> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/security-compliance.md).

# Security & Compliance

> Cumulative security posture and GDPR compliance record. Updated between phases via carryforward. **Line budget**: 1000 max | **Last updated**: Phase 41 (2026-07-04)

***

## Current Security Posture

### Overall: CLEAN

| Metric           | Value        |
| ---------------- | ------------ |
| Open Findings    | 0            |
| Critical/High    | 0            |
| Medium/Low       | 0            |
| Phases Audited   | 42 (P00-P41) |
| Last Clean Phase | P41          |

Phase 41 completed the Hermes All-Access Remediation phase through 17 sessions. The phase made `AI_OS_LOCAL_ALL_ACCESS=1` the normal local startup contract, migrated Hermes, Knowledge Graph, Voice, Intelligence, OpenClaw, Claude Code, local-agent, setup, Dream, public-demo, extension, documentation, spec memory, archive guidance, and generated-data closeout surfaces away from manual admin/default-off local posture.

All 17 session security reviews passed with no open security findings and no GDPR findings. The phase preserved local defenses while removing manual admin env opt-in as the normal product gate: privileged routes keep loopback, Host-header, same-run token, method, body-size, schema validation, confirmation where needed, timeout, safe-error, redaction, no-shell argv, path confinement, duplicate guards, parser-owned contracts, and no-store JSON responses.

The Phase 41 execution additions remain local and bounded. OpenClaw deploy, spawn, and action execution; Claude Code workspace, shell, git, process, and file actions; local-agent delegated actions; Dream engine selection and manual run controls; Knowledge Graph ingest/remove; Hermes mutations; and Voice or Intelligence actions either execute locally with visible results or surface named recovery states for demo/privacy, token, credential, dependency, offline, provider, source-compliance, production, or external-proof boundaries.

Known external proof limits are not open findings: GitHub Actions quality, security, and deploy workflows could not run because account billing or spend limit state is external; production Worker health, Cloudflare WAF verification, and Cloudflare deploy execution still require external URLs, dashboard or Terraform access, and Cloudflare secrets. Local validation evidence was recorded in `.spec_system/audit/known-issues.md`.

***

## Open Findings

Active security or GDPR issues requiring attention. Ordered by severity.

### Critical / High

No open findings.

### Medium / Low

No open findings.

***

## GDPR Compliance Status

### Overall: COMPLIANT

Current operation remains local self-use with optional operator-enabled public metadata collection, browser-local AI Rogue and Trend Finder state, local scheduler/Dream/Hermes/Knowledge Graph artifacts, transient Hermes Intelligence voice/session state, local operator action results, and a static public demo built from committed privacy-scanned fixtures. Phase 41 added local execution and recovery paths but no hosted persistence, analytics, runtime upload path, public demo live bridge, collector, consent flow, third-party personal-data transfer, or committed raw provider payload.

### Personal Data Inventory

| Data Element                                         | Source                                                                           | Storage                                                                        | Purpose                                                                                   | Legal Basis                                 | Retention                                                               | Deletion Path                                                            | Since       |
| ---------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------------------ | ----------- |
| Local AI usage and memory metadata                   | Local scanners and aggregate script                                              | `src/data/live-data.json`                                                      | Operator dashboard telemetry                                                              | Legitimate interest (self-use)              | Until file is overwritten or deleted                                    | Delete `src/data/live-data.json`                                         | P00         |
| Public trend metadata                                | Reviewed Apify declarations and direct public endpoints/feeds                    | `src/data/live-data.json`, local snapshots                                     | Trend signal aggregation                                                                  | Legitimate interest (public data, self-use) | Overwritten each run; snapshots local                                   | Delete generated Trend Finder data and `.cache/extensions/trend-finder/` | P02/P05/P28 |
| Public demo fixture projection                       | Reviewed local Trend Finder and allowlisted Dream Review output                  | `demo-website/public/demo/*.json`, Cloudflare Pages dist                       | Static public product demo without live runtime reads                                     | Legitimate interest (public demo, self-use) | Until fixtures are changed by commit/redeploy or deployment is removed  | Remove fixture fields, commit/redeploy, or delete Pages deployment       | P31/P33     |
| Browser-local Trend Finder triage and watching state | Operator UI actions                                                              | Browser localStorage                                                           | Local topic triage, pins, notes, tags, and filtering                                      | Legitimate interest (self-use)              | Until operator clears it                                                | Use reset controls or clear localStorage                                 | P24/P27/P28 |
| Public competitor/channel names                      | Operator input in Creator Lens                                                   | Browser localStorage draft and local Creator Lens config                       | Match public YouTube channel-title evidence and guide creator angle output                | Legitimate interest (self-use)              | Until operator changes local draft/config                               | Remove names in Creator Lens and save, or clear local storage/cache      | P27-S09     |
| Claude OAuth usage metadata                          | Claude CLI and Anthropic usage fetches via script-only helper                    | Transient script memory and bounded live-data fields                           | Authoritative live/estimate usage display                                                 | Legitimate interest (self-use)              | Regenerated on aggregate run; auth material not persisted by fetch path | Remove local Claude auth material or delete generated live data          | P21         |
| Local Knowledge Graph metadata                       | Operator-triggered `graphify` over local paths or Git URLs                       | `src/data/graphs/index.json`, `src/data/graphs/*.json`                         | Local project map and Hermes grounding                                                    | Legitimate interest (self-use)              | Until graph entry/file is removed                                       | Use remove action or delete graph files                                  | P26         |
| Hermes Mission Control store                         | Operator/admin-authored Hermes actions                                           | `HERMES_HOME/missions.json` or `~/.hermes/missions.json`                       | Local mission orchestration and archive state                                             | Legitimate interest (self-use)              | Until local mission store is deleted                                    | Delete active Hermes mission store                                       | P19/P25     |
| Scheduler and Dream run metadata                     | Local scheduler commands or user-enabled timer                                   | Private AI OS scheduler/Dream state and logs                                   | Local status, diagnostics, continuity, and locking                                        | Legitimate interest (self-use)              | Until local artifacts are deleted or overwritten                        | Delete private AI OS scheduler and Dream artifacts                       | P11/P12     |
| Browser-local AI Rogue game state                    | Operator gameplay, input settings, and browser-safe LiveData projections         | Browser localStorage and IndexedDB                                             | Local input preferences, wallet, ledger, saves, run history, seed replay, and progression | Legitimate interest (self-use)              | Until operator resets AI Rogue or clears browser storage                | Use AI Rogue reset controls or clear browser localStorage/IndexedDB      | P30/P32/P35 |
| Hermes Intelligence spoken prompt/audio              | Operator microphone after explicit Start voice action                            | Transient browser media stream and configured local Realtime provider session  | Live spoken Hermes interaction                                                            | Legitimate interest (self-use)              | Session-scoped; media tracks stop on portal close/stop/failure          | Stop voice, close the portal, or unmount the voice hook                  | P38-S09     |
| Hermes Intelligence typed prompt and transcript      | Operator input and `/__hermes_chat` SSE output                                   | In-memory React state for the active portal session                            | Show Hermes answer stream and feed Intelligence visualizers                               | Legitimate interest (self-use)              | Session-scoped; not persisted                                           | Close/reset the portal or reset the Hermes admin hook state              | P38-S09     |
| Hermes Intelligence design mode preference           | Operator-selected portal design mode                                             | Browser localStorage key `ai-os-hermes-intelligence-design`                    | Restore visual mode choice                                                                | Legitimate interest (self-use)              | Until browser storage is cleared or overwritten                         | Clear browser storage or change/reset the portal mode                    | P38-S09     |
| Local action execution result metadata               | Operator-triggered Hermes, OpenClaw, Claude Code, Dream, and local-agent actions | In-memory browser/query state plus operator-selected local files/process state | Show local action results, recovery details, and execution status                         | Legitimate interest (self-use)              | Session-scoped unless the operator writes local files or stores state   | Reset UI state, close session, or delete/revert affected local files     | P41         |

### Compliance Checklist

| Requirement                            | Status | Notes                                                                                                                                                                                                                                                                                                                                                                                                                      |
| -------------------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Data collection has documented purpose | PASS   | Current local scanners, public source declarations, direct public endpoints, scheduler/Dream state, Knowledge Graph, Creator Lens competitor names, AI Rogue browser-local state, input preferences, Intelligence session state, local action results, Hermes command/MoA actions, and public demo fixtures have documented purposes.                                                                                      |
| Consent obtained before data storage   | PASS   | Local setup is operator-run; public source collection is disabled/configured by the operator; competitor names, watchlist notes/tags, AI Rogue gameplay/input state, voice start, typed prompts, design preference, local actions, Dream runs, and public demo snapshots are produced by operator-controlled flows.                                                                                                        |
| Data minimization verified             | PASS   | Browser/static payloads expose bounded labels, counts, IDs, safe statuses, projections, redacted snapshot metadata, Dream allowlist fields, AI Rogue metadata, Hermes model/preset metadata, Intelligence session state, and sanitized action results only. No raw provider keys, auth JSON, private paths, committed prompts/transcripts, raw provider payloads, source dumps, or secret-shaped tokens are exposed.       |
| Deletion/erasure path exists           | PASS   | Local generated data, caches, localStorage, IndexedDB, graph files, mission stores, Hermes config, scheduler state, Dream artifacts, Intelligence session state, AI Rogue state, local action state, and committed public demo fixtures can be removed by local deletion, browser clearing/reset, follow-up commit/redeploy, or deployment removal.                                                                        |
| No PII in application logs             | PASS   | Current logs and trace outputs are sanitized to aggregate counters, states, warnings, redacted errors, and public-demo scan summaries; Phase 41 scans found no raw prompts, transcripts, command bodies, local paths, credentials, private telemetry, or secret-shaped tokens in touched docs/artifacts.                                                                                                                   |
| Third-party transfers documented       | PASS   | Optional Apify, Anthropic OAuth usage, OpenAI account-auth/Codex runtime, OpenAI Realtime voice provider, keyless local OpenRouter pricing, direct public-source boundaries, and static Cloudflare Pages public demo hosting are documented; Phase 41 added no analytics, hosted collectors, hosted writes, public demo live bridge, runtime upload transfer, browser provider-key persistence, or remote content loading. |

***

## Dependency Security

### Current Vulnerabilities

No known vulnerable dependencies.

Latest dependency audit evidence is `bun audit` on 2026-07-04 during local security workflow validation, which reported no vulnerabilities. Phase 41 ended at package version `0.5.145`. Session security reports found no dependency-set or lockfile additions; `package.json` changed for startup/version metadata and existing dependencies remained in place.

* `package.json` direct dependency `js-yaml` remains `^5.0.0`.
* `package.json` overrides pin `esbuild` 0.28.1, `@babel/core` 7.29.7, `form-data` 4.0.6, `js-yaml` 5.0.0, `undici` 7.28.0, `vite` 8.0.16, and `ws` 8.21.0.
* Phase 41 added local bridge/executor/action behavior through existing TypeScript, Vite, Bun, React Query, parser, and test tooling rather than adding new runtime packages.
* Local quality, coverage, build, security scans, CodeQL, dry-run deploy, private-runtime checks, and browser smoke evidence are recorded in phase/session artifacts and known-issue exceptions where hosted execution was external.

***

## Resolved Findings

Recently closed items. Compressed after 2 phases.

No recently resolved findings.

***

## Phase History

| Phase | Sessions | Security | GDPR | Findings Opened | Findings Closed |
| ----- | -------- | -------- | ---- | --------------- | --------------- |
| P41   | 17       | PASS     | N/A  | 0               | 0               |
| P40   | 18       | PASS     | N/A  | 0               | 0               |
| P39   | 8        | PASS     | N/A  | 0               | 0               |
| P38   | 10       | PASS     | PASS | 0               | 0               |
| P37   | 6        | PASS     | N/A  | 0               | 0               |

***

## Recommendations

Actionable items for upcoming phases based on cumulative findings.

1. Re-run hosted GitHub Actions quality, security, and deploy workflows when billing or spend-limit state allows hosted execution.
2. Run credentialed local voice provider smoke and local-admin MoA save smoke only in approved operator environments, then record redacted success/failure evidence.
3. Complete production Worker health, Cloudflare WAF OWASP ruleset, and Cloudflare deploy proof when the required URL, dashboard/Terraform access, and Cloudflare secrets are available.
4. Preserve loopback, Host-header, same-run token, body-size, schema, confirmation, timeout, safe-error, path-redaction, no-shell argv, duplicate guards, and structured-write gates for all local bridges and executors.
5. Keep OpenAI, Anthropic, OpenRouter, Claude OAuth, and local-provider credentials environment/script-only; do not surface provider keys, auth JSON, account IDs, prompts, transcripts, command output, or provider payloads in browser state, generated data, docs, or logs.
6. Re-review source-specific terms, GDPR posture, retention, spend labels, and parser tests before adding Semantic Scholar, Bluesky, Replicate, newsletter targets, X/Twitter, TikTok, Instagram, Digg, podcast/audio, or any other adapter.
7. Keep the public demo static-only until a new threat model covers Pages Functions, advanced Workers, analytics, hosted collectors, hosted writes, uploads, runtime bridge calls, or public local-control-plane APIs.
8. Add hosted CI coverage for `demo:build:pages`, `demo:scan:pages`, `demo:budget:pages`, desktop/mobile route smoke, hosted metadata checks, and AI Rogue public-demo gameplay smoke before treating the public demo as a routine release lane.
9. Treat future AI Rogue capability expansion as fresh product/security work; approved production visibility, local audio, visual assets, and authored levels do not automatically approve collectors, WebGPU-specific behavior, worker protocols, hosted writes, remote loading, analytics, saved audio state, new content classes, or rejected-art reuse.
10. Treat new route-specific execution, shell, git, workspace write, hosted storage, public API exposure, browser credential storage, or new third-party transfer paths as first-class threat-model work with real execution, visible result, recovery, and test evidence.

***

*Auto-generated by carryforward. Manual edits allowed but may be overwritten.*


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/security-compliance.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
