feat: define security audit scope, threat model, and audit automation skills

[AdriaCarrera]

PR Name

Motivation 💡

• Issue

Changes 🛠

• 1st change ✨
• 2nd change ✨

Considerations 🤔

• Warning... ⚠️
• This part could be improved...

Dependencies 📦

• Main

Summary by CodeRabbit

• Documentation
  • Added comprehensive security audit scope and threat model documentation detailing in-scope components, trust boundaries, and audit focus areas.
  • Established formalized security audit workflow and standardized issue reporting procedures to improve transparency and consistency in security findings.

[coderabbitai]

📝 Walkthrough

Walkthrough

New documentation framework introduced for the exrpd XRPL EVM Sidechain node, comprising security scope definitions, threat modeling, parallel audit orchestration via Claude skills, and monthly audit process guidelines with standardized issue reporting workflow.

Changes

Cohort / File(s)	Summary
Security Documentation .claude/security/SECURITY_SCOPE.md, .claude/security/THREAT_MODEL.md	Defines security audit scope across criticality tiers (critical, high, infrastructure, lower priority), enumerates trust boundaries (network interfaces, transaction validation, POA authority, IBC, EVM), and establishes threat model with asset definitions, adversary profiles, attack surfaces, and implementation audit checklists.
Claude Audit Skills .claude/skills/security-audit/SKILL.md, .claude/skills/security-issue/SKILL.md	Introduces orchestration skill for parallel security reviews across scope areas with deduplication and regression detection; adds reporting skill for standardized GitHub issue creation with severity labels and structured finding fields.
Process Documentation CLAUDE.md	Documents build/validation procedures, key directory responsibilities, and formalized monthly AI-assisted security audit workflow including scope sources, agent coordination, issue reporting, and security invariant checklist.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A fortress of audits, both swift and sage,
Security scope spans every page,
Threats mapped clear, with skills to review,
Parallel reviewers find what's true,
Each finding logged, each weakness purged—
From sidechain to summit, safety emerged! 🔐✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description uses the template structure but contains only placeholder content with no actual details about motivation, specific changes, considerations, or dependencies.	Replace placeholder text with concrete information: clarify the motivation/issue, detail the actual changes (SECURITY_SCOPE.md, THREAT_MODEL.md, skill files, CLAUDE.md), note relevant considerations, and remove placeholder dependency links.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: introducing security audit scope documentation, threat model, and automation skills for security auditing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/ai-security-audit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CLAUDE.md`:
- Around line 18-28: Update the directory listing entry that currently reads
"security/" to the correct path ".claude/security/" in CLAUDE.md so it matches
the actual files (.claude/security/SECURITY_SCOPE.md,
.claude/security/THREAT_MODEL.md); locate the line containing the literal
"security/" in the code block and replace it with ".claude/security/".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e0942e9b-b0fe-41ec-a82d-1e33610f8f10

📥 Commits

Reviewing files that changed from the base of the PR and between 43c1c36 and 1e4eef1.

📒 Files selected for processing (5)

• .claude/security/SECURITY_SCOPE.md
• .claude/security/THREAT_MODEL.md
• .claude/skills/security-audit/SKILL.md
• .claude/skills/security-issue/SKILL.md
• CLAUDE.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix incorrect security directory path.

Line 27 lists security/ but the actual path is .claude/security/ as shown in the other files in this PR (.claude/security/SECURITY_SCOPE.md, .claude/security/THREAT_MODEL.md).

📁 Proposed fix for the path

 cmd/exrpd/          # CLI entry point and node configuration
 app/                # Cosmos SDK app wiring, ante handlers, upgrade handlers
 app/ante/           # Transaction validation (routes EVM vs Cosmos txs)
 x/poa/              # Proof-of-Authority module (validator add/remove)
 proto/              # Protobuf definitions (gRPC API surface)
 types/              # Core types (address prefixes, denominations)
 testutil/           # Test helpers
 tests/              # Integration tests
-security/           # Security audit scope and threat model
+.claude/security/   # Security audit scope and threat model

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 18-18: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CLAUDE.md` around lines 18 - 28, Update the directory listing entry that
currently reads "security/" to the correct path ".claude/security/" in CLAUDE.md
so it matches the actual files (.claude/security/SECURITY_SCOPE.md,
.claude/security/THREAT_MODEL.md); locate the line containing the literal
"security/" in the code block and replace it with ".claude/security/".