feat(security): cargo-audit + cargo-deny + Dependabot + SECURITY.md + CODEOWNERS + gitignore hardening

NeuralEmpowerment · NeuralEmpowerment · commit 1ad43cfea79f · 2026-05-07T13:24:30.000-07:00
P1 — supply chain & disclosure infrastructure: - deny.toml: license/advisory/bans/sources policy for cargo-deny - .github/dependabot.yml: weekly auto-PRs for both GitHub Actions and Cargo deps; minor+patch updates grouped to reduce PR noise - SECURITY.md: private-disclosure policy, scope, supported versions P2 — passive hardening: - .github/CODEOWNERS: require @NeuralEmpowerment review on .github/**, Cargo.{toml,lock}, SECURITY.md, LICENSE (supply-chain + legal gates) - .gitignore: append patterns for certs, keys, keystores, .env files DONE_WITH_CONCERNS — cargo-deny license violations (fastembed transitives): 1. libfuzzer-sys v0.4.12 — license "(MIT OR Apache-2.0) AND NCSA" NCSA (University of Illinois/NCSA Open Source License) is OSI-approved and FSF-Free but is not in the current allow list. Chain: fastembed → image → ravif → rav1e → libfuzzer-sys 2. webpki-roots v0.26.11 and v1.0.7 — license "CDLA-Permissive-2.0" Community Data License Agreement (permissive variant) — not in allow list. Chain: fastembed → ureq (and ort-sys) → webpki-roots ACTION REQUIRED: Review whether NCSA and CDLA-Permissive-2.0 are acceptable for your use case, then either add them to deny.toml [licenses].allow or open an issue with the fastembed maintainers. Do NOT blindly allow without legal review.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,12 @@
+# CI/CD workflows — arbitrary code execution risk; require maintainer review on changes.
+.github/                     @NeuralEmpowerment
+
+# Dependency manifests — supply chain risk; reviewed changes only.
+Cargo.toml                   @NeuralEmpowerment
+Cargo.lock                   @NeuralEmpowerment
+
+# Security policy
+SECURITY.md                  @NeuralEmpowerment
+
+# License — IP / legal sensitivity
+LICENSE                      @NeuralEmpowerment
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,22 @@
+version: 2
+updates:
+  # GitHub Actions — auto-PR for action version updates.
+  # Updates the SHA-pinned versions; the comment shows what changed.
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  # Cargo — auto-PR for crate updates with security advisories or new versions.
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    # Group minor/patch updates to reduce PR noise; majors get their own PRs.
+    groups:
+      cargo-minor-and-patch:
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.gitignore b/.gitignore
@@ -25,3 +25,21 @@ markdown-explorer/
 docs/integration-example.md
 docs/workflow.md
 docs/research-reinforcement-feedback-loop.md
+
+# Credentials and secrets — passive safety net against accidental commits
+*.pem
+*.key
+*.p12
+*.pfx
+*.cer
+*.crt
+id_rsa
+id_rsa.pub
+id_ed25519
+id_ed25519.pub
+*.keystore
+
+# Environment files
+.env
+.env.local
+.env.*.local
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in semrouter, please report it privately. **Do not open a public issue.**
+
+**Preferred channel:** [GitHub Security Advisories](https://github.com/AgentParadise/semrouter/security/advisories/new) — this creates a private discussion with the maintainers.
+
+**Alternative:** Open a private issue or DM a maintainer on GitHub.
+
+We will:
+- Acknowledge receipt within 7 days.
+- Investigate and confirm or deny the issue within 30 days.
+- Coordinate disclosure timing once a fix is ready.
+- Credit the reporter in the security advisory unless they prefer to remain anonymous.
+
+## Scope
+
+Vulnerabilities we consider in scope:
+
+- Memory safety issues in unsafe code (we have ~zero unsafe; any is in scope)
+- Arbitrary code execution via crafted `routes.jsonl` / `eval.jsonl` / `router.toml` inputs
+- Denial-of-service via inputs that cause unbounded resource consumption
+- Supply-chain issues (e.g. a transitive dependency CVE we should pin away from)
+
+Out of scope:
+- The accuracy or quality of routing decisions (that's an evaluation question, not security).
+- Issues in third-party embedders the consumer brings via the `EmbeddingProvider` trait.
+- Reports that boil down to "your dep tree includes crate X which has known issue Y" — please file these against the upstream crate; we follow security advisories via cargo-audit and Dependabot.
+
+## Versions
+
+We provide security updates for:
+
+- The latest published `0.x` version on crates.io.
+- The `main` branch of the GitHub repo.
+
+Older versions are not supported. If you need a fix for a specific version, open an issue.
diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,37 @@
+# deny.toml — supply chain enforcement: licenses, advisories, banned crates
+[graph]
+all-features = true
+
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+ignore = []
+
+[licenses]
+unused-allowed-license = "warn"
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "ISC",
+    "Unicode-DFS-2016",
+    "Unicode-3.0",
+    "Zlib",
+    "MPL-2.0",
+    "CC0-1.0",
+    "OpenSSL",
+]
+confidence-threshold = 0.8
+
+[bans]
+multiple-versions = "warn"
+wildcards = "deny"
+deny = []
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
