fix(security): comprehensive security audit remediation (22 findings, 37 files) (#684)

* fix(security): eliminate CI injection vectors and pin actions (#1)

- Move all github.event.* expressions from run: to env: blocks (CWE-94)
  - spell-check.yml: changed_files via env var
  - markdown-link-check.yml: changed_files via temp file input
  - ai-spec-drafter.yml: issue.number via env var
  - ai-test-generator.yml: pull_request.number via env var
  - ai-release-notes.yml: release.tag_name via env var
  - sbom.yml: release.tag_name via env var
- Redact secret scanner output to prevent secret leaks to CI logs (CWE-200)
- SHA-pin dtolnay/rust-toolchain (the only unpinned action) (CWE-829)
- Add missing permissions: block to markdown-link-check.yml (CWE-250)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(security): supply chain hardening — dep confusion, lockfiles, Dockerfile digest (#2)

- Fix dependency confusion: replace agent-primitives==0.1.0 with local
  file references in scak and iatp requirements.txt (CWE-427)
- Pin root Dockerfile base image to SHA digest (CWE-829)
- Generate missing package-lock.json for 4 npm packages (CWE-829):
  mcp-proxy, api, chrome extension, mastra-agentmesh
- Remove unsafe npm ci || npm install fallback in ESRP pipeline (CWE-829)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(security): Docker/infra hardening — CORS, Grafana, .dockerignore, CODEOWNERS (#3)

- Replace hardcoded Grafana admin passwords with env var refs in 7
  docker-compose files (CWE-798)
- Replace wildcard CORS allow_origins=[*] with env-driven origins
  in 6 production services (CWE-942)
- Add secret exclusion patterns (.env, *.key, *.pem, *.p12) to root
  and caas .dockerignore files (CWE-532)
- Add security contact, supported versions, and 90-day disclosure
  policy to SECURITY.md (CWE-693)
- Add CODEOWNERS rules for scripts/, Dockerfile, docker-compose*,
  .dockerignore, .clusterfuzzlite/ (CWE-862)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(security): code quality — XSS, Rust panics, example warnings (#4)

- Replace innerHTML with safe DOM APIs (textContent, createElement)
  in PolicyEditorPanel.ts and MetricsDashboardPanel.ts (CWE-79)
- Add HTML entity escaping for violation names in metrics dashboard
- Replace .unwrap() with .expect() on production RwLock/Mutex calls
  in policy.rs for clearer panic messages (CWE-252)
- Add INTENTIONALLY INSECURE warnings to test fixture code in
  github-reviewer example to prevent copy-paste propagation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

.dockerignore

@@ -17,3 +17,13 @@
 .vscode
 coverage.xml
 node_modules
+
+# Security: exclude secrets from build context
+.env
+.env.*
+*.key
+*.pem
+*.p12
+*.crt
+secrets/
+*.token

.github/CODEOWNERS

@@ -27,6 +27,13 @@
 /packages/*/src/**/identity* @microsoft/agent-governance-toolkit
 /packages/*/src/**/crypto*   @microsoft/agent-governance-toolkit
 
+# Infrastructure & container security — require maintainer review
+/scripts/                    @microsoft/agent-governance-toolkit
+**/Dockerfile                @microsoft/agent-governance-toolkit
+**/docker-compose*           @microsoft/agent-governance-toolkit
+/.dockerignore               @microsoft/agent-governance-toolkit
+/.clusterfuzzlite/           @microsoft/agent-governance-toolkit
+
 # Documentation
 /docs/                       @microsoft/agent-governance-toolkit
 *.md                         @microsoft/agent-governance-toolkit

.github/workflows/ai-release-notes.yml

@@ -32,8 +32,10 @@ jobs:
         id: prs
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          EVENT_TAG: ${{ github.event.release.tag_name }}
+          INPUT_TAG: ${{ inputs.tag }}
         run: |
-          TAG="${{ github.event.release.tag_name || inputs.tag }}"
+          TAG="${EVENT_TAG:-$INPUT_TAG}"
           if [ -z "$TAG" ]; then
             TAG=$(gh release list --limit 1 --json tagName -q '.[0].tagName' 2>/dev/null || echo "")
           fi

.github/workflows/ai-spec-drafter.yml

@@ -125,7 +125,8 @@ jobs:
       - name: Comment on issue
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
         run: |
-          gh issue comment ${{ github.event.issue.number }} \
+          gh issue comment "$ISSUE_NUMBER" \
             --body "🤖 An engineering spec has been drafted and a PR created. Please review the PR for the full specification." \
             || true

.github/workflows/ai-test-generator.yml

@@ -44,8 +44,9 @@ jobs:
         id: changes
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
         run: |
-          FILES=$(gh pr diff ${{ github.event.pull_request.number }} --name-only \
+          FILES=$(gh pr diff "$PR_NUMBER" --name-only \
             | grep -E '^packages/[^/]+/src/.*\.py$' || true)
           if [ -z "$FILES" ]; then
             echo "skip=true" >> "$GITHUB_OUTPUT"

.github/workflows/ci.yml

@@ -403,7 +403,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
       - name: Build
         working-directory: packages/agent-mesh/sdks/rust/agentmesh
         run: cargo build --release

.github/workflows/markdown-link-check.yml

@@ -6,6 +6,9 @@ on:
       - '**/*.md'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   link-check:
     runs-on: ubuntu-latest
@@ -20,12 +23,15 @@ jobs:
           files: |
             **/*.md
 
+      - name: Write changed files list
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+        run: printf '%s\n' $CHANGED_FILES > "$RUNNER_TEMP/changed-md-files.txt"
+
       - name: Run Link Checker
         if: steps.changed-files.outputs.any_changed == 'true'
         uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0
         with:
-          # Configuration is defined here directly in YAML (no JSON file needed)
-          # --exclude-loopback: ignores localhost/127.0.0.1
-          # --verbose: shows details in the logs
-          args: --verbose --no-progress --exclude-loopback ${{ steps.changed-files.outputs.all_changed_files }}
+          args: --verbose --no-progress --exclude-loopback --input "${{ runner.temp }}/changed-md-files.txt"
           fail: true

.github/workflows/sbom.yml

@@ -49,8 +49,9 @@ jobs:
         if: github.event_name == 'release'
         env:
           GH_TOKEN: ${{ github.token }}
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
         run: |
-          gh release upload "${{ github.event.release.tag_name }}" \
+          gh release upload "$RELEASE_TAG" \
             sbom.spdx.json \
             sbom.cdx.json \
             --clobber

.github/workflows/secret-scanning.yml

@@ -55,7 +55,7 @@ jobs:
               2>/dev/null || true)
             if [ -n "$MATCHES" ]; then
               echo "::warning::Potential secrets found matching pattern: $pattern"
-              echo "$MATCHES" | head -5
+              echo "$MATCHES" | head -5 | sed 's/:.*/:***REDACTED***/'
               FOUND=1
             fi
           done

.github/workflows/spell-check.yml

@@ -33,4 +33,6 @@ jobs:
 
       - name: Check spelling
         if: steps.changed-markdown.outputs.any_changed == 'true'
-        run: cspell --config .cspell.json --no-progress ${{ steps.changed-markdown.outputs.all_changed_files }}
+        env:
+          CHANGED_FILES: ${{ steps.changed-markdown.outputs.all_changed_files }}
+        run: cspell --config .cspell.json --no-progress $CHANGED_FILES