426e9eeabd
Benchmark Bridge Tests / benchmark (bunx @biomejs/biome check packages/lifeops-bench/src, benchmark-lint) (push) Waiting to run
Benchmark Bridge Tests / benchmark (bunx vitest run --config packages/lifeops-bench/vitest.config.ts --root packages/lifeops-bench --passWithNoTests, benchmark-tests) (push) Waiting to run
Build Agent Image / build-and-push (push) Waiting to run
Chat shell gestures / Chat shell gesture + parity e2e (push) Waiting to run
ci / test (push) Waiting to run
ci / lint-and-format (push) Waiting to run
ci / build (push) Waiting to run
ci / dev-startup (push) Waiting to run
Cloud Gateway Discord / Test (push) Waiting to run
Cloud Gateway Webhook / Test (push) Waiting to run
Cloud Tests / lint-and-types (push) Waiting to run
Cloud Tests / unit-tests (push) Waiting to run
Cloud Tests / integration-tests (push) Waiting to run
Cloud Tests / e2e-tests (push) Blocked by required conditions
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Deploy Apps Worker (Product 2) / Determine environment (push) Waiting to run
Deploy Apps Worker (Product 2) / Deploy apps worker to apps-control host (${{ needs.determine-env.outputs.environment }}) (push) Blocked by required conditions
Deploy Eliza Provisioning Worker / Determine environment (push) Waiting to run
Deploy Eliza Provisioning Worker / Deploy worker to Hetzner host (${{ needs.determine-env.outputs.environment }} @ ${{ needs.determine-env.outputs.deployment_sha }}) (push) Blocked by required conditions
Dev Smoke / Classify changed paths (push) Waiting to run
Dev Smoke / bun run dev onboarding chat (push) Blocked by required conditions
Dev Smoke / Vite HMR dependency-level smoke (push) Blocked by required conditions
Electrobun Submodule Guard / electrobun gitlink is fetchable (push) Waiting to run
gitleaks / gitleaks (push) Waiting to run
Markdown Links / Relative Markdown Links (push) Waiting to run
Publish @elizaos/example-code / check_npm (push) Waiting to run
Publish @elizaos/example-code / publish_npm (push) Blocked by required conditions
Publish @elizaos/plugin-elizacloud / verify_version (push) Waiting to run
Publish @elizaos/plugin-elizacloud / publish_npm (push) Blocked by required conditions
Quality (Extended) / Homepage Build (PR smoke) (push) Waiting to run
Quality (Extended) / Comment-only diff guard (push) Waiting to run
Quality (Extended) / Format + Type Safety Ratchet (push) Waiting to run
Quality (Extended) / Develop Gate (secret scan + UI determinism) (push) Waiting to run
Quality (Extended) / Develop Gate (lint) (push) Waiting to run
Sandbox Live Smoke / Sandbox live smoke (push) Waiting to run
Snap Build & Test / Build Snap (amd64) (push) Waiting to run
Snap Build & Test / Build Snap (arm64) (push) Waiting to run
supply-chain / sbom (push) Waiting to run
supply-chain / vulnerability-scan (push) Waiting to run
Build, Push & Deploy to Phala Cloud / build-and-push (push) Waiting to run
Test Packaging / Validate Packaging Configs (push) Waiting to run
Test Packaging / PyPI on Python ${{ matrix.python }} (push) Waiting to run
Test Packaging / Pack & Test JS Tarballs (push) Waiting to run
Test Packaging / elizaos CLI global-install smoke (node + bun) (push) Waiting to run
UI Fixture E2E / ui-fixture-e2e (push) Waiting to run
UI Fixture E2E / fixture-e2e (push) Waiting to run
UI Story Gate / story-gate (push) Waiting to run
vault-ci / test (macos-latest) (push) Waiting to run
vault-ci / test (ubuntu-latest) (push) Waiting to run
vault-ci / test (windows-latest) (push) Waiting to run
vault-ci / app-core wiring tests (push) Waiting to run
verify-patches / verify patches/CHECKSUMS.sha256 (push) Waiting to run
Voice Benchmark Smoke / voice-emotion fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voiceagentbench fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench-quality unit smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench TypeScript unit (no audio) (push) Waiting to run
Voice Benchmark Smoke / voice bench smoke summary (push) Blocked by required conditions
Windows CI / windows ([bun run --cwd packages/app-core test bun run --cwd packages/elizaos test bun run --cwd packages/cloud/shared test], app-and-cli) (push) Waiting to run
Windows CI / windows ([bun run --cwd packages/scenario-runner test bun run --cwd packages/vault test bun run --cwd packages/security test bun run --cwd plugins/plugin-coding-tools test], framework-packages) (push) Waiting to run
Windows CI / windows ([bun run --cwd plugins/plugin-elizacloud test bun run --cwd plugins/plugin-discord test bun run --cwd plugins/plugin-anthropic test bun run --cwd plugins/plugin-openai test bun run --cwd plugins/plugin-app-control test bun run --cwd plugins/pl… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run build --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/agent --concurrency=4 node packages/scripts/run-bash-linux-only.mjs scripts/verify-riscv64-buildpaths.sh node packages/scripts/run… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run typecheck --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/cloud-shared --concurrency=4 bun run --cwd packages/core test bun run --cwd packages/shared test], core-runtime, 75) (push) Waiting to run
Test Packaging / Build & Test PyPI Package (push) Waiting to run
Voice Workbench / headless workbench (mocked backends) (push) Has been cancelled
Voice Workbench / real acoustic lane (nightly, provisioned only) (push) Has been cancelled
5.5 KiB
5.5 KiB
Mirror. Authoritative copy lives in the outer monorepo at
../docs/security/AUDIT-EVIDENCE-INVENTORY.md. Relative links below (../../POLICIES/...) resolve in the outer monorepo, not inside this submodule.
Audit Evidence Inventory
What an auditor will request, who owns it, where it lives, and how it is produced.
Conventions
- Owner is a role, not a person.
- Location points to a system, repo path, or dashboard.
- Cadence is how often the evidence is refreshed.
Inventory
Policies & governance
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| Master Info Sec Policy | Security Lead | POLICIES/01-information-security.md (POLICIES/01-information-security.md) |
Annual review |
| All numbered policies | Security Lead | POLICIES/ (POLICIES/) |
Annual review |
| Signed policy acknowledgments | People Ops | HR system | Per hire + annual |
| Org chart | People Ops | HR system | On change |
| Board / leadership security minutes | Security Lead | Internal drive | Quarterly |
Risk
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| Risk register snapshot | Security Lead | GRC tool or docs/security/risk-register.md |
Quarterly |
| Vendor register + SOC2 / DPA on file | Security Lead | GRC tool / drive | Annual per vendor |
| Subprocessor list (public) | Security Lead + Legal | Public URL | On change |
| Penetration-test report | Security Lead | Drive | Annual |
Access
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| IdP audit log | IT | Google/Okta | Continuous |
| Quarterly access-review artifact | Security Lead | GRC tool / drive | Quarterly |
| GitHub branch-protection settings | Engineering Lead | GH org config | Continuous |
| CODEOWNERS file | Engineering Lead | Repo | Versioned |
| Prod-access role bindings | Engineering Lead | IaC | Versioned |
| Onboarding / offboarding tickets | IT / People Ops | Ticket system | Per event |
| Token rotation records | Engineering Lead | Audit events + ticket system | Per event |
Change management
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| PR + CI history | Engineering Lead | GitHub | Continuous |
| Quarterly SDLC audit (10-PR sample) | Security Lead | Drive | Quarterly |
| Container signatures (Cosign) | Engineering Lead | Rekor transparency log | Per release |
| SBOM artifacts | Engineering Lead | CI artifacts | Per build |
Data security
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| Encryption-at-rest config | Engineering Lead | IaC + provider console | Versioned |
| KMS audit log (Steward) | Security Lead | Steward / observability | Continuous |
| Key rotation event sample | Security Lead | Audit events | Per rotation |
| DEK-destroy events (DSR / retention) | Security Lead | Audit events | Per event |
| TLS configuration scan | Engineering Lead | SSLLabs / internal scan | Quarterly |
Logging & monitoring
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| OTel Collector config | Engineering Lead | deploy/observability/otel-collector-config.yaml |
Versioned |
audit_events sample |
Security Lead | Cloud DB | On request |
| Alert rule files | Security Lead | deploy/observability/prometheus/alerts/security.yml |
Versioned |
| Alert-fire history | Security Lead | Alertmanager | Continuous |
| Log retention configuration | Engineering Lead | Loki config | Versioned |
| Dashboards | Security Lead | Grafana | Versioned (JSON) |
Vulnerability management
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| CI dependency-audit output | Engineering Lead | CI logs | Per PR |
| Trivy scan output | Engineering Lead | CI logs | Per image |
| CodeQL / Semgrep results | Engineering Lead | CI logs | Per PR |
| Secret-scan results | Engineering Lead | CI logs | Per PR |
| Open-vuln backlog | Security Lead | Issue tracker | Continuous |
| Disclosure-program report | Security Lead | Drive | Quarterly |
Incident response
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| On-call schedule | Engineering Lead | PagerDuty / Opsgenie | Continuous |
| Incident log per incident | IC | Drive / ticket | Per incident |
| Annual tabletop exercise record | Security Lead | Drive | Annual |
| Status-page history | Comms | Status-page provider | Per incident |
Continuity / DR
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| Backup-job success metric | Engineering Lead | Prometheus | Continuous |
| Quarterly restore-test report | Security Lead | Drive | Quarterly |
| Annual DR test report | Security Lead | Drive | Annual |
| Capacity planning notes | Engineering Lead | Drive | Monthly |
Privacy / DSR
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
| DSR ticket queue | Security Lead | Ticket system | Continuous |
| DSR fulfillment records (incl. erasure audit events) | Security Lead | Audit events + ticket | Per request |
| Consent records (AI/ML training opt-in) | Security Lead | Cloud DB | Continuous |
Eliza-specific
| Evidence | Owner | Location | Cadence |
|---|---|---|---|
model_lineage.json per released model |
Training engineer | Model registry | Per release |
| Cosign signatures on model artifacts | Training engineer | Rekor | Per release |
| Red-team evaluation report per model | Security Lead | Drive | Per release |
| Plugin manifest signatures | Engineering Lead | Registry | Per publish |
| Plugin revocation list | Security Lead | Public repo | On change |
| Connector token-store schema | Engineering Lead | Cloud-api schema | Versioned |
| Sub-agent (coding-agent) spawn telemetry | Engineering Lead | OTel | Continuous |