- Updated terminology from "Mentions Only" to "Only @mentions"
Co-authored-by: NFTDreww
* Update bot admin guidance and Integration section paths
- Clarified that minimal bots actually need Admin permissions
- Encouraged users to review actual bot permission needs instead of defaulting to Admin
- Updated integration command permissions path to correct location
- Removed non-existent "Allow new integrations" setting
Co-authored-by: NFTDreww
* Update Invites and Privacy Settings sections for current Discord UI
- Removed outdated invite permissions setting from Invites section
- Updated Privacy Settings to use current "Direct Messages" toggle wording
Co-authored-by: NFTDreww
* Update Role Hierarchy permissions table with least-privilege approach
- Removed Manage Channels and Manage Roles from Moderators (too privileged)
- Added appropriate Moderator permissions: View Audit Log, View Server Insights, Kick/Ban/Timeout, messaging, and moderation
- Simplified Members permissions to basic viewing and messaging only
- Removed dangerous permissions like Ban/Kick/Timeout and Manage Messages from Members
Co-authored-by: NFTDreww
* Update Member Screening to prioritize in-channel captcha
- Removed less secure "react to message" suggestion
- Updated Wick bot recommendation to emphasize in-channel captcha verification
Co-authored-by: NFTDreww
* Remove MEE6 references due to previous security incidents
- Removed MEE6 link from Logging Setup section
- Removed MEE6 link from Additional Recommendations section
- MEE6 has had multiple security incidents and is not recommended
Co-authored-by: NFTDreww
* Replace Wick with Hashbot for Anti-Impersonation recommendation
- Updated Anti-Impersonation Bots section to recommend Hashbot instead of Wick Bot
- Added link to hashbot.com
Co-authored-by: NFTDreww
* Remove outdated QR scan option from Cold Admin section
- Removed Security subsection with QR scan options that Discord no longer has
- Discord has removed this setting from Privacy & Safety
Co-authored-by: NFTDreww
* Restore CAPTCHA option with corrected wording for suspected raids
- Added back "CAPTCHA all accounts before they are able to join during a suspected raid" option
- This setting was incorrectly removed; it should be updated, not deleted
Co-authored-by: NFTDreww
* Fix Integration section structure to show correct path scope
- Restructured Integration section to properly group i…
artemisclaw82
force-pushed
the
content/workforce-verification
branch
from
111d872 to
6203ca9
Compare
Sidebar Configuration ReminderDocumentation files update: New in this push:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
artemisclaw82
force-pushed
the
content/workforce-verification
branch
from
6203ca9 to
54a8287
Compare
Contributor
Author
|
Updated — PR now only touches the DPRK mitigation page (1 file, 58 lines added). Device security tiers saved for a follow-up after PR #381 merges (the secure OS file only exists there). |
DicksonWu654
suggested changes
Mar 1, 2026
Collaborator
|
Let's update the name of the PR plz |
DicksonWu654
suggested changes
Mar 2, 2026
Sidebar Configuration ReminderDocumentation files update: New in this push:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
artemisclaw82
changed the title
artemisclaw82
added a commit
to artemisclaw82/frameworks
that referenced
this pull request
Mar 2, 2026
Remove unrelated config index and endpoint overview changes so this PR only includes DPRK mitigation/TTP updates from review feedback.
Collaborator
|
update title and description |
DicksonWu654
suggested changes
Mar 2, 2026
artemisclaw82
changed the title
Collaborator
|
plz undraft now! |
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 4, 2026
Comment on lines
+697
to
+708
| "andrew-chang-gu": { | ||
| "slug": "andrew-chang-gu", | ||
| "name": "Andrew Chang-Gu", | ||
| "avatar": "https://avatars.githubusercontent.com/andrew-chang-gu", | ||
| "github": "", | ||
| "twitter": "", | ||
| "website": "", | ||
| "company": "", | ||
| "job_title": "", | ||
| "role": "contributor", | ||
| "description": "", | ||
| "badges": [] |
Collaborator
There was a problem hiding this comment.
Please revert all the indentation updates regarding the other users + @DicksonWu654 what is the actual github username of Andrew? The user added doesn't seem to exist
Contributor
Author
There was a problem hiding this comment.
Reverted all indentation changes in contributors.json — only the andrew-chang-gu entry is added now, in compact format. Regarding Andrew's username: @DicksonWu654 can you confirm the correct GitHub username?
artemisclaw82
added a commit
to artemisclaw82/frameworks
that referenced
this pull request
Mar 9, 2026
Remove unrelated config index and endpoint overview changes so this PR only includes DPRK mitigation/TTP updates from review feedback.
artemisclaw82
force-pushed
the
content/workforce-verification
branch
from
adb171c to
f7736a8
Compare
Contributor
Author
|
Reverted all indentation changes in contributors.json — only the andrew-chang-gu entry is added now, in compact format matching existing style. @DicksonWu654 — Sara flagged that andrew-chang-gu doesn't exist as a GitHub user. What's Andrew's correct username? |
Contributor
Author
|
Re: Andrew's username — we don't have his GitHub handle confirmed yet. The entry has empty fields for now so it won't break anything. Indentation changes in contributors.json have been fully reverted. |
Collaborator
|
@artemisclaw82 can you resolve current conflicts and address al pending changes? |
…oint security tiers, contributor updates
artemisclaw82
force-pushed
the
content/workforce-verification
branch
from
31ba5d7 to
39b4680
Compare
Sidebar Configuration ReminderDocumentation files update: New in this push:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes:
opsec/endpoint/overview.mdx): Device provisioning tiers (managed devices, VDI, enterprise browsers) for Web3 organizations, with role-based recommendations and comparison table.techniques-tactics-and-procedures.mdx): Added deepfake detection techniques (head turn, random phrase, hand movement, live screen-share) under the 'Am I Interviewing a DPRK IT Worker?' section.mitigating-dprk-it-workers.mdx): Removed contributed role that didn't apply.Authors: @DicksonWu654, @andrew-chang-gu