tiennm99 efe79be9ac docs(security): audit reports + IAM least-privilege plan + project policy ...

Captures the 2026-05-18 security review session output:

- plans/reports/code-reviewer-260518-1019-security-aws-infra.md
- plans/reports/code-reviewer-260518-1019-security-go-app.md
- plans/reports/researcher-260518-1019-security-dependencies.md
- docs/deploy-aws-free-tier-guide.md (adds free-tier hard rule +
  accepted security trade-offs as project standards)

Plan for the two HIGH-severity findings (F1, F2) targeting
github-deploy-miti99bot OIDC role: plans/260518-1019-iam-least-privilege/.
Plan was red-team-reviewed (15 findings applied) and validate-interviewed
(4 decisions recorded). Zero unresolved contradictions. Implementation
not yet started; phase 1 is standalone and lowest risk.

Other audit findings (F3 CORS, F4 root handler, F5-F16) deferred to
future commits; rationale in audit report.

2026-05-18 16:50:38 +07:00

..

cf-to-aws-migration-runbook.md

docs(plans): close cf→aws phases 01-02 and amend locked decisions

2026-05-16 10:33:46 +07:00

deploy-aws-free-tier-guide.md

docs(security): audit reports + IAM least-privilege plan + project policy

2026-05-18 16:50:38 +07:00

deploy-aws.md

ci(deploy): auto-register Telegram webhook + commands after SAM deploy

2026-05-16 10:55:43 +07:00