# Redaction Log — AIW Security Audit Docs (Public Release) **Generated:** 2026-05-19 (UTC) **Process:** `redact.xml` (security-docs-publisher skill v1.0.0) **Branch:** `security-docs-publish` This log is published alongside the audit documents. It exists so anyone can see **exactly** what was changed before public release and why — the redaction was principled and minimal, not arbitrary. Originals in `docs/` were never modified; only the copies in `docs/security/` were processed. ## Summary Ten audit documents were processed. **Eight were copied verbatim** (they contained no sensitive values). **Two received surgical redactions** totalling **6 substitutions** across 3 categories: - **R-01** (credential value): 1 substitution - **R-07** (real mainnet wallet address): 2 substitutions - **R-09** (process IDs): 3 substitutions No findings, evidence, payloads, endpoint names, source line numbers, stagenet transaction hashes, or stagenet addresses were altered or removed. Per the governing rules, the default was **transparency** — when in doubt, content was kept. ## Rule legend | Rule | Action | What it covers | |---|---|---| | R-01 | REDACT | Real credential values (RPC passwords, session secrets, PINs) | | R-02 | KEEP | Stagenet transaction hashes — core verifiable evidence | | R-03 | REVIEW | Windows/Unix paths exposing a real username | | R-04 | KEEP | HTTP status codes, response bodies, payloads, endpoint names | | R-05 | KEEP | Source line numbers / function names cited as evidence | | R-06 | REVIEW | Docker container names (keep) / internal bridge IPs (remove) | | R-07 | REDACT | Mainnet wallet addresses of real funded wallets | | R-08 | KEEP | The stagenet self-send test address (zero value) | | R-09 | REDACT | Process IDs and non-default config that aids an attacker | --- ## Per-file detail ### SECURITY-REVIEW.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** HTTP codes, endpoint names, fix markers (`AUD-###`), and source references kept (R-04, R-05) — they are proof-of-work and the app's security does not depend on hiding them. No credential value, mainnet address, PID, username path, or bridge IP was present. ### SECURITY-AUDIT2.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** Env-variable *names* (e.g. `DASHBOARD_PASSWORD`, `DECREE_PIN`, `STRIKE_API_KEY`) appear only as names in prose describing the Agent-SDK env allowlist — these are not values and are kept (R-04/R-05). No secret values present. ### SECURITY-AUDIT3.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** Function/line references and the phrase "the wallet password" (prose, not a value) kept (R-05). No sensitive values present. ### SECURITY-AUDIT4.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** Endpoint names, fix markers, line numbers kept (R-04/R-05). No sensitive values present. ### SECURITY-AUDIT5.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** As above (R-04/R-05). No sensitive values present. ### SECURITY-AUDIT6.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** `STRIKE_PIN` appears only as an env-var name in prose (R-04). No values present. ### SECURITY-AUDIT7.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** `STRIKE_PIN` referenced as a variable name in the R1 finding; `safeStrEqual` and other function names kept as transparency signals (R-05). No values present. ### SECURITY-AUDIT8.md - **Rules applied:** none (verbatim copy) - **Changes made:** none - **Changes kept & why:** Env-var names and `server.mjs:NNNN` line citations kept (R-04/R-05). No values present. ### SECURITY-AUDIT9.md - **Rules applied:** R-09, R-07 - **Changes made:** - **R-09** — `PID 32468` → `PID [PID]` (the installed-app process ID in the "System under test" header). - **R-07** — one real mainnet **Bitcoin** address (`bc1q…` — the operator's `BTC_WALLET_ADDRESS`) used as a *wrong-network test input* in case **T-009-02** → `[BTC_ADDR_REDACTED]`. The finding is unchanged: a BTC bech32 address was correctly rejected as an XMR destination — the proof value does not depend on the literal address. - **Changes kept & why:** ALL stagenet tx hashes (R-02), every HTTP status/response body/attack payload P-01–P-20 (R-04), all `server.mjs:NNNN` and function-name citations (R-05), the stagenet wallet name `test-wallet-02` and balance, and generic docker container names `aiw-xmr-wallet-stagenet` / `aiw_default` (R-06 — already public via the shipped docker-compose). No internal bridge IP (172.x) was present. ### SECURITY-AUDIT9-RETEST.md ⭐ - **Rules applied:** R-01, R-09, R-07 - **Changes made:** - **R-01** — `--rpc-login aiw:-1Tcke…` → `--rpc-login aiw:[WALLET_RPC_PASS]` (one occurrence, T-003 section). The wallet-rpc digest password prefix is replaced with a descriptive placeholder; the sentence and the finding (—rpc-login *is* enforced, refuting the Gap-5 hypothesis) read identically. - **R-09** — `PID 37444` → `PID [PID]` (2 occurrences: the "System under test" header and the T-008-02 `Get-NetTCPConnection -OwningProcess` command). - **R-07** — one real mainnet **Bitcoin** address (`bc1q…`) used as the wrong-network test input in **T-009-02** → `[BTC_ADDR_REDACTED]`. Finding unchanged. - **Changes kept & why:** The stagenet self-send anchor address `56C2ZE1pLbG2zxqaKMFcUpHksR6ktnskuCdEvgo2KxxuA8haWLrsfqYZSxQRK7ubyBeadYo6nSC3mUkiKJnc38YQCwV4Bf2` (R-08), **every** stagenet tx hash in the on-chain evidence appendix (R-02 — this is the verification anchor and must never be redacted), all HTTP codes/response bodies/curl commands (R-04), all `server.mjs` line numbers and helper names `getPendingPreview` / `setPendingPreview` / `clearPendingPreview` / `isRateLimited` / `getTrustedIP` (R-05), and generic container names plus the `aiw_default` network name (R-06). The `` placeholder that already existed in the doc (T-003-01 table) was left as-is — it was never a real value. --- ## What was deliberately NOT redacted (and why) - **Stagenet transaction hashes** (R-02) and the **stagenet self-send address** (R-08): these are on Monero **stagenet** — coins with zero monetary value. They are the independently verifiable anchor of the entire audit. Redacting them would destroy the evidence. Anyone can confirm them on a stagenet block explorer. - **Attack payloads P-01–P-20** (R-04): public-knowledge prompt-injection patterns. Publishing them demonstrates the app *resisted* them — it builds credibility, it does not aid an attacker. - **Source line numbers and function names** (R-05): an open-source-style transparency signal. The security depends on the logic being correct (proven dynamically), not on hiding where it lives. - **Docker container names** (R-06): already public in the shipped `docker-compose.yml`. No internal bridge IPs were present to remove. - **Env-variable names** (`DECREE_PIN`, `WALLET_RPC_PASS`, `STRIKE_PIN`, …): these are configuration *key names*, not secrets — kept so the hardening narrative is readable. Nothing was summarized, compressed, or deleted. Full document content is preserved end to end.