Clarifications

making the page with proper heading + table of content (#311)

making the deadlinks error just a warning (#312)

Revert "Add DevOps & Infrastructure certification and enhance existing certif…" (#317)

This reverts commit 1148af5.

Fix node version requirement for local testing (#318)

* fix: update Node.js requirement to v22+ for vocs compatibility

vocs >=1.2.0 requires Node.js 22+ due to usage of globSync from node:fs.
Updated devcontainer Dockerfile and CONTRIBUTING.md accordingly.

See: https://github.com/wevm/vocs/blob/main/package.json

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* shorten comments

* fix: update Node.js version in contributing.mdx

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Restructuring opsec domain (#299)

* restructuring opsec domain

* finalise the opsec revamp

* Updating tags!

* Removing build errors by vite on deadlinks

* fix import paths + deadlinks

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
Co-authored-by: Sara Russo <sararusso984@gmail.com>

Restore automated tag colors and fix broken link (#310)

* add tags color generator

* adding missing tags, colors and styling for tags + fix broken link

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>

Add Isaac and Dickson as stewards (#316)

* Update contributor roles and descriptions in contributors.json

- Changed roles for Dickson Wu and Isaac Patka from "contributor" to "steward".
- Enhanced descriptions to reflect their stewardship responsibilities, providing clearer attribution in documentation.

* Update contributor description for Safe Harbor in contributors.json

- Revised the description for the Safe Harbor contributor to clarify their role as "Steward of Safe Harbor & Steward of SEAL Certs," enhancing the accuracy of contributor attributions.

clarify CAA use further

minor content structure

further work after discussion with maintainer

making the page with proper heading + table of content (#311)

making the deadlinks error just a warning (#312)

Revert "Add DevOps & Infrastructure certification and enhance existing certif…" (#317)

This reverts commit 1148af5.

Fix node version requirement for local testing (#318)

* fix: update Node.js requirement to v22+ for vocs compatibility

vocs >=1.2.0 requires Node.js 22+ due to usage of globSync from node:fs.
Updated devcontainer Dockerfile and CONTRIBUTING.md accordingly.

See: https://github.com/wevm/vocs/blob/main/package.json

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* shorten comments

* fix: update Node.js version in contributing.mdx

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Restore automated tag colors and fix broken link (#310)

* add tags color generator

* adding missing tags, colors and styling for tags + fix broken link

---------

Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>

Add Isaac and Dickson as stewards (#316)

* Update contributor roles and descriptions in contributors.json

- Changed roles for Dickson Wu and Isaac Patka from "contributor" to "steward".
- Enhanced descriptions to reflect their stewardship responsibilities, providing clearer attribution in documentation.

* Update contributor description for Safe Harbor in contributors.json

- Revised the description for the Safe Harbor contributor to clarify their role as "Steward of Safe Harbor & Steward of SEAL Certs," enhancing the accuracy of contributor attributions.

Author: gunnim

.devcontainer/Dockerfile

@@ -10,8 +10,8 @@ RUN apt-get update && apt-get install -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-# Install Node.js 20.x (LTS) from NodeSource
-RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+# Install Node.js 22.x (LTS) from NodeSource
+RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
     && apt-get install -y nodejs
 
 # Switch to vscode user

CONTRIBUTING.md

@@ -110,7 +110,7 @@ If you prefer to install dependencies locally on your machine:
 
 **Prerequisites:**
 
-- Node.js (v18 or later) and pnpm (for running Vocs locally)
+- Node.js (v22 or later) and pnpm (for running Vocs locally)
 - [markdownlint-cli2](https://github.com/DavidAnson/markdownlint-cli2) (For linting markdown files)
 - [Docker](https://docs.docker.com/get-docker/) (Optional: For running the devcontainer)
 - [GitHub CLI](https://cli.github.com/) (Optional: For using `gh` to interact with GitHub)

components/contributors/Contributors.tsx

@@ -6,7 +6,7 @@ interface Contributor {
   name: string;
   role: string;
   avatar: string;
-  github: string;
+  github: string | null;
   twitter: string | null;
   website: string | null;
   company: string | null;
@@ -19,6 +19,14 @@ interface ContributorGroup {
   contributors: Contributor[];
 }
 
+// Helper to create a slug for heading IDs (matching Vocs slugify behavior)
+function slugify(text: string): string {
+  return text
+    .toLowerCase()
+    .replace(/\s+/g, '-')
+    .replace(/[^a-z0-9-]/g, '');
+}
+
 export function Contributors() {
   // Convert JSON object to array and group by role
   const contributors = Object.values(contributorsData as Record<string, Contributor>);
@@ -45,9 +53,26 @@ export function Contributors() {
   return (
     <div>
 
-      {groups.map((group) => (
+      {groups.map((group) => {
+        const headingSlug = slugify(group.label);
+        return (
         <div key={group.label} className={`contributors-group ${group.label.toLowerCase().replace(' ', '-')}-group`}>
-          <h2>{group.label}</h2>
+          <h2 className="vocs_H2 vocs_Heading">
+            <div id={headingSlug} className="vocs_Heading_slugTarget"></div>
+            {group.label}
+            <a 
+              className="vocs_Anchor vocs_Autolink" 
+              aria-hidden="true" 
+              tabIndex={-1} 
+              href={`#${headingSlug}`}
+            >
+              <div 
+                data-autolink-icon="true" 
+                className="vocs_Div vocs_AutolinkIcon" 
+                style={{ '--vocs_AutolinkIcon_iconUrl': 'url(/.vocs/icons/link.svg)' } as React.CSSProperties}
+              ></div>
+            </a>
+          </h2>
           <div className="contributors-page-list">
             {group.contributors.map((contributor) => (
               <div
@@ -106,7 +131,8 @@ export function Contributors() {
             ))}
           </div>
         </div>
-      ))}
+        );
+      })}
     </div>
   );
 }

components/shared/constants.ts

@@ -17,13 +17,13 @@ export const TAG_COLORS: Record<string, string> = {
   'Legal & Compliance': '#0525B1',
   'Protocol': '#495EA9',
   'Whitehat': '#571A70',
-  'Blockchain': '#1fc527',
-  'Compliance': '#059669',
-  'Human Resources': '#7c2d12',
-  'Individual Security': '#b91c1c',
-  'Physical Security': '#92400e',
-  'Travel': '#7c3aed',
-  'Web3': '#1e40af',
+  'Certifications': '#EA580C',
+  'Multisig Security': '#2DD4BF',
+  'SFC': '#9333EA',
+  'DeFi': '#0ce66d',
+  'Operations': '#a1fdaa',
+  'Risk Management': '#933176',
+  'Treasury Ops': '#f00120',
 }
 
 /**

components/tags/TagList.css

@@ -18,6 +18,7 @@
   border: 1px solid transparent;
   user-select: none;
   white-space: nowrap;
+  text-shadow: 2px 2px 4px rgba(0, 0, 0, 0.5);
 }
 
 /* Dark mode adjustments */

docs/pages/certs/overview.mdx

@@ -35,14 +35,13 @@ We are currently in a Request for Comment (RFC) Phase until December 31st, 2025.
 
 We welcome feedback on the current certifications, suggestions for new modular certifications, and general input on the framework.
 
-## Certifications Being Developed
+## Certifications Being Developped
 
-- **[DevOps & Infrastructure](/certs/sfc-devops-infrastructure.mdx)** - Development environments, CI/CD pipelines, infrastructure security, supply chain
 - **[DNS Security](/certs/sfc-dns-registrar.mdx)** - Domain management, DNS configurations, registrar protection
 - **[Incident Response](/certs/sfc-incident-response.mdx)** - Detection, response procedures, team coordination, emergency operations
 - **[Multisig Ops](/certs/sfc-multisig-ops.mdx)** - Governance, signer security, transaction verification
 - **[Treasury Ops](/certs/sfc-treasury-ops.mdx)** - Treasury architecture, transaction security, DeFi risk management
-- **[Workspace Security](/certs/sfc-workspace-security.mdx)** - Device security, account management, credential handling, insider threats
+- **[Workspace Security](/certs/sfc-workspace-security.mdx)** - Device security, account management, credential handling
 
 ## FAQ
 

docs/pages/certs/sfc-devops-infrastructure.mdx

@@ -73,18 +73,6 @@ cert:
       security and infrastructure logs (including cloud provider logs) to support incident investigation
       and forensic analysis?
     title: Log Retention Policies for Forensics
-  - id: ir-2.3.1
-    description: Do you maintain procedures for monitoring leaked credentials and compromised
-      accounts associated with the organization?
-    title: Leaked Credential Monitoring
-  - id: ir-2.3.2
-    description: Do you have procedures for monitoring organizational social media accounts & websites
-      for indicators of compromise or unauthorized activity?
-    title: Social Media Compromise Monitoring
-  - id: ir-2.3.3
-    description: Do you maintain requirements for immutable logging and tamper-evident alerting
-      channels that trigger alerts if logs are altered or monitoring is disabled?
-    title: Immutable Logging and Tamper-Evident Alerting
 - id: ir-3
   title: Pager Systems & Escalation
   controls:

docs/pages/certs/sfc-incident-response.mdx

@@ -43,10 +43,6 @@ cert:
     description: Do you have procedures for provisioning devices according to security requirements
       and verifying ongoing compliance?
     title: Device Provisioning and Compliance
-  - id: ws-2.1.3
-    description: Do you maintain procedures for device procurement through verified supply chains
-      and verification of device integrity upon receipt?
-    title: Device Supply Chain Security
   - id: ws-2.2.1
     description: Do you enforce authentication requirements for device access (password complexity,
       timeout settings, lock screens)?
@@ -74,18 +70,10 @@ cert:
     description: Do you maintain endpoint detection and response (EDR) or mobile device management
       (MDM) solutions on organizational devices with documented deployment and monitoring procedures?
     title: EDR/MDM Deployment and Monitoring
-  - id: ws-2.5.2
+  - id: ws-2.5.1
     description: Do you have procedures for responding to EDR/MDM alerts and enforcing compliance
       with security policies through these platforms?
     title: EDR/MDM Alert Response Procedures
-  - id: ws-2.6.1
-    description: Do you maintain policies for browser and application security (browser isolation,
-      extension approval, external file handling)?
-    title: Browser and Application Security
-  - id: ws-2.7.1
-    description: Do you maintain requirements for physical workspace security for both on-site
-      and remote work environments?
-    title: Physical Workspace Security
 - id: ws-3
   title: Account Management & Access Control
   controls:
@@ -113,10 +101,6 @@ cert:
     description: Do you have procedures for verifying ownership and preventing unauthorized
       use of organizational external accounts?
     title: Ownership Verification for External Accounts
-  - id: ws-3.3.3
-    description: Do you maintain policies for account security controls (recovery method restrictions,
-      organizational identity verification)?
-    title: Account Security Controls
   - id: ws-3.4.1
     description: Do you maintain security procedures for domain registration and DNS management
       (registrar lock, change controls)?
@@ -144,10 +128,6 @@ cert:
     description: Do you have enhanced controls for high-privilege credentials (admin accounts,
       service accounts, API keys)?
     title: Enhanced Controls for High-Privilege Credentials
-  - id: ws-4.2.3
-    description: Do you maintain policies prohibiting credential sharing and requiring individual
-      accounts for accountability?
-    title: Account Sharing Prohibition
 - id: ws-5
   title: Development Environment Security
   controls:
@@ -213,31 +193,16 @@ cert:
       with regular updates?
     title: Workspace Security Awareness Program Updates
   - id: ws-8.1.4
-    description: Do you conduct regular phishing simulations and social engineering awareness
-      exercises with follow-up training for personnel who fail?
-    title: Phishing and Social Engineering Testing
-  - id: ws-8.1.5
     description: Do you maintain comprehensive offboarding procedures including access revocation,
       device return, and credential rotation?
     title: 'Offboarding Procedures: Access Revocation and Return'
-  - id: ws-8.1.6
+  - id: ws-8.1.5
     description: Do you maintain procedures for adjusting access rights when employees change
       roles?
     title: Adjusting Access Rights on Role Change
-  - id: ws-8.1.7
+  - id: ws-8.1.6
     description: Do you conduct periodic reviews to identify and remove unnecessary access permissions?
     title: Periodic Review of Access Permissions
-- id: ws-9
-  title: Insider Threat & Third-Party Access
-  controls:
-  - id: ws-9.1.1
-    description: Do you conduct insider threat assessments to identify potential damage scenarios
-      and ensure access is minimized for each role?
-    title: Insider Threat Assessment
-  - id: ws-9.1.2
-    description: Do you maintain procedures for managing third-party access (time-limits,
-      purpose-specific permissions, audit trails)?
-    title: Third-Party Access Management
 
 ---
 

docs/pages/certs/sfc-workspace-security.mdx

@@ -13,6 +13,5 @@ title: "Community Management"
 
 - [Community Management](/community-management/overview)
 - [Discord Security](/community-management/discord)
-- [Google Security](/community-management/google)
 - [Telegram](/community-management/telegram)
 - [Twitter](/community-management/twitter)