fix: chore(website): add security audit reports page — placeholde

apps/website/src/pages/index.tsx

@@ -0,0 +1,37 @@
+import React from 'react';
+import Head from 'next/head';
+import Link from 'next/link';
+
+export default function Home() {
+  return (
+    <>
+      <Head>
+        <title>Nester — DeFi Yield Optimizer</title>
+        <meta
+          name="description"
+          content="Nester is a decentralized yield optimizer on Stellar."
+        />
+      </Head>
+      <main className="min-h-screen bg-gradient-to-br from-indigo-500 to-purple-600 flex flex-col items-center justify-center text-white px-4">
+        <h1 className="text-5xl font-bold mb-4">Nester</h1>
+        <p className="text-xl mb-8">
+          Decentralized yield optimization on Stellar
+        </p>
+        <div className="flex space-x-4">
+          <Link
+            href="/app"
+            className="bg-white text-indigo-600 px-6 py-3 rounded-lg font-semibold hover:bg-gray-100 transition"
+          >
+            Launch App
+          </Link>
+          <Link
+            href="/security"
+            className="bg-transparent border-2 border-white px-6 py-3 rounded-lg font-semibold hover:bg-white hover:text-indigo-600 transition"
+          >
+            Security
+          </Link>
+        </div>
+      </main>
+    </>
+  );
+}

apps/website/src/pages/security.module.css

@@ -0,0 +1 @@
+/* Security page specific styles if needed */

apps/website/src/pages/security.test.tsx

@@ -0,0 +1,49 @@
+import React from 'react';
+import { render, screen } from '@testing-library/react';
+import SecurityPage from './security';
+
+describe('SecurityPage', () => {
+  it('renders without errors', () => {
+    render(<SecurityPage />);
+    expect(screen.getByText('Security & Audit')).toBeInTheDocument();
+  });
+
+  it('displays audit status as Pending', () => {
+    render(<SecurityPage />);
+    expect(screen.getByText('Pending')).toBeInTheDocument();
+  });
+
+  it('lists all contracts in scope', () => {
+    render(<SecurityPage />);
+    const contracts = [
+      'vault',
+      'vault_token',
+      'allocation_strategy',
+      'yield_registry',
+      'nester',
+      'treasury',
+      'timelock',
+    ];
+    contracts.forEach((contract) => {
+      expect(screen.getByText(contract)).toBeInTheDocument();
+    });
+  });
+
+  it('links to the threat model document', () => {
+    render(<SecurityPage />);
+    const link = screen.getByText('threat model document');
+    expect(link).toBeInTheDocument();
+    expect(link.closest('a')).toHaveAttribute('href', '/AUDIT_THREAT_MODEL.md');
+  });
+
+  it('has a bug bounty section with contact email', () => {
+    render(<SecurityPage />);
+    expect(screen.getByText('Bug Bounty')).toBeInTheDocument();
+    const emailLink = screen.getByText('security@nester.finance');
+    expect(emailLink).toBeInTheDocument();
+    expect(emailLink.closest('a')).toHaveAttribute(
+      'href',
+      'mailto:security@nester.finance'
+    );
+  });
+});

apps/website/src/pages/security.tsx

@@ -0,0 +1,119 @@
+import React from 'react';
+import Head from 'next/head';
+import Link from 'next/link';
+
+const contractsInScope = [
+  'vault',
+  'vault_token',
+  'allocation_strategy',
+  'yield_registry',
+  'nester',
+  'treasury',
+  'timelock',
+];
+
+export default function SecurityPage() {
+  return (
+    <>
+      <Head>
+        <title>Security & Audit | Nester</title>
+        <meta
+          name="description"
+          content="Nester smart contract security audit status, scope, and bug bounty program."
+        />
+      </Head>
+      <main className="min-h-screen bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
+        <div className="max-w-4xl mx-auto">
+          <h1 className="text-4xl font-bold text-gray-900 mb-8">
+            Security & Audit
+          </h1>
+
+          {/* Smart Contract Audit Section */}
+          <section className="bg-white shadow rounded-lg p-6 mb-8">
+            <h2 className="text-2xl font-semibold text-gray-800 mb-4">
+              Smart Contract Audit
+            </h2>
+            <div className="mb-4">
+              <span className="inline-flex items-center px-3 py-1 rounded-full text-sm font-medium bg-yellow-100 text-yellow-800">
+                Pending
+              </span>
+              <p className="mt-2 text-gray-600">
+                Audit scheduled — details will be announced once confirmed with
+                the auditor.
+              </p>
+            </div>
+            <div className="mb-4">
+              <h3 className="text-lg font-medium text-gray-700 mb-2">
+                Threat Model
+              </h3>
+              <p className="text-gray-600">
+                Review our{' '}
+                <Link
+                  href="/AUDIT_THREAT_MODEL.md"
+                  className="text-indigo-600 hover:text-indigo-500 underline"
+                >
+                  threat model document
+                </Link>{' '}
+                for a detailed analysis of potential risks and mitigations.
+              </p>
+            </div>
+            <div>
+              <h3 className="text-lg font-medium text-gray-700 mb-2">
+                Contracts in Scope
+              </h3>
+              <ul className="list-disc list-inside text-gray-600 space-y-1">
+                {contractsInScope.map((contract) => (
+                  <li key={contract}>{contract}</li>
+                ))}
+              </ul>
+            </div>
+          </section>
+
+          {/* Bug Bounty Section */}
+          <section className="bg-white shadow rounded-lg p-6">
+            <h2 className="text-2xl font-semibold text-gray-800 mb-4">
+              Bug Bounty
+            </h2>
+            <p className="text-gray-600 mb-4">
+              We encourage responsible disclosure of security vulnerabilities.
+              If you discover a bug or security issue in any of our smart
+              contracts or infrastructure, please report it privately.
+            </p>
+            <div className="mb-4">
+              <h3 className="text-lg font-medium text-gray-700 mb-2">
+                Disclosure Process
+              </h3>
+              <ol className="list-decimal list-inside text-gray-600 space-y-1">
+                <li>
+                  Email your findings to{' '}
+                  <a
+                    href="mailto:security@nester.finance"
+                    className="text-indigo-600 hover:text-indigo-500 underline"
+                  >
+                    security@nester.finance
+                  </a>
+                </li>
+                <li>
+                  Include a detailed description of the vulnerability and steps
+                  to reproduce.
+                </li>
+                <li>
+                  Allow us reasonable time to investigate and address the issue
+                  before public disclosure.
+                </li>
+                <li>
+                  We will acknowledge receipt within 48 hours and provide
+                  updates throughout the remediation process.
+                </li>
+              </ol>
+            </div>
+            <p className="text-gray-600">
+              For critical vulnerabilities, we offer a bug bounty reward at our
+              discretion. Thank you for helping keep Nester safe!
+            </p>
+          </section>
+        </div>
+      </main>
+    </>
+  );
+}