feat: initial seed of domain-specific contrib skills

org-skill-infrastructure.org

@@ -0,0 +1,59 @@
+:PROPERTIES:
+:ID:       e845b1d7-fc2f-459d-99dd-74e0f6c4ba8f
+:CREATED:  [2026-04-07 Tue 12:57]
+:EDITED:   [2026-04-07 Tue 13:42]
+:END:
+#+TITLE: SKILL: Infrastructure & Security (Universal Literate Note)
+#+STARTUP: content
+#+FILETAGS: :infrastructure:security:hardening:psf:
+
+* Overview
+The *Infrastructure* project governs the physical and virtual foundations of the Memex. It ensures high availability, security hardening, and operational transparency across cloud and local resources.
+
+* Phase A: Demand (PRD)
+:PROPERTIES:
+:STATUS: FROZEN
+:END:
+
+** 1. Purpose
+Define the requirements for a secure, resilient, and documented infrastructure posture.
+
+** 2. User Needs
+- *Security Hardening:* Implementation of the OpenClaw security audit findings.
+- *Vulnerability Management:* Regular risk assessments and reporting.
+- *Inventory Control:* Complete mapping of cloud and local assets.
+- *Roadmap Planning:* 30/60/90 day infrastructure evolution.
+
+** 3. Success Criteria
+*** TODO Harden Docker port bindings (bind to 127.0.0.1)
+*** TODO Enable and configure UFW firewall
+*** TODO Create current state assessment document
+*** TODO Add user 'amr' to 'adm' group for log access
+
+* Phase B: Blueprint (PROTOCOL)
+:PROPERTIES:
+:STATUS: SIGNED
+:END:
+
+** 1. Architectural Intent
+Interfaces for infrastructure state monitoring and automated hardening.
+
+** 2. Semantic Interfaces
+#+begin_src bash
+(defun infra-audit-ports ()
+  "Checks for insecure port bindings.")
+
+(defun infra-check-firewall-status ()
+  "Verifies UFW status.")
+#+end_src
+
+* Phase D: Build (Implementation)
+Implementation consists of shell scripts and configuration files located in `projects/infrastructure/`.
+
+** Security Monitoring
+#+begin_src bash
+;; Logic for security monitoring stubs
+#+end_src
+
+* Phase E: Chaos (Verification)
+Verification involves periodic automated scans and manual audit verification.