Spanda enterprise operations promotion requires an independent review of authentication, authorization, and secret handling. This guide scopes the audit and links to automated prep artifacts.
| Area | Evidence |
|---|---|
| API authentication | SPANDA_API_KEY, Bearer tokens, tenant isolation (SPANDA_TENANT_ID) |
| RBAC | GET /v1/rbac/matrix, mutation gating on POST/PATCH |
| Secrets | ManagedSecretVault, no secret values in audit exports |
| Persistence | SPANDA_CONTROL_CENTER_STATE_DIR, encrypted snapshots |
| Mutation audit | Hash-chained JSONL + SIEM export |
./scripts/security_audit_prep.sh and attach .spanda/security-audit-prep.json.scripts/enterprise_ops_smoke.sh on a staging Control Center instance./v1/audit/mutations coverage.For Spatial Computing & Human-Robot Collaboration promotion, also review:
| Area | Evidence |
|---|---|
| Health opt-in | GET /v1/human-health/policy, SPANDA_HUMAN_HEALTH_ENABLED |
| Wearable telemetry | SPANDA_LIVE_HEALTHKIT gate, health mirror stripping on twins |
| AR session RBAC | POST /v1/hri/sessions/{id}/annotate requires Approve role |
| Mission approvals | GET /v1/operator/mission/approvals, persisted queue |
Run ./scripts/hri_security_audit_prep.sh and attach .spanda/hri-security-audit-prep.json
alongside the enterprise ops packet.
See packages/registry/spanda-security-audit/README.md for the audit checklist template.