Milestone 4.3 — Security analysis (EHX Secure preview)
Status: Preview shipped
Depends on: M3.5 composition, M3.6 validation, M4.1 NodeOps context
Suite: /secure · Intent: security_analysis (Team+)
Tracking: ehx-kb#12
Shipped (preview)
| Deliverable | Implementation |
|---|---|
| Infrastructure security checks | Restricted pod security Deployment sketch |
| Exposure analysis | Public Service audit + TLS ingress minimum |
| Security recommendations | Prioritized findings YAML template |
| Web3 RPC risks | Hardened Geth Compose + exposure checklist |
Bundle: security_analysis recipe — 8 files (namespace + 7 security presets)
Catalog: module_packs/security v0.2.0 · composition-recipes.json v0.5.0
Free tier: security_posture intent (baseline deny + sample workload) unchanged.
Generate
- Confirm Team tier (
/checkout+ same browser principal) - Open
/chat→ security analysis exposure review for staging → Generate bundle - Or:
/chat?intent=security_analysis&message=...&send=1
Not yet shipped
- Live Trivy/Kubescape/Falco scan integration
- Automated exposure discovery against running clusters
- Continuous drift detection (Phase 5+)
Related
- milestone-4-2-monitoring-intelligence.md
- Phase 4 roadmap: EHX_Roadmap.md