F-003 fix: Sanitize SQL dump for safe dev use
This commit is contained in:
28
work/artifacts/F-003/security.json
Normal file
28
work/artifacts/F-003/security.json
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
"feature_id": "F-003",
|
||||
"agent": "security",
|
||||
"verdict": "APPROVED",
|
||||
"summary": "The active tracked SQL baseline no longer contains raw production-like customer or order data. The repo now documents that any private raw snapshot must stay outside git or in ignored local paths.",
|
||||
"checks": [
|
||||
"tracked SQL data-risk scan",
|
||||
"private path and docs review",
|
||||
"working tree review"
|
||||
],
|
||||
"findings": [
|
||||
{
|
||||
"severity": "medium",
|
||||
"title": "Earlier raw snapshot still exists in git history",
|
||||
"status": "accepted-risk",
|
||||
"paths": [
|
||||
"git history before F-003 publish"
|
||||
]
|
||||
}
|
||||
],
|
||||
"evidence": [
|
||||
"Tracked SQL file now contains a 6.8K sanitized synthetic baseline",
|
||||
"Data-risk scan on project/sql/db-25052026.sql returned no customer/order/production URL patterns",
|
||||
"Reviewed project/sql/README.md and .gitignore entry for project/sql/private/",
|
||||
"Confirmed current working tree no longer ships raw production-like SQL dump content"
|
||||
],
|
||||
"timestamp": "2026-05-25T06:15:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user