Security & Governance¶
Implemented Contract
GPUaaS security posture is enforced at multiple layers: contract (OpenAPI rules), code (sanitize middleware, audit middleware), CI (governance gates), data (immutable ledger/audit, allowlisted metadata), and operations (runbooks, threat model).
Pages¶
| Page | Audience |
|---|---|
| Threat model | Security reviewers, architects |
| Governance precedence | All engineers; codifies what overrides what |
| Audit & compliance | SREs, security, auditors |
| Sanitize-first rules | All engineers writing log/trace code |
Security layering¶
flowchart TB
classDef edge fill:#fff3e0,stroke:#e65100
classDef code fill:#e3f2fd,stroke:#1565c0
classDef ci fill:#e8f5e9,stroke:#2e7d32
classDef data fill:#eceff1,stroke:#455a64
classDef ops fill:#ede7f6,stroke:#5e35b1
E1[WAF + rate-limit]:::edge
E2[mTLS internal]:::edge
E3[OIDC + JWKS]:::edge
C1[middleware.Sanitize]:::code
C2[authz scope resolution]:::code
C3[outbox transactional]:::code
C4[audit write per privileged op]:::code
G1[audit_mandatory_guard.sh]:::ci
G2[canonical_error_guard.sh]:::ci
G3[observability_trace_gate.sh]:::ci
G4[contracts_breaking_change.sh]:::ci
D1[Immutable ledger_entries]:::data
D2[Immutable audit_logs]:::data
D3[Allowlisted metadata jsonb]:::data
D4[Per-service DB credentials]:::data
O1[Threat model]:::ops
O2[Pen test scope]:::ops
O3[Key rotation runbook]:::ops
O4[JWKS compromise runbook]:::ops
EDGE[Edge] --> E1 & E2 & E3
CODE[Code] --> C1 & C2 & C3 & C4
CI[CI gates] --> G1 & G2 & G3 & G4
DATA[Data layer] --> D1 & D2 & D3 & D4
OPS[Operations] --> O1 & O2 & O3 & O4Source docs¶
Read in this order for a deep security review:
- Security_Threat_Model.md — STRIDE baseline
- Security_Control_Verification.md — verification mappings
- Abuse_Case_Catalog.md — adversary tactics
- Pen_Test_Scope.md — what's in scope for pentest
- Threat_Model.md — deeper threat model in architecture
- Node_Control_Plane_Communication_Security_Audit_v1.md — node ↔ API mTLS audit