From 31a6403d7912f3406bea2d73d5b5dc5507fd2eb9 Mon Sep 17 00:00:00 2001 From: Pulkit Pareek Date: Fri, 15 May 2026 16:59:04 +0530 Subject: [PATCH] =?UTF-8?q?chore:=20rename=20pulkitpareek18/ZeroAuth=20?= =?UTF-8?q?=E2=86=92=20zeroauth-dev/ZeroAuth=20in=20docs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ZeroAuth + ZeroAuth-Governance both transferred to the new zeroauth-dev GitHub organization. This commit refreshes hard-coded references across governance docs, threat-model docs, compliance mappings, and the evidence-pack manifest sources so the audit trail points to the canonical org going forward. No content changes — only string replacements. Co-Authored-By: Claude Opus 4.7 (1M context) --- CLAUDE.md | 12 ++++++------ README.md | 4 ++-- adr-index/ALL.md | 8 ++++---- docs/compliance/irdai-mapping.md | 2 +- docs/shared/coding-standards.md | 4 ++-- docs/shared/incident-response.md | 2 +- docs/shared/naming-conventions.md | 14 +++++++------- docs/shared/security-policy.md | 12 ++++++------ docs/threat-model/api.md | 4 ++-- docs/threat-model/canonical.md | 8 ++++---- docs/threat-model/dashboard.md | 2 +- docs/threat-model/verifier.md | 10 +++++----- evidence-pack-sources/CHECKSUMS.md | 8 ++++---- evidence-pack-sources/RELEASES.md | 2 +- package.json | 2 +- release-coordination/changelogs/pre-release-1.md | 10 +++++----- 16 files changed, 52 insertions(+), 52 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 05db6e5..12a23a3 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -25,10 +25,10 @@ It does not contain product code. It is documentation, policy, and cross-cutting | Repo | URL | What links here | |---|---|---| -| `pulkitpareek18/ZeroAuth` | | Its `CLAUDE.md`, `docs/threat_model.md`, `adr/` (all link to the canonical versions here) | -| `pulkitpareek18/ZeroAuth-Verifier` | (planned, Week 2 — B02) | Its CLAUDE.md will link here | -| `pulkitpareek18/ZeroAuth-IoT` | (planned, Week 3 — B03) | — | -| `pulkitpareek18/ZeroAuth-Mobile-SDK` | (planned, Week 5 — B04) | — | +| `zeroauth-dev/ZeroAuth` | | Its `CLAUDE.md`, `docs/threat_model.md`, `adr/` (all link to the canonical versions here) | +| `zeroauth-dev/ZeroAuth-Verifier` | (planned, Week 2 — B02) | Its CLAUDE.md will link here | +| `zeroauth-dev/ZeroAuth-IoT` | (planned, Week 3 — B03) | — | +| `zeroauth-dev/ZeroAuth-Mobile-SDK` | (planned, Week 5 — B04) | — | ## What this repo contains @@ -75,7 +75,7 @@ It does not contain product code. It is documentation, policy, and cross-cutting ## Conventions - **Format**: markdown only -- **Cross-references**: relative paths to other files in this repo; for cross-repo references, name the repo and the path: `pulkitpareek18/ZeroAuth: /docs/api_contract.md` +- **Cross-references**: relative paths to other files in this repo; for cross-repo references, name the repo and the path: `zeroauth-dev/ZeroAuth: /docs/api_contract.md` - **Versioning**: every shared policy doc has a `LAST_UPDATED` field at the bottom; `RELEASES.md` records which version of each shared doc was in force at each evidence-pack publication - **Reviews**: changes to anything in `/docs/shared/` require two reviewers (Pulkit + Amit). External DPO counsel review is required for DPDP-touching files **once counsel is engaged** — until then, the founders sign off jointly and the file carries a `PROVISIONAL` banner. Enforced via `CODEOWNERS` @@ -89,7 +89,7 @@ It does not contain product code. It is documentation, policy, and cross-cutting 4. **Use the `adr-writer` skill** for any new shared-policy ADR. -5. **Use the `compliance-mapper` subagent** when adding or modifying any compliance mapping. (Skill not yet installed — see ADR-0004 in `pulkitpareek18/ZeroAuth`.) +5. **Use the `compliance-mapper` subagent** when adding or modifying any compliance mapping. (Skill not yet installed — see ADR-0004 in `zeroauth-dev/ZeroAuth`.) 6. **Use the `threat-model-update` skill** when modifying the canonical threat model. diff --git a/README.md b/README.md index e05001a..628a598 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ The cross-repo source of truth for ZeroAuth security policy, compliance mappings, the canonical threat model, ADR index, release coordination, and evidence-pack sources. -**This repo does not contain product code.** Product code lives in [`pulkitpareek18/ZeroAuth`](https://github.com/pulkitpareek18/ZeroAuth) (and future sibling repos for the verifier, IoT firmware, and mobile SDK). +**This repo does not contain product code.** Product code lives in [`zeroauth-dev/ZeroAuth`](https://github.com/zeroauth-dev/ZeroAuth) (and future sibling repos for the verifier, IoT firmware, and mobile SDK). ## What's in here @@ -35,4 +35,4 @@ CI runs both gates on every PR; merge blocks if either fails. ## License -This documentation is licensed under [Creative Commons Attribution 4.0 International (CC-BY-4.0)](LICENSE). Reuse it, fork it, audit it — credit ZeroAuth (pulkitpareek18/ZeroAuth). +This documentation is licensed under [Creative Commons Attribution 4.0 International (CC-BY-4.0)](LICENSE). Reuse it, fork it, audit it — credit ZeroAuth (zeroauth-dev/ZeroAuth). diff --git a/adr-index/ALL.md b/adr-index/ALL.md index a1e5b7f..8e41c11 100644 --- a/adr-index/ALL.md +++ b/adr-index/ALL.md @@ -13,10 +13,10 @@ This is the cross-repo index of every Architecture Decision Record. Each entry l | # | Title | Status | Repo | Path | Date | |---|---|---|---|---|---| -| 0001 | CLAUDE.md as the project constitution + prompt-suite engineering discipline | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0001-prompt-suite-engineering-discipline.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0001-prompt-suite-engineering-discipline.md) | 2026-05-12 | -| 0002 | Dashboard stack — Vite, not Next.js | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0002-dashboard-stack-vite-not-nextjs.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0002-dashboard-stack-vite-not-nextjs.md) | 2026-05-12 | -| 0003 | Adopt Playwright for dashboard E2E | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0003-adopt-playwright-for-e2e.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0003-adopt-playwright-for-e2e.md) | 2026-05-12 | -| 0004 | Governance lives in a separate repo (B06 — split from API repo) | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0004-governance-in-separate-repo.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0004-governance-in-separate-repo.md) | 2026-05-13 | +| 0001 | CLAUDE.md as the project constitution + prompt-suite engineering discipline | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0001-prompt-suite-engineering-discipline.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0001-prompt-suite-engineering-discipline.md) | 2026-05-12 | +| 0002 | Dashboard stack — Vite, not Next.js | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0002-dashboard-stack-vite-not-nextjs.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0002-dashboard-stack-vite-not-nextjs.md) | 2026-05-12 | +| 0003 | Adopt Playwright for dashboard E2E | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0003-adopt-playwright-for-e2e.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0003-adopt-playwright-for-e2e.md) | 2026-05-12 | +| 0004 | Governance lives in a separate repo (B06 — split from API repo) | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0004-governance-in-separate-repo.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0004-governance-in-separate-repo.md) | 2026-05-13 | ## Status legend diff --git a/docs/compliance/irdai-mapping.md b/docs/compliance/irdai-mapping.md index 577e632..0907209 100644 --- a/docs/compliance/irdai-mapping.md +++ b/docs/compliance/irdai-mapping.md @@ -20,7 +20,7 @@ IRDAI's outsourcing framework requires the insurer (the tenant) to ensure their | Incident response | Documented runbook, drilled, regulator notification within 6 hours of confirmation | See [`../shared/incident-response.md`](../shared/incident-response.md). | **Implemented — drill pending** | | Business continuity | Backup, recovery, DR plan | Postgres + Redis in Docker; daily backups to (TODO: off-host destination). DR: rebuild from CI artifacts + DB restore. RTO 4h, RPO 24h. | **Partial — off-host backup pending** | | Third-party risk management | Vendor due diligence on every dep | DP6 (every dep is an ADR) enforced via `dep-add` skill. `scripts/check-dep-trail.sh` audits the lockfile against `/adr/`. | **Implemented** | -| Vulnerability management | Periodic scanning, timely patching | Dependabot enabled on `pulkitpareek18/ZeroAuth`. DW03 (weekly dep drift watcher) planned. | **Partial — DW03 pending** | +| Vulnerability management | Periodic scanning, timely patching | Dependabot enabled on `zeroauth-dev/ZeroAuth`. DW03 (weekly dep drift watcher) planned. | **Partial — DW03 pending** | | Cyber drill | Periodic | Drill cadence in breach-notification.md §9 (semi-annual). First drill: 2026-08. | **Pending — first drill 2026-08** | | Vendor exit clause | Customer data returnable on contract end | Tenant can `GET /v1/audit?export=full` at any time. Account closure procedure: TODO. | **Partial** | diff --git a/docs/shared/coding-standards.md b/docs/shared/coding-standards.md index 0333409..72a8b53 100644 --- a/docs/shared/coding-standards.md +++ b/docs/shared/coding-standards.md @@ -22,7 +22,7 @@ This file is the shared style baseline. Per-repo `CLAUDE.md` files may extend, n ## §3. Error handling - API handlers return `{ error: '', message: '' }` with appropriate HTTP status. -- The machine codes are enumerated in [`pulkitpareek18/ZeroAuth: docs/error_codes.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/docs/error_codes.md). New error codes get added there before being thrown. +- The machine codes are enumerated in [`zeroauth-dev/ZeroAuth: docs/error_codes.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/docs/error_codes.md). New error codes get added there before being thrown. - Stack traces never leak to API responses. Winston JSON log captures them server-side only. - Never swallow errors silently. `catch (e) { /* nothing */ }` is a CI failure (lint rule). @@ -66,7 +66,7 @@ This file is the shared style baseline. Per-repo `CLAUDE.md` files may extend, n ## §10. Dependencies -Adding any direct dependency requires an ADR. Use the `dep-add` skill ([`pulkitpareek18/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md)). No exceptions. +Adding any direct dependency requires an ADR. Use the `dep-add` skill ([`zeroauth-dev/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md)). No exceptions. ## §11. What we DO NOT do diff --git a/docs/shared/incident-response.md b/docs/shared/incident-response.md index d71456c..d711fb4 100644 --- a/docs/shared/incident-response.md +++ b/docs/shared/incident-response.md @@ -1,7 +1,7 @@ # ZeroAuth Incident Response Runbook > **Last reviewed by:** Pulkit Pareek (technical), Amit Dua (governance) on 2026-05-13 -> **Status:** v1 — runbook is operational but **PROVISIONAL** at steps 6 (customer notification), 7 (regulator notification), 8 (postmortem disclosure) until external DPO counsel is engaged. Engagement target: before first pilot SOW signing (~2026-07-01). See ADR-0005 (open) in `pulkitpareek18/ZeroAuth`. +> **Status:** v1 — runbook is operational but **PROVISIONAL** at steps 6 (customer notification), 7 (regulator notification), 8 (postmortem disclosure) until external DPO counsel is engaged. Engagement target: before first pilot SOW signing (~2026-07-01). See ADR-0005 (open) in `zeroauth-dev/ZeroAuth`. > > **Operating without counsel for an actual SEV-1 today is feasible but risky.** Specifically: no attorney-client privilege on the incident channel, no specialist who has run a DPBI submission before, no relationship to call at 2am. The founders accept this risk during the interim and treat counsel engagement as a hard blocker on first pilot SOW. diff --git a/docs/shared/naming-conventions.md b/docs/shared/naming-conventions.md index a15417f..bff6ea4 100644 --- a/docs/shared/naming-conventions.md +++ b/docs/shared/naming-conventions.md @@ -7,13 +7,13 @@ | Service | Repo name | Internal name | Hostname | |---|---|---|---| -| Central API | `pulkitpareek18/ZeroAuth` | `zeroauth-api` | `api.zeroauth.dev` (planned; today: `zeroauth.dev/v1/*`) | -| Verifier | `pulkitpareek18/ZeroAuth-Verifier` (planned) | `zeroauth-verifier` | internal-only, behind API | -| IoT firmware | `pulkitpareek18/ZeroAuth-IoT` (planned) | `zeroauth-iot` | (runs on Orange Pi devices) | -| Mobile SDK | `pulkitpareek18/ZeroAuth-Mobile-SDK` (planned) | `zeroauth-sdk` | n/a (library) | -| Dashboard | currently inside `pulkitpareek18/ZeroAuth: dashboard/` | `zeroauth-dashboard` | `zeroauth.dev/dashboard/` | -| Docs site | inside `pulkitpareek18/ZeroAuth: website/` | `zeroauth-docs` | `zeroauth.dev/docs/` | -| Governance | `pulkitpareek18/ZeroAuth-Governance` *(this repo)* | `zeroauth-governance` | n/a (docs only) | +| Central API | `zeroauth-dev/ZeroAuth` | `zeroauth-api` | `api.zeroauth.dev` (planned; today: `zeroauth.dev/v1/*`) | +| Verifier | `zeroauth-dev/ZeroAuth-Verifier` (planned) | `zeroauth-verifier` | internal-only, behind API | +| IoT firmware | `zeroauth-dev/ZeroAuth-IoT` (planned) | `zeroauth-iot` | (runs on Orange Pi devices) | +| Mobile SDK | `zeroauth-dev/ZeroAuth-Mobile-SDK` (planned) | `zeroauth-sdk` | n/a (library) | +| Dashboard | currently inside `zeroauth-dev/ZeroAuth: dashboard/` | `zeroauth-dashboard` | `zeroauth.dev/dashboard/` | +| Docs site | inside `zeroauth-dev/ZeroAuth: website/` | `zeroauth-docs` | `zeroauth.dev/docs/` | +| Governance | `zeroauth-dev/ZeroAuth-Governance` *(this repo)* | `zeroauth-governance` | n/a (docs only) | ## Environment variables diff --git a/docs/shared/security-policy.md b/docs/shared/security-policy.md index f10b69f..aaf78f2 100644 --- a/docs/shared/security-policy.md +++ b/docs/shared/security-policy.md @@ -1,13 +1,13 @@ # ZeroAuth Shared Security Policy > **Last reviewed by:** Pulkit Pareek (technical), Amit Dua (governance) on 2026-05-13 -> **Status:** v1 — initial draft. Sections §3 (cryptographic primitives) breach windows, §5 (data residency), §6 (audit logging), and §7 (vulnerability disclosure) are marked **PROVISIONAL** pending external DPO counsel engagement (see ADR-0005 in `pulkitpareek18/ZeroAuth` — engagement target before first pilot SOW signing, ~2026-07-01). Until counsel is engaged, the DPO function is filled jointly by Pulkit + Amit; risks of operating without privileged communications are accepted by the founders. +> **Status:** v1 — initial draft. Sections §3 (cryptographic primitives) breach windows, §5 (data residency), §6 (audit logging), and §7 (vulnerability disclosure) are marked **PROVISIONAL** pending external DPO counsel engagement (see ADR-0005 in `zeroauth-dev/ZeroAuth` — engagement target before first pilot SOW signing, ~2026-07-01). Until counsel is engaged, the DPO function is filled jointly by Pulkit + Amit; risks of operating without privileged communications are accepted by the founders. This is the security policy every ZeroAuth repo agrees to. Every product repo's `CLAUDE.md` MUST link to this file. When a product repo's local policy contradicts this file, this file wins; the product repo updates. ## §1. Scope -This policy applies to every ZeroAuth artifact: the central API (`pulkitpareek18/ZeroAuth`), the verifier service (planned), the IoT terminal firmware (planned), the mobile SDK (planned), the dashboard (currently in API repo), the Solidity contracts (`contracts/`), the Circom circuit (`circuits/`), and the docs site. +This policy applies to every ZeroAuth artifact: the central API (`zeroauth-dev/ZeroAuth`), the verifier service (planned), the IoT terminal firmware (planned), the mobile SDK (planned), the dashboard (currently in API repo), the Solidity contracts (`contracts/`), the Circom circuit (`circuits/`), and the docs site. It does NOT apply to: @@ -34,7 +34,7 @@ It does NOT apply to: ## §4. Tenant isolation -1. Every query that returns customer data MUST be scoped by `(tenant_id, environment)` in the WHERE clause. Enforced in middleware (`src/middleware/tenant-auth.ts` in `pulkitpareek18/ZeroAuth`), not in handlers. +1. Every query that returns customer data MUST be scoped by `(tenant_id, environment)` in the WHERE clause. Enforced in middleware (`src/middleware/tenant-auth.ts` in `zeroauth-dev/ZeroAuth`), not in handlers. 2. No admin endpoint reveals data from more than one tenant in a single response. 3. Cross-tenant access requires explicit ADR + customer consent on file + 30-day audit-log review. @@ -57,7 +57,7 @@ Reports go to `security@zeroauth.dev`. Response within 72 hours. Coordinated dis ## §8. Dependencies -Every new dependency is an ADR. Process is in [`pulkitpareek18/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md). No exceptions; the supply-chain risk is too high. +Every new dependency is an ADR. Process is in [`zeroauth-dev/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md). No exceptions; the supply-chain risk is too high. ## §9. Network ingress @@ -68,8 +68,8 @@ Every new dependency is an ADR. Process is in [`pulkitpareek18/ZeroAuth: .claude ## §10. Code review 1. Every PR runs `lint + typecheck + test` in CI. -2. PRs touching auth, crypto, audit, tenant boundaries, key handling, or network ingress MUST run the [`security-reviewer` subagent](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/agents/security-reviewer.md). Don't ask — just invoke. -3. PRs touching `circuits/`, `contracts/`, `src/services/zkp.ts`, `src/services/identity.ts`, or anywhere a hash/commitment scheme is introduced MUST run the [`cryptographer-reviewer` subagent](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/agents/cryptographer-reviewer.md). +2. PRs touching auth, crypto, audit, tenant boundaries, key handling, or network ingress MUST run the [`security-reviewer` subagent](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/agents/security-reviewer.md). Don't ask — just invoke. +3. PRs touching `circuits/`, `contracts/`, `src/services/zkp.ts`, `src/services/identity.ts`, or anywhere a hash/commitment scheme is introduced MUST run the [`cryptographer-reviewer` subagent](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/agents/cryptographer-reviewer.md). ## §11. Language we forbid in writing diff --git a/docs/threat-model/api.md b/docs/threat-model/api.md index b4d8e29..3a28999 100644 --- a/docs/threat-model/api.md +++ b/docs/threat-model/api.md @@ -1,4 +1,4 @@ -# Threat model — API component (`pulkitpareek18/ZeroAuth`) +# Threat model — API component (`zeroauth-dev/ZeroAuth`) > Extends [`canonical.md`](canonical.md). When this file and the canonical disagree, the canonical wins; update this file. > **Last reviewed by:** Pulkit Pareek on 2026-05-13 @@ -7,7 +7,7 @@ Most attacks in the canonical apply primarily to this component (the API is the ## A-01 — Cross-tenant data read -**Mitigation in this repo:** `src/middleware/tenant-auth.ts` resolves the tenant from the API key on every request and sets `(req as any).tenantContext = { tenantId, environment }`. Every service-layer function in `src/services/platform.ts` takes those as parameters and embeds them in the SQL WHERE. Express middleware augmentation is planned (see [`pulkitpareek18/ZeroAuth: CLAUDE.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/CLAUDE.md) — "until we ship Express module augmentation"). +**Mitigation in this repo:** `src/middleware/tenant-auth.ts` resolves the tenant from the API key on every request and sets `(req as any).tenantContext = { tenantId, environment }`. Every service-layer function in `src/services/platform.ts` takes those as parameters and embeds them in the SQL WHERE. Express middleware augmentation is planned (see [`zeroauth-dev/ZeroAuth: CLAUDE.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/CLAUDE.md) — "until we ship Express module augmentation"). **Test coverage:** `tests/central-api.test.ts` exercises the scoping at the router layer. diff --git a/docs/threat-model/canonical.md b/docs/threat-model/canonical.md index cbf046c..462227b 100644 --- a/docs/threat-model/canonical.md +++ b/docs/threat-model/canonical.md @@ -1,7 +1,7 @@ # ZeroAuth Canonical Threat Model > **Last reviewed by:** Pulkit Pareek on 2026-05-13 -> **Status:** v1 — synced from `pulkitpareek18/ZeroAuth: docs/threat_model.md` v0 (2026-05-12). Component-specific extensions live in sibling files (`api.md`, `verifier.md`, `iot.md`, `sdk.md`, `dashboard.md`). +> **Status:** v1 — synced from `zeroauth-dev/ZeroAuth: docs/threat_model.md` v0 (2026-05-12). Component-specific extensions live in sibling files (`api.md`, `verifier.md`, `iot.md`, `sdk.md`, `dashboard.md`). This is the **cross-repo source of truth** for ZeroAuth's threat model. Every product repo's component-scoped threat model extends this file. When the canonical and a component file disagree, the canonical wins; the component file updates. @@ -90,7 +90,7 @@ For each attack: `Class` is STRIDE classification. `Component(s)` names which co | | | |---|---| | Class | Elevation of privilege (E) | -| Component(s) | Contracts (in `pulkitpareek18/ZeroAuth: contracts/`) | +| Component(s) | Contracts (in `zeroauth-dev/ZeroAuth: contracts/`) | | Description | Wallet that deployed `DIDRegistry` is contract `owner`; key leak = full registry control. | | Mitigation summary | Key in `/opt/zeroauth/.env` only. Rotated once post-review. `npm run wallet:rotate` available. **Long-term:** multisig owner. | | Residual risk | Medium — single-key wallet is acceptable while patent value > stolen identity value, but only until multisig lands. | @@ -127,7 +127,7 @@ For each attack: `Class` is STRIDE classification. `Component(s)` names which co ## Verifier-component attacks (A-V-NN) -Promoted 2026-05-15 alongside the [`verifier.md`](verifier.md) component file, which holds the per-attack mitigation detail. The verifier shipped to production today as a separate Docker container (`zeroauth-verifier`) per [ADR-0006](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0006-verifier-typescript-not-rust.md). See [verifier.md](verifier.md) for full STRIDE classification, mitigation depth, test status, and residual risk. +Promoted 2026-05-15 alongside the [`verifier.md`](verifier.md) component file, which holds the per-attack mitigation detail. The verifier shipped to production today as a separate Docker container (`zeroauth-verifier`) per [ADR-0006](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0006-verifier-typescript-not-rust.md). See [verifier.md](verifier.md) for full STRIDE classification, mitigation depth, test status, and residual risk. | ID | Title | Class | Residual | |---|---|---|---| @@ -154,7 +154,7 @@ Promoted 2026-05-15 alongside the [`verifier.md`](verifier.md) component file, w ## Sync with product repos -- `pulkitpareek18/ZeroAuth: docs/threat_model.md` — currently the most-current copy; this canonical was synced from it on 2026-05-13. Going forward, the canonical here is authoritative and the product repo links to it. +- `zeroauth-dev/ZeroAuth: docs/threat_model.md` — currently the most-current copy; this canonical was synced from it on 2026-05-13. Going forward, the canonical here is authoritative and the product repo links to it. --- diff --git a/docs/threat-model/dashboard.md b/docs/threat-model/dashboard.md index 314938a..9a2dd7f 100644 --- a/docs/threat-model/dashboard.md +++ b/docs/threat-model/dashboard.md @@ -1,4 +1,4 @@ -# Threat model — Dashboard (currently inside `pulkitpareek18/ZeroAuth: dashboard/`) +# Threat model — Dashboard (currently inside `zeroauth-dev/ZeroAuth: dashboard/`) > Extends [`canonical.md`](canonical.md). > **Status:** v1. The dashboard exists today, served by Express at `/dashboard/*`. This file holds the dashboard-specific mitigation detail referenced from the canonical. diff --git a/docs/threat-model/verifier.md b/docs/threat-model/verifier.md index 7391137..76605e0 100644 --- a/docs/threat-model/verifier.md +++ b/docs/threat-model/verifier.md @@ -1,7 +1,7 @@ # Threat model — Verifier service (`@zeroauth/verifier`) > Extends [`canonical.md`](canonical.md). -> **Status:** v1 — promoted from stub on 2026-05-15 after the verifier service was wired into production via PRs [#35](https://github.com/pulkitpareek18/ZeroAuth/pull/35) (deploy), [#36](https://github.com/pulkitpareek18/ZeroAuth/pull/36) (healthcheck hotfix), [#37](https://github.com/pulkitpareek18/ZeroAuth/pull/37) (SQLite audit log + hash chain). Implementation language: TypeScript on `snarkjs` per [ADR-0006](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0006-verifier-typescript-not-rust.md) in the API repo. +> **Status:** v1 — promoted from stub on 2026-05-15 after the verifier service was wired into production via PRs [#35](https://github.com/zeroauth-dev/ZeroAuth/pull/35) (deploy), [#36](https://github.com/zeroauth-dev/ZeroAuth/pull/36) (healthcheck hotfix), [#37](https://github.com/zeroauth-dev/ZeroAuth/pull/37) (SQLite audit log + hash chain). Implementation language: TypeScript on `snarkjs` per [ADR-0006](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0006-verifier-typescript-not-rust.md) in the API repo. ## Component description @@ -103,10 +103,10 @@ Persistent state: ## Pairs with -- API-repo's [`src/services/zkp.ts`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/src/services/zkp.ts) — the HTTP client that calls into this verifier. -- API-repo's [`verifier/`](https://github.com/pulkitpareek18/ZeroAuth/tree/main/verifier) workspace — the verifier source. -- [ADR-0006](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0006-verifier-typescript-not-rust.md) — language + architecture decision. -- [Verifier design doc](https://github.com/pulkitpareek18/ZeroAuth/blob/main/docs/design/verifier-service-split.md) — full migration plan. +- API-repo's [`src/services/zkp.ts`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/src/services/zkp.ts) — the HTTP client that calls into this verifier. +- API-repo's [`verifier/`](https://github.com/zeroauth-dev/ZeroAuth/tree/main/verifier) workspace — the verifier source. +- [ADR-0006](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0006-verifier-typescript-not-rust.md) — language + architecture decision. +- [Verifier design doc](https://github.com/zeroauth-dev/ZeroAuth/blob/main/docs/design/verifier-service-split.md) — full migration plan. - [`canonical.md`](canonical.md) — cross-repo threat model. A-02 (replayed proof verification) primary mitigation lives in the verifier today. - [`api.md`](api.md) — the API-side component threat model. A-02's API-side responsibility (timestamp window + nonce format) stays there. diff --git a/evidence-pack-sources/CHECKSUMS.md b/evidence-pack-sources/CHECKSUMS.md index 9743d08..7be38d0 100644 --- a/evidence-pack-sources/CHECKSUMS.md +++ b/evidence-pack-sources/CHECKSUMS.md @@ -53,10 +53,10 @@ CI runs `npm run check-checksums` and fails the build if any tracked file's actu These live in product repos; their hashes are tracked in the product repo's own evidence-pack manifest: -- `pulkitpareek18/ZeroAuth: docs/api_contract.md` -- `pulkitpareek18/ZeroAuth: docs/error_codes.md` -- `pulkitpareek18/ZeroAuth: docs/threat_model.md` (will be deprecated in favor of `canonical.md` here) -- `pulkitpareek18/ZeroAuth: adr/*.md` +- `zeroauth-dev/ZeroAuth: docs/api_contract.md` +- `zeroauth-dev/ZeroAuth: docs/error_codes.md` +- `zeroauth-dev/ZeroAuth: docs/threat_model.md` (will be deprecated in favor of `canonical.md` here) +- `zeroauth-dev/ZeroAuth: adr/*.md` --- diff --git a/evidence-pack-sources/RELEASES.md b/evidence-pack-sources/RELEASES.md index 101e989..e7ce220 100644 --- a/evidence-pack-sources/RELEASES.md +++ b/evidence-pack-sources/RELEASES.md @@ -35,7 +35,7 @@ Manifest for vYYYY-MM-DD.N: - docs/threat-model/canonical.md @ - docs/compliance/dpdp-mapping.md @ - (any others per buyer's request — IRDAI for an insurer, RBI for a bank) -- pulkitpareek18/ZeroAuth @ (API contract + ADRs + threat model) +- zeroauth-dev/ZeroAuth @ (API contract + ADRs + threat model) ``` --- diff --git a/package.json b/package.json index 28268a1..b1c37aa 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "license": "CC-BY-4.0", "repository": { "type": "git", - "url": "https://github.com/pulkitpareek18/ZeroAuth-Governance.git" + "url": "https://github.com/zeroauth-dev/ZeroAuth-Governance.git" }, "scripts": { "lint": "markdownlint-cli2 \"**/*.md\" \"#node_modules\" \"#.github\"", diff --git a/release-coordination/changelogs/pre-release-1.md b/release-coordination/changelogs/pre-release-1.md index c963861..94b2896 100644 --- a/release-coordination/changelogs/pre-release-1.md +++ b/release-coordination/changelogs/pre-release-1.md @@ -1,7 +1,7 @@ # Changelog — pre-release-1 **Date:** 2026-05-12 -**Components:** API (`pulkitpareek18/ZeroAuth` @ `0d1741d`), Dashboard (bundled in API), Governance (`pre-release-1`) +**Components:** API (`zeroauth-dev/ZeroAuth` @ `0d1741d`), Dashboard (bundled in API), Governance (`pre-release-1`) ## Summary @@ -24,7 +24,7 @@ First production deploy. Central API live at `https://zeroauth.dev/v1/*`. Dashbo ## Governance -- First version of this repo (`pulkitpareek18/ZeroAuth-Governance`) published +- First version of this repo (`zeroauth-dev/ZeroAuth-Governance`) published - Shared docs: security-policy, coding-standards, naming-conventions, incident-response, breach-notification (DPDP §8(7)) - Canonical threat model with A-01 through A-10 - Compliance mappings: DPDP, IRDAI, RBI, MeitY @@ -44,9 +44,9 @@ First production deploy. Central API live at `https://zeroauth.dev/v1/*`. Dashbo ## Cooperating PRs -- `pulkitpareek18/ZeroAuth` #22 (Central API console — Day 1 deliverable) -- `pulkitpareek18/ZeroAuth` #24 (Dashboard @types/node hotfix) -- `pulkitpareek18/ZeroAuth` #25 (Marketing-site refactor — operational Block B item) +- `zeroauth-dev/ZeroAuth` #22 (Central API console — Day 1 deliverable) +- `zeroauth-dev/ZeroAuth` #24 (Dashboard @types/node hotfix) +- `zeroauth-dev/ZeroAuth` #25 (Marketing-site refactor — operational Block B item) ---