Skip to content

Chore: monthly .org update#552

Merged
mattaereal merged 93 commits into
mainfrom
develop
Jul 8, 2026
Merged

Chore: monthly .org update#552
mattaereal merged 93 commits into
mainfrom
develop

Conversation

@scode2277

@scode2277 scode2277 commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

What does this PR change?

Monthly .org update

Type of change

  • New content
  • Edit to existing content
  • Outline / structure change
  • Typo or formatting fix
  • Tooling / config

If applicable

  • Editing existing content: tagged the current contributors from the attribution list
  • Framework has a steward: asked them to review
  • Outline change: updated vocs.config.ts with the dev: true parameter
  • Want community feedback: shared this PR in our Discord

Stuck on anything? Just write it here and we're happy to help.

artemisclaw82 and others added 30 commits April 6, 2026 12:37
#400)

* content(opsec): endpoint security tiers and DPRK liveness verification

- Add endpoint security device provisioning tiers (managed, VDI, enterprise browser)
- Add deepfake liveness verification techniques to DPRK TTP page
- Add andrew-chang-gu to contributors.json (username TBD)

Co-authored-by: DicksonWu654 <dickson@certik.com>
Co-authored-by: andrew-chang-gu <>

* chore: fill andrew-chang-gu contributor fields from public LinkedIn profile

* Add contributor Andrew Chang-Gu to contributors.json

Added new contributor Andrew Chang-Gu with details.

---------

Co-authored-by: DicksonWu654 <dickson@certik.com>
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* Add password manager endpoint hardening guide

* Tone down password manager hardening guide

* Shorten password manager hardening guide

* Make wallet secret storage guidance explicit

* Remove decorative separators from password manager hardening guide

* Fix lint in password manager endpoint guide

* Tighten password manager endpoint guide

* Shorten password manager endpoint guide

* Clarify password manager endpoint guidance

* Add password manager endpoint hardening guide

* Tone down password manager hardening guide

* Shorten password manager hardening guide

* Make wallet secret storage guidance explicit

* Remove decorative separators from password manager hardening guide

* Fix lint in password manager endpoint guide

* Tighten password manager endpoint guide

* Shorten password manager endpoint guide

* Clarify password manager endpoint guidance

* Expand password manager hardening scope

* Revert "Expand password manager hardening scope"

This reverts commit 4bf04d6.

* docs: tighten password manager browser guidance

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* Add hardware security key guide

* Credit Opsek authors on YubiKey guide

* Remove decorative separators from hardware security keys guide

* Fix lint in hardware security keys guide

* Tighten hardware security keys guide

* Move hardware security keys guide to endpoint security

* Tighten hardware keys guide metadata

* Update hardware-security-keys.mdx

* Update hardware-security-keys.mdx

* Add hardware security key guide

* Credit Opsek authors on YubiKey guide

* Remove decorative separators from hardware security keys guide

* Fix lint in hardware security keys guide

* Tighten hardware security keys guide

* Move hardware security keys guide to endpoint security

* Tighten hardware keys guide metadata

* Add YubiKey-specific setup guidance

* docs: tighten hardware key setup guidance

* Delete AGENTS.md

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* Add stewards for Incident Management and AI Security fws

* sync contributors company
* Add SSH client and key management hardening guide

* Remove decorative separators from SSH hardening guide

* Fix markdownlint spacing in SSH hardening guide

* Tighten SSH hardening guide

* Shorten SSH hardening guide

* Clarify SSH hardening guidance

* Introduce SSH certificates for better key management

Added a section on using SSH certificates for improved access management.

* Clarify SSH host verification guidance

* Fix SSH guide markdown formatting

* Finish SSH guide review fixes

* Add SSH client and key management hardening guide

* Remove decorative separators from SSH hardening guide

* Fix markdownlint spacing in SSH hardening guide

* Tighten SSH hardening guide

* Shorten SSH hardening guide

* Clarify SSH hardening guidance

* Introduce SSH certificates for better key management

Added a section on using SSH certificates for improved access management.

* Clarify SSH host verification guidance

* Fix SSH guide markdown formatting

* Finish SSH guide review fixes

* Trim unrelated SSH wordlist entries

* Update wordlist.txt

* Add reviewers to SSH client hardening guide

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* add github workflow to autmatically upload images to S3

* implement review + deps revamp

* Reorganize AWS credentials configuration in workflow

* Add --ignore-scripts to install step for supply chain attack mitigation

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
* Added MFA overview, and updated contributors file.

* Build fix and language updates.

* Refine MFA overview and recommendations

Revised language for clarity and emphasis on MFA importance. Updated recommendations for MFA methods and highlighted security considerations for passkeys.

* Further clarification about passkey storage.

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Co-authored-by: frameworks-volunteer <jamesbond777bot@duck.com>
* Port cert revisions and add SFC Identity & Accounts

Mirrors the revisions applied in the SEAL-Certs-Template repo (see its
CHANGELOG.md for full detail). Summary:

- sfc-multisig-ops: ms-2.1.2 strengthened from "evaluate" to "implement";
  ms-4.1.1 transaction process consolidated 8 to 5 bullets
- sfc-treasury-ops: scope note added; per-actor/per-path exposure limits
  (tro-2.1.3) and privileged access / root account management (tro-3.1.5)
  added; trusted-parser bullet on tro-4.1.1; various consolidations and
  softening (session timeouts, impact thresholds, exposure limits)
- sfc-devops-infrastructure: di-1.1.4 split into process + di-1.1.5 list;
  runner hardening on di-3.1.1; network architecture on di-4.1.1; supply
  chain mention softened; References section added
- sfc-dns-registrar: dns-3.1.1 slimmed to reference the new Identity &
  Accounts cert for account management
- sfc-incident-response: four IR controls consolidated (team roles,
  contacts, alerting, drills); header reference to Identity & Accounts
- sfc-identity-accounts (NEW): horizontal cert covering organizational
  account management (inventory, phishing-resistant MFA, credential
  management, recovery methods, lifecycle, takeover monitoring, third-
  party access)

Control IDs are stable; no renames. Baseline text changes do not affect
workbook import (keyed on control ID).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Retire SFC Workspace Security; wire in Identity & Accounts

The old Workspace Security cert drifted far from SEAL's SME (device
management, EDR/MDM, physical/travel security, formal training programs).
Its crypto-relevant content (account inventory, phishing-resistant MFA,
credential management, account lifecycle, takeover monitoring) is now in
the new horizontal Identity & Accounts cert. Generic enterprise IT
coverage is better left to ISO 27001 / SOC 2 / CIS.

- Delete docs/pages/certs/sfc-workspace-security.mdx
- vocs.config.tsx: sidebar updated (add Identity & Accounts, remove
  Workspace Security)
- utils/generate-cert-data.js: CERT_ORDER updated so the overview-page
  "Export All Certifications" xlsx includes I&A and excludes Workspace
- utils/generate-printable-checklists.js: CERT_META updated so the Print
  button generates an I&A checklist and no longer generates one for
  Workspace
- components/certified-protocols/CertifiedProtocols.tsx: certTypeToName
  map updated (sfc-ida replaces sfc-ws)
- docs/pages/certs/overview.mdx: cert list updated
- docs/pages/certs/index.mdx: cert list updated
- docs/pages/intro/overview-of-each-framework.mdx: cert list updated

The fetched-tags.json and cert-data.json artifacts regenerate at build
time.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Surface control IDs in the control card UI

Control IDs (e.g., ms-2.1.2) are already in the data model and used by
workbook import/export and aria attributes, but were invisible in the
rendered card. Surface them inline next to the title so readers and
reviewers have a stable reference they can cite.

- ControlCard.tsx: render {control.id} before the title with a muted
  separator
- control.css: .control-id styled muted, monospace, 0.875em; .control-id-sep
  muted, non-bold

No behavioral change; purely additive display.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Add per-cert version stamps and central changelog

Protocols that have certified against an earlier version of a cert need
to scope the delta when that cert is revised. Adds explicit versioning
so re-certification decisions are data-driven.

- Per-cert frontmatter fields: version (semver-ish) and revised (ISO
  date). Rendered inline near the H1 title: "Revision X.Y · Updated
  YYYY-MM-DD · Changelog".
- New page: docs/pages/certs/changelog.mdx aggregating revision history
  across all certs with inaugural 2026-04-17 entry covering the
  feedback-integration-1.1 changes.
- vocs.config.tsx: Changelog added to sidebar under SEAL Certifications.

All five existing certs stamped at v1.1 (revised 2026-04-17). New
Identity & Accounts cert stamped at v1.0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Regenerate build artifacts

- docs/pages/certs/index.mdx: generate-folder-indexes added Changelog row
- utils/fetched-tags.json: tags-fetcher regenerated tag map (added
  /certs/changelog entry; workspace-security replaced by
  identity-accounts; sectionMappings sort order shuffled)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Add ir-2.1.1 threat model to Incident Response

Monitoring coverage is only meaningful if it's pointed at the right
things. The existing IR cert had team structure, contacts, monitoring,
alerting, and playbooks, but no control requiring an explicit threat
picture of protocol operations and external dependencies. This control
closes that gap and anchors the monitoring and playbook controls to a
known threat model.

- Insert new ir-2.1.1 (Threat Model for Protocol Operations) at the
  start of Section 2 (Monitoring, Detection & Alerting)
- Existing Section 2 controls shifted: old ir-2.1.1 to ir-2.1.2,
  ir-2.1.2 to ir-2.1.3, ir-2.1.3 to ir-2.1.4
- Evidence Tracker count 13 to 14 (template repo only)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Rewrite certs overview to align with program roadmap

The previous overview was written during RFC Phase (ended Dec 31, 2025)
and framed certifications as "proposed" and "being developed." The
framework is now stable, published, and moving into active certification
with accredited firms.

Rewritten to:
- Open with the same framing as the internal program-and-roadmap doc:
  code audits don't catch operational failures, certifications target
  that gap
- List the six modules (with the new Identity & Accounts and Incident
  Response updated to include threat modeling)
- Condense "How Certification Works" into a five-step engagement flow
  with EAS attestation
- Replace the RFC Phase section with a plain Program Status summary of
  where the program is now
- Trim outdated FAQ items (the "Q1 2026 rollout" question) and update
  wording throughout
- Link to the new /certs/changelog page for revision history

Shorter overall; aligned with the roadmap doc without duplicating its
operational detail.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Add back protocol and auditor signup links to certs overview

Previous rewrite dropped these along with the RFC Phase framing. Adding
them back as a tight "Get Involved" section between Program Status and
FAQ.

Both entry points currently point at the same typeform
(securityalliance.typeform.com/CertsAuditor), matching the original
overview page. If protocols and auditors need distinct intake forms
later, the URL can be updated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Integrate PR feedback from template repo review

Mirrors template-repo commits acddf5c, 2d3a777, 5ae8d0f which applied
DicksonWu654's review feedback. Since v1.1 hasn't shipped yet, the
changelog entry for v1.1 is updated to reflect final state rather than
documenting an intra-PR iteration.

- sfc-devops-infrastructure: di-1.1.2 drops the supply-chain
  parenthetical (Section 2 already handles supply chain); di-1.1.4 and
  di-1.1.5 merged back into a single di-1.1.4 covering both the tool
  approval process and the approved-tools list; References section at
  the bottom removed (other certs don't carry References, so the
  inconsistency wasn't earning its keep)
- sfc-identity-accounts: ida-2.1.1 drops the "(subject to SIM-swap and
  interception)" parenthetical; ida-4.1.1 drops the inline "(coordinated
  with SFC - Incident Response monitoring)" parenthetical (the trailing
  IR coordination bullet still carries that point); "Related certs"
  list in the page body removed (cross-refs live inline in each
  vertical cert)
- sfc-incident-response: ir-2.1.1 threat model gains a baseline bullet
  on identifying single points of failure and highly centralized
  components across onchain and offchain layers (cross-chain messaging
  providers, oracle providers, critical infrastructure dependencies)
- changelog.mdx: v1.1 entry updated to reflect final merged state;
  DevOps control count is now unchanged at 16, workbook compat note
  flags the shifted IR Section 2 IDs

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Fix protocol signup typeform URL to CertsWaitlist

Both the protocol and auditor signup links in the certs overview were
pointing at the same auditor form (CertsAuditor). Protocols should
land on the waitlist form (CertsWaitlist) instead. Per PR #459 review
comment from DicksonWu654.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Add Attack Surface Overview page with interactive radial threat map

Visual security posture dashboard showing 12 attack vectors as a radial
diagram. Nodes are color-coded (red/amber/green) by posture state with
click-to-toggle and localStorage persistence. Clicking a node opens a
detail card with description, attack tags, and framework guide links.
Designed for CSOs to quickly assess and communicate security gaps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Mark Attack Surface Overview as dev content

Adds dev: true flag to sidebar entry per contributing guidelines.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Replace selection ring with scale + glow effect on selected nodes

Selected nodes now scale up 10% and show a soft color-matched glow
instead of a detached ring outline.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add GitHub Actions reminder for attack surface threat data changes

Posts an automated PR comment when threatData.ts is modified, reminding
contributors to include all required fields and verify framework links.
Follows the same pattern as the existing vocs-config-reminder workflow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address Sara first PR feedback item

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address Sara second PR feedback item

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Smooth-scroll detail card into view when a threat node is clicked

Clicking a node on the radial map showed the detail card below the
map, but on typical viewports the card landed below the fold, so it
wasn't obvious anything had happened. Use scrollIntoView with
block: "nearest" on the card when it mounts or the selected vector
changes, respecting prefers-reduced-motion.

Third PR feedback item addressed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Move attack-surface.mdx into intro/ folder and update links

Moved the page to sit alongside the other Introduction pages.
Updated sidebar link, internal cross-link in how-to-navigate, and
component import path to match the new location.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Use react-router Link for framework CTA to avoid full page reload

The detail card's framework link used a plain <a> tag which caused a
full page reload. Switched to react-router-dom's <Link> for client-side
navigation, consistent with the rest of the site.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add standard page components to Attack Surface Overview

Adds TagProvider, TagFilter, TagList, and ContributeFooter to match
the pattern used by all other Introduction pages.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…annel scope (#445)

Clarify that profile labels and platform status indicators are not proof of legitimacy, and state that unsupported platforms should be explicitly identified.
Adds TxScope to monitoring tools and wallet security tools pages.
TxScope is a Solana-native pre-signing transaction threat scanner
for Squads Protocol multisigs, filling the non-EVM tooling gap
noted in the current tools page.

Co-authored-by: black <bob@bobby.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Clarify hot vs cold wallet taxonomy

* Narrow hot vs cold wallet edits

---------

Co-authored-by: welttowelt <welttowelt@users.noreply.github.com>
* Add third party script security page in the frontend web app fw

* fix Further Reading link

* Fix links in web3-supply-chain-threats.mdx
* weekly cleanup:
- sync badges
- fix outputs spellchecker
- fix outputs linter
- sync contributing files
- sync tags

* Cleanup of the latest PR merged

* sync contributor badges with latest PRs

* Fix indentation
* feat: add forensic readiness page (closes #433)

* fix: add forensic readiness to sidebar in vocs.config.tsx (refs #457)
…dates (#425)

Bumps the npm_and_yarn group with 2 updates in the / directory: [dompurify](https://github.com/cure53/DOMPurify) and [flatted](https://github.com/WebReflection/flatted).


Updates `dompurify` from 3.3.0 to 3.3.3
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.0...3.3.3)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
- code-signing.mdx: Add GPG key generation, subkeys, YubiKey setup, passphrase management, key backup/recovery
- continuous-integration-continuous-deployment.mdx: Add SLSA provenance, SBOM generation, OIDC federation for cloud access
- repository-hardening.mdx: Add CODEOWNERS patterns, GitHub Advanced Security (CodeQL, secret scanning, dependency review), security policy template
- security-testing.mdx: Add severity thresholds table, Semgrep custom rules, false positive management, coverage and mutation testing
- Update contributors frontmatter: mattaereal as author, scode2277 as reviewer
- Replace discontinued keys.mailvelope.com with keyserver.ubuntu.com
- Fix CISA link text to match URL (Software Bill of Materials)
- Update expired nosemgrep example date to 2027-06-01
- Add note about simplified Semgrep rule example
The search index lives in docs/dist/.vocs/ (a hidden directory).
actions/upload-artifact@v4 excludes hidden files by default, so the
.vocs directory was missing from the uploaded artifact. This caused
the search index to be absent from preview deployments, breaking the
native search (/) on all preview URLs.

Adding include-hidden-files: true ensures the .vocs directory (and
any other hidden assets) are included in the artifact.
* feat: add llms.txt generator + llms-{framework}.txt for all the frameworks we have + changed titles to 2 pages as previously confusing

* Add branch-aware links + better hadle of contributing folder

* fix: making the generator inherit dev:true from parent sidebar blocks

* refactor: restructure llms output with per-page files, folder layout, and tighter routing index

* fix: make branch check stronger
…els (#473)

* fix: expand VPN services page with HTTPS vs VPN, metadata, threat models (closes #406)

* Update docs/pages/privacy/vpn-services.mdx

Co-authored-by: Sara Russo <sararusso984@gmail.com>

* refactor: split VPN services into subcategory pages per review feedback

Restructure vpn-services.mdx into a vpns/ directory with sub-pages:
- overview.mdx: entrance page with intro and links to subsections
- https-vs-vpn.mdx: HTTPS vs VPN comparison and metadata gap
- attack-surfaces-public-networks.mdx: public Wi-Fi risks
- when-to-use-vpn.mdx: threat model decision framework + choosing a VPN
- vpn-limitations.mdx: VPN limitations and DNS leaks
- vpn-providers-and-tools.mdx: recommended providers, tools, and resources

Update vocs.config.tsx with nested sidebar structure for VPN Services.
All new pages include outline: deep for subsection navigation.

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Co-authored-by: Sara Russo <sararusso984@gmail.com>
…dates (#464)

Bumps the npm_and_yarn group with 3 updates in the / directory: [axios](https://github.com/axios/axios), [dompurify](https://github.com/cure53/DOMPurify) and [hono](https://github.com/honojs/hono).


Updates `axios` from 1.14.0 to 1.15.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.14.0...v1.15.0)

Updates `dompurify` from 3.3.3 to 3.4.1
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.3...3.4.1)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

Updates `hono` from 4.12.12 to 4.12.14
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.12...v4.12.14)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.14
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sync badges
sync indexes
sync tags
fix spellchecker outputs
fix linter outputs

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Extract §4 (Upgrade Governance) out of data-security-upgrade-checklist
into a standalone DevSecOps page focused on smart-contract upgrade
governance across the full proposal lifecycle. Add an interactive hero
graphic mapping threats onto a 4-stage SDLC, replace raw-markdown
checklists with a stateful ChecklistItem component, and extend the
content with material that consistently fails in practice but rarely
appears on upgrade checklists: invariant suites that run against live
mainnet state, and reproducible onchain calldata verified by CI.

Page: /devsecops/governance-proposal-security
Stages: Plan -> Build and Test -> Review & Audit ->
        Propose, Verify Onchain Calldata & Monitor

New components:
- <GovernanceSDLCPipeline /> - SVG pipeline with threat constellations,
  click-to-expand detail panel, keyboard nav, loop-back "feeds next
  cycle" arrow. Reuses categoryMeta from attack-surface for visual
  consistency. Stateless.
- <ChecklistItem title="..."> ... </ChecklistItem> - interactive
  labelled checkbox with localStorage-persisted state and
  aria-describedby. Replaces every raw markdown "- [ ]" item on the
  new page.

Migrations:
- docs/pages/devsecops/data-security-upgrade-checklist.mdx - section 4
  removed; page renamed to "Data Security Checklist" (URL preserved).
- docs/pages/devsecops/overview.mdx - dropped duplicate "What's inside
  DevSecOps" section; Contents list is the single entry point (8
  entries including the new page and Isolation & Sandboxing).
- vocs.config.tsx - sidebar entry added and old Data Security entry
  renamed.
- components/index.ts - exports the two new components.

Notable content:
- Stage 2: tests must exercise the actual deployment script, and
  fork-tests must execute the proposal's calldata at HEAD before
  running the integration + invariant suite.
- Stage 3: internal peer review of the proposal by a non-author
  reviewer; audit scope extends to deploy scripts and proposal payloads.
- Stage 4: reproducible calldata built locally + rebuilt in CI,
  compared byte-for-byte against what's onchain.
- Real-World Proposal Failures: Wormhole (Feb 2022), Nomad (Aug 2022),
  Compound cETH Proposal 117 (Aug 2022), Yearn Finance yUSDT (Apr 2023)
  - each framed around a specific SDLC failure mode.

Contributors:
- wrote: quillaudits, dickson, ElliotFriedman
- fact-checked: mattaereal

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
dependabot Bot and others added 5 commits July 7, 2026 23:10
…tes (#538)

Bumps the pnpm-minor group with 3 updates in the / directory: [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3), [@aws-sdk/lib-storage](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/lib/lib-storage) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom).


Updates `@aws-sdk/client-s3` from 3.1068.0 to 3.1073.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1073.0/clients/client-s3)

Updates `@aws-sdk/lib-storage` from 3.1068.0 to 3.1073.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/lib/lib-storage/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1073.0/lib/lib-storage)

Updates `react-router-dom` from 7.17.0 to 7.18.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.0/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.0/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
  dependency-version: 3.1073.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pnpm-minor
- dependency-name: "@aws-sdk/lib-storage"
  dependency-version: 3.1073.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pnpm-minor
- dependency-name: react-router-dom
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pnpm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-patch group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).


Updates `aws-actions/configure-aws-credentials` from 6.2.0 to 6.2.1
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@e7f100c...254c19b)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-minor group with 1 update: [actions/cache](https://github.com/actions/cache).


Updates `actions/cache` from 5.0.5 to 5.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...caa2961)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tes (#549)

Bumps the pnpm-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.18.0` | `1.18.1` |
| [playwright](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [sharp](https://github.com/lovell/sharp) | `0.35.1` | `0.35.2` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.1` | `4.3.2` |



Updates `axios` from 1.18.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.18.0...v1.18.1)

Updates `playwright` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `sharp` from 0.35.1 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.35.1...v0.35.2)

Updates `tailwindcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pnpm-patch
- dependency-name: playwright
  dependency-version: 1.61.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pnpm-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pnpm-patch
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pnpm-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: pnpm-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update overview.mdx

I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were:

1) Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one."

2) Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end.

3) Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message.

------------------------------------------------------------------------
Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks.

This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.

* Update discord.mdx

I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were:

Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one."

Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end.

Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message.

------------------------------------------------------------------------ Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks.

This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.

* Update telegram.mdx

I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were:

Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one."

Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end.

Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message.

------------------------------------------------------------------------ Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks.

This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.

* Update slug to make attribution list visible

* Update slug to make contributor profile visible

* Remove manually added contribute call

* Update docs/pages/community-management/overview.mdx

* Update docs/pages/community-management/telegram.mdx

* Update docs/pages/community-management/discord.mdx

* Update docs/pages/community-management/discord.mdx

* Update docs/pages/community-management/overview.mdx

* Update docs/pages/community-management/telegram.mdx

* Update docs/pages/community-management/telegram.mdx

* Update docs/pages/community-management/telegram.mdx

* Remove components

* Update links to make them relative in the discord file

* Update links to make them relative in the overview file

* Update links to make them relative in the telegram file

* Remove call to contribution line from discord file

* Update twitter.mdx

Updating fixed to this to address call outs from #513 & #514

* Remove manually added contribution call

---------

Co-authored-by: Sara Russo <sararusso984@gmail.com>
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 8, 2026

Copy link
Copy Markdown

Deploying frameworks with  Cloudflare Pages  Cloudflare Pages

Latest commit: 9bc131a
Status: ✅  Deploy successful!
Preview URL: https://2f933275.frameworks-573.pages.dev
Branch Preview URL: https://develop.frameworks-573.pages.dev

View logs

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/discord.mdx:31:96 - Unknown word (organisation)
 2. docs/pages/community-management/telegram.mdx:74:65 - Unknown word (unrecognised)
 3. docs/pages/community-management/twitter.mdx:36:54 - Unknown word (defence)
 4. docs/pages/community-management/twitter.mdx:36:102 - Unknown word (organisation)
 5. docs/pages/community-management/twitter.mdx:72:42 - Unknown word (unrecognised)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 7. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 8. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 9. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
10. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
11. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
12. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
13. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
14. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

@socket-security

socket-security Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedreact-router-dom@​7.12.0 ⏵ 7.18.11001006596100
Updated@​types/​react@​19.2.7 ⏵ 19.2.17100 +110079 +192 -2100
Updatedplaywright@​1.57.0 ⏵ 1.61.11001001009980 -19
Updatedtailwindcss@​4.1.15 ⏵ 4.3.2100 +110084 +198100
Updatedreact@​19.2.1 ⏵ 19.2.71001008497100
Addedwaku@​1.0.0-beta.68510010096100
Updateduuid@​8.3.2 ⏵ 14.0.1100 +1100 +210090 +40100
Updatedreact-dom@​19.2.1 ⏵ 19.2.71001009298100
Updatedaxios@​1.15.2 ⏵ 1.18.197 -1100 +6110094100

View full report

@socket-security

socket-security Bot commented Jul 8, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @internationalized/date is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@internationalized/date@3.12.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@internationalized/date@3.12.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Protestware or unwanted behavior: npm es5-ext

Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts.

From: pnpm-lock.yamlnpm/es5-ext@0.10.64

ℹ Read more on: This package | This alert | What is protestware?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.64. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm robust-predicates is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/robust-predicates@3.0.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/robust-predicates@3.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/discord.mdx:31:96 - Unknown word (organisation)
 2. docs/pages/community-management/telegram.mdx:74:65 - Unknown word (unrecognised)
 3. docs/pages/community-management/twitter.mdx:36:54 - Unknown word (defence)
 4. docs/pages/community-management/twitter.mdx:36:102 - Unknown word (organisation)
 5. docs/pages/community-management/twitter.mdx:72:42 - Unknown word (unrecognised)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 7. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 8. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 9. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
10. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
11. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
12. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
13. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
14. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

* Remove 'dev' flag from multiple items in config

* Remove 'dev' property from Privacy items

Removed 'dev' property from multiple items in the Privacy section.

* Remove DevOnly component from Privacy and Treasury Operations fws

* Add 'dev' flag to multiple items in vocs.config.ts

---------

Co-authored-by: Sara Russo <sararusso984@gmail.com>
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/discord.mdx:31:96 - Unknown word (organisation)
 2. docs/pages/community-management/telegram.mdx:74:65 - Unknown word (unrecognised)
 3. docs/pages/community-management/twitter.mdx:36:54 - Unknown word (defence)
 4. docs/pages/community-management/twitter.mdx:36:102 - Unknown word (organisation)
 5. docs/pages/community-management/twitter.mdx:72:42 - Unknown word (unrecognised)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 7. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 8. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 9. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
10. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
11. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
12. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
13. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
14. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

Corrected minor grammatical issues and improved clarity in the text.
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/telegram.mdx:74:65 - Unknown word (unrecognised)
 2. docs/pages/community-management/twitter.mdx:36:54 - Unknown word (defence)
 3. docs/pages/community-management/twitter.mdx:36:102 - Unknown word (organisation)
 4. docs/pages/community-management/twitter.mdx:72:42 - Unknown word (unrecognised)
 5. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 7. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 8. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
 9. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
10. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
11. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
12. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
13. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

Corrected punctuation and improved clarity in the text regarding community management on Telegram. Adjusted wording for consistency and readability.
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/twitter.mdx:36:54 - Unknown word (defence)
 2. docs/pages/community-management/twitter.mdx:36:102 - Unknown word (organisation)
 3. docs/pages/community-management/twitter.mdx:72:42 - Unknown word (unrecognised)
 4. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 5. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 7. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
 8. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
 9. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
10. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
11. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
12. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/twitter.mdx:72:42 - Unknown word (unrecognised)
 2. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 3. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 4. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 5. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
 7. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
 8. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
 9. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
10. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/twitter.mdx:36:55 - Unknown word (defence)
 2. docs/pages/governance/rebrands-and-reorgs.mdx:149:131 - Unknown word (Kroll)
 3. docs/pages/governance/rebrands-and-reorgs.mdx:156:16 - Unknown word (Clawd)
 4. docs/pages/governance/rebrands-and-reorgs.mdx:160:57 - Unknown word (CLAWD)
 5. docs/pages/governance/rebrands-and-reorgs.mdx:185:4 - Unknown word (Coinspect)
 6. docs/pages/governance/rebrands-and-reorgs.mdx:186:6 - Unknown word (xngmi)
 7. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:25:184 - Unknown word (doxxing)
 8. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:28 - Unknown word (doxxing)
 9. docs/pages/physical-security/coercion-and-duress/risk-factors-and-early-signals.mdx:48:90 - Unknown word (doxxing)
10. docs/pages/physical-security/coercion-and-duress/transaction-flows-under-duress.mdx:49:27 - Unknown word (doxxing)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

Added new words to the wordlist.
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hi @scode2277,

Following typos were found in the pull request:

  • 📄 docs/pages:
 1. docs/pages/community-management/twitter.mdx:36:55 - Unknown word (defence)

ℹ️ Here's how to fix them:

  • Fix typos: Open the relevant files and fix any identified typos.
  • Update wordlist: If a flagged word is actually a project-specific term add it to wordlist.txt in the project root.
    Each word should be listed on a separate line.
  • 🚧 Remember:
    • When adding new words it MUST NOT have any spaces or special characters within or around it.
    • wordlist is NOT case sensitive.
    • If code variables are flagged, wrap them in backticks instead of adding them to the wordlist. This way they are treated as code and won’t bloat the wordlist with project-specific identifiers.

@mattaereal mattaereal merged commit 4c1983c into main Jul 8, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.