Add Attack Surface Overview page

.github/workflows/attack-surface-reminder.yml

@@ -0,0 +1,85 @@
+name: Attack Surface Data Reminder
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+    branches:
+      - develop
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  threat-vector-reminder:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for threat vector changes
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.1.0
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const pull_number = context.payload.pull_request.number;
+            const MARKER = '<!-- attack-surface-reminder -->';
+            const THREAT_DATA_FILE = 'components/attack-surface/threatData.ts';
+
+            // Get files changed in this PR
+            const { data: prFiles } = await github.rest.pulls.listFiles({
+              owner,
+              repo,
+              pull_number,
+              per_page: 100
+            });
+
+            const threatDataChanged = prFiles.find(f => f.filename === THREAT_DATA_FILE);
+
+            if (!threatDataChanged) {
+              console.log('threatData.ts not modified. Skipping.');
+              return;
+            }
+
+            // Check if we already posted a reminder for this PR
+            const { data: comments } = await github.rest.issues.listComments({
+              owner,
+              repo,
+              issue_number: pull_number,
+              per_page: 100
+            });
+
+            const existingReminder = comments.find(c =>
+              c.body.includes(MARKER) &&
+              c.user.login === 'github-actions[bot]'
+            );
+
+            if (existingReminder) {
+              console.log('Reminder already posted. Skipping.');
+              return;
+            }
+
+            const body = `### Attack Surface Configuration Reminder
+            ${MARKER}
+
+            This PR modifies the attack surface threat data (\`${THREAT_DATA_FILE}\`).
+
+            If you are adding a new threat vector, please ensure:
+            - [ ] The vector has all required fields: \`id\`, \`title\`, \`subtitle\`, \`category\`, \`severity\`, \`description\`, \`attackTags\`, \`primaryLink\`, \`primaryLinkLabel\`, and \`frameworkLinks\`
+            - [ ] The \`primaryLink\` points to a valid, existing framework page
+            - [ ] The \`attackTags\` array contains 3-4 short example attack types
+            - [ ] The \`category\` is one of: \`smart-contract\`, \`operational\`, \`human\`, \`infrastructure\`, \`supply-chain\`, \`governance\`
+            - [ ] The \`severity\` is one of: \`critical\`, \`high\`, \`medium\`
+
+            If you are modifying an existing vector, verify that all links still resolve correctly.
+
+            See the [Attack Surface Overview page](/attack-surface) on the preview deployment to verify the radial map renders correctly.
+
+            ---
+            <sub>This is an automated reminder. If this PR doesn't affect threat vectors, you can ignore this message.</sub>`;
+
+            await github.rest.issues.createComment({
+              owner,
+              repo,
+              issue_number: pull_number,
+              body
+            });
+
+            console.log('Posted attack surface reminder comment.');