{ "schema_version": "1.1.0", "document": "claim-maturity", "last_updated": "2026-05-31", "readiness_scope": "DEMO / local-mock / sandbox unless an item states otherwise. Not production-live, not customer-ready, not global demo-ready.", "narrative_vs_proof": "Blogs and narrative-context are narrative_context only. This file states assurance level — not penetration-test results.", "maturity_legend": { "WIRED": "Code or configuration exists on supported paths; behavior not fully validated.", "AUTOMATED_TESTED": "Unit, integration, validator, or mock-harness evidence exists — not full public e2e.", "E2E_VALIDATED": "Documented end-to-end journey or live gate passed in stated scope only.", "NOT_E2E_VALIDATED": "Some automated or mock proof; no acceptable public e2e proof in current scope.", "BACKLOG": "Tracked post-V1 hardening — not shipped as a guarantee.", "NOT_CLAIMED": "Explicitly out of scope or forbidden to claim publicly." }, "field_legend": { "helps_prevent": "Meaningfully reduces likelihood or impact when maturity is AUTOMATED_TESTED or E2E_VALIDATED.", "helps_detect": "Surfaces, logs, or deduplicates issues — does not imply prevention.", "does_not_prevent": "Boundaries reviewers must not infer.", "validation_level": "How far assurance goes today (no internal paths).", "current_limitation": "Honest ceiling on the claim.", "next_validation": "Next step when NOT_E2E_VALIDATED or BACKLOG.", "current_validation_level": "Per-primitive stages: contract_defined, source_validated, accelerated_simulation, runtime_partial, not_24h_validated — see each item." }, "local_trust_posture_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json", "items": [ { "id": "PRIM-IDEMPOTENCY-DEDUP", "topic": "Delivery idempotency and duplicate detection", "claim_maturity": "AUTOMATED_TESTED", "helps_prevent": [], "helps_detect": ["Duplicate delivery attempts within configured idempotency window in validated mock scenarios"], "does_not_prevent": ["Exactly-once delivery", "Replay outside dedup window", "Replay-proof or zero-duplicate guarantees platform-wide"], "validation_level": "Capability manifest lists victory_locked duplicate-idempotency scenario; mock execution evidence category", "current_limitation": "At-least-once with idempotency where wired — not replay prevention and not production-live proof", "next_validation": "Sandbox e2e journey publishing duplicate-event receipt without extra side effect", "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/manifest.json", "roadmap_ref": null }, { "id": "PRIM-HMAC-AGENT-SAAS", "topic": "Agent-to-control-plane HMAC", "claim_maturity": "AUTOMATED_TESTED", "helps_prevent": ["Unsigned agent API calls on routes where HMAC middleware is enforced"], "helps_detect": [], "does_not_prevent": ["Replay of signed requests outside nonce/idempotency", "Stolen key abuse", "Exactly-once delivery"], "validation_level": "Implementation present per security-capability-validation; automated crypto unit tests in shared delivery libraries", "current_limitation": "Agent-route scope only; not a statement about webhook provider signatures", "next_validation": "Documented sandbox e2e agent heartbeat with rotated key", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json", "roadmap_ref": null }, { "id": "PRIM-PROVIDER-SIGNATURE", "topic": "Provider webhook signatures (e.g. Stripe)", "claim_maturity": "AUTOMATED_TESTED", "helps_prevent": ["Casually forged provider payloads on configured Stripe wedge paths in mock scope"], "helps_detect": [], "does_not_prevent": ["Forged events on unconfigured adapters", "Production-live Stripe attestation", "All third-party providers"], "validation_level": "Wedge claim map PROVEN in local_mock for Stripe ingestion signature path; not all providers", "current_limitation": "Mock/sandbox scope per wedge-claim-map limitation text", "next_validation": "Public sandbox e2e Stripe webhook with signature failure negative case", "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/wedge-claim-map.json", "roadmap_ref": null }, { "id": "PRIM-CONSTANT-TIME-SIG-COMPARE", "topic": "Constant-time signature comparison", "claim_maturity": "WIRED", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Timing side-channels on unreviewed paths", "All signature entrypoints"], "validation_level": "Unit-level HMAC compare tests exist in shared libraries; not uniformly mapped to every ingress path", "current_limitation": "Design intent on sensitive compares — not certified timing resistance everywhere", "next_validation": "Security review checklist per ingress adapter with automated regression", "public_evidence_ref": null, "roadmap_ref": null }, { "id": "PRIM-MTLS-AGENT-SAAS", "topic": "Agent-to-SaaS mutual TLS", "claim_maturity": "NOT_E2E_VALIDATED", "helps_prevent": ["Passive eavesdropping on segments where mTLS is enforced"], "helps_detect": [], "does_not_prevent": ["MITM on paths without mTLS", "Compromised enrolled clients", "Data-plane paths without mTLS proof"], "validation_level": "Architecture required; manifest trust-mtls-enforcement proven_local_mock; CI mTLS gates in sandbox profile", "current_limitation": "Not all routes or environments have live e2e proof; data-plane coverage incomplete", "next_validation": "Sandbox e2e agent sync over mTLS with documented gate artifact", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json", "roadmap_ref": null }, { "id": "PRIM-SPIFFE-SPIRE", "topic": "SPIFFE/SPIRE workload identity (legacy index — see PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL)", "claim_maturity": "NOT_E2E_VALIDATED", "helps_prevent": ["Workload impersonation on connections where SPIFFE verification is active"], "helps_detect": [], "does_not_prevent": ["Customer-operated SPIRE in V1", "Authorization decisions", "SVID rotation as operational proof", "24h survival validation"], "validation_level": "Zen-managed SPIFFE/SPIRE-native identity on internal paths — customers do not operate SPIRE in V1", "current_limitation": "Partial path coverage — not SPIFFE on every hop; see PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL", "next_validation": "Published SVID rotation drill receipt in demo scope", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": true, "accelerated_simulation": false, "runtime_partial": true, "not_24h_validated": true, "next_validation": "SVID rotation operational receipt without internal task IDs in public copy" } }, { "id": "PRIM-ZEN-LOCAL-TRUST-AUTHORITY", "topic": "zen-agent as customer-plane local trust authority facade", "claim_maturity": "WIRED", "helps_prevent": [], "helps_detect": ["Mis-enrollment or stale flow config surfaced via agent health and sync status"], "does_not_prevent": ["Compromised cluster admin", "24h validated autonomy from SaaS", "Customer SPIRE operations"], "validation_level": "Architecture and enrollment contracts — agent supervises local trust projection", "current_limitation": "Visible local authority — not a validated long-outage survival proof", "next_validation": "Sandbox documented agent-led material refresh without SaaS on hot path", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": true, "accelerated_simulation": false, "runtime_partial": false, "not_24h_validated": true, "next_validation": "Accelerated control-plane outage simulation with public-safe receipt" } }, { "id": "PRIM-ZEN-LOCK-SURVIVAL-STORE", "topic": "ZenLock encrypted local survival material store", "claim_maturity": "WIRED", "helps_prevent": ["Plaintext-at-rest for material stored in zen-lock on configured survival paths"], "helps_detect": [], "does_not_prevent": ["Memory exposure", "Universal secret coverage", "Validated 24h survival", "ZenLock as rotation engine"], "validation_level": "Custody model documented — zen-lock encrypts and projects local material", "current_limitation": "Scope-limited flows — not all credentials or air-gap bundles", "next_validation": "Rotation drill artifact redacted for public publication", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/credential-lifecycle-ownership.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": true, "accelerated_simulation": false, "runtime_partial": false, "not_24h_validated": true, "next_validation": "Demonstrate survival-store refresh with zen-lock audit trail in demo scope" } }, { "id": "PRIM-KEY-MATERIAL-ROTATION", "topic": "Key and certificate material rotation lifecycles", "claim_maturity": "WIRED", "helps_prevent": ["Some cert/key expiry outages via cert-manager and HMAC rotation controllers"], "helps_detect": ["Rotation failures surfaced in lifecycle metrics where wired"], "does_not_prevent": ["Zero-downtime rotation everywhere", "24h survival without refresh", "Customer target cert rotation"], "validation_level": "Per-type rotation owners in credential-lifecycle-ownership — HMAC/TLS/JWK/SVID lifecycles separate from zen-lock custody", "current_limitation": "Rotation wired per subsystem — not one universal engine; not 24h-validated", "next_validation": "Public-safe rotation gate linking manifest trust proofs", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/credential-lifecycle-ownership.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": true, "accelerated_simulation": false, "runtime_partial": true, "not_24h_validated": true, "next_validation": "E2e rotation negative test in sandbox with maturity bump only if evidenced" } }, { "id": "PRIM-AIR-GAPPED-ADAPTER-HANDOFF", "topic": "Air-gapped adapter material handoff", "claim_maturity": "WIRED", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Live SaaS dependency on every adapter bootstrap", "Validated air-gap compliance certification"], "validation_level": "Contract-defined offline bundle import path for adapter/egress material — operator-mediated", "current_limitation": "Handoff mechanics defined — not production customer-exposed SPIRE controls", "next_validation": "Documented offline bundle verify + project flow without secret leakage in public artifacts", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": false, "accelerated_simulation": false, "runtime_partial": false, "not_24h_validated": true, "next_validation": "Source-validated handoff verifier in repo with public capability ID only" } }, { "id": "PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL", "topic": "Zen-managed SPIFFE/SPIRE-native internal identity (V1)", "claim_maturity": "WIRED", "helps_prevent": ["Workload impersonation on hops where SPIFFE-verified mTLS is enforced"], "helps_detect": [], "does_not_prevent": ["Customer-operated SPIRE in V1", "SPIRE on every workload", "Public customer-exposed SPIRE admin in V1", "SVID rotation production proof"], "validation_level": "Internal Zen-managed SPIFFE/SPIRE-native identity — SPIRE is not customer-operated in V1", "current_limitation": "V1 does not offer customer-managed SPIRE; fuller Workload API hardening is roadmap", "next_validation": "Demo-scope rotation receipt without claiming customer SPIRE ops", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": true, "accelerated_simulation": false, "runtime_partial": true, "not_24h_validated": true, "next_validation": "Clarify public vs internal SPIRE boundaries in capability manifest cross-links" } }, { "id": "PRIM-LOCAL-MATERIAL-EXPIRY-FAIL-CLOSED", "topic": "Expired or invalid local material fails closed", "claim_maturity": "WIRED", "helps_prevent": ["Silent use of expired certs/keys on enforced mTLS/HMAC paths"], "helps_detect": ["Auth failures when material is expired or mismatched"], "does_not_prevent": ["Misconfigured paths without enforcement", "Compromised valid material", "24h survival without SaaS"], "validation_level": "Fail-closed intent on enforced agent and data-plane paths — per-path maturity varies", "current_limitation": "Not uniformly e2e-validated on every adapter and environment", "next_validation": "Negative test: expired projected material rejects connection on documented path", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json", "roadmap_ref": null, "current_validation_level": { "contract_defined": true, "source_validated": true, "accelerated_simulation": false, "runtime_partial": false, "not_24h_validated": true, "next_validation": "Automated negative test published as manifest-linked proof_status" } }, { "id": "PRIM-ZENLOCK-SECRETS", "topic": "ZenLock encrypted secret custody", "claim_maturity": "WIRED", "helps_prevent": ["Plaintext-at-rest for secrets stored via ZenLock on configured paths"], "helps_detect": [], "does_not_prevent": ["Memory exposure", "Operator recovery of material", "Universal secret migration"], "validation_level": "Documented custody model; not zero-knowledge cryptography", "current_limitation": "Scope-limited to configured enrollment and signing material flows", "next_validation": "Rotation drill evidence without exposing secret material in public artifacts", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/credential-lifecycle-ownership.json", "roadmap_ref": null }, { "id": "PRIM-RLS-TENANT", "topic": "Database row-level security for tenant isolation", "claim_maturity": "WIRED", "helps_prevent": ["Some accidental cross-tenant SQL access on RLS-protected tables"], "helps_detect": [], "does_not_prevent": ["Application-layer tenant bugs", "Cache or log leakage", "Formal isolation certification"], "validation_level": "RLS policies in schema migrations; no published cross-tenant fuzz e2e", "current_limitation": "Defense-in-depth only — not enterprise isolation proof", "next_validation": "Automated negative tests for cross-tenant reads on covered tables", "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/manifest.json", "roadmap_ref": null }, { "id": "PRIM-HASH-CHAIN-EVIDENCE", "topic": "Hash-chain evidence integrity", "claim_maturity": "AUTOMATED_TESTED", "helps_prevent": [], "helps_detect": ["Tampering of included evidence artifacts versus published integrity roots in verified trees"], "does_not_prevent": ["Authentication", "Identity proof", "Encryption", "Replay prevention", "Delivery guarantees"], "validation_level": "Automated merkle/hash-chain verification gates on evidence packs in repo workflow scope", "current_limitation": "Integrity comparison for evidence bundles — not runtime security control", "next_validation": null, "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/manifest.json", "roadmap_ref": null }, { "id": "PRIM-OUTBOUND-ONLY-EDGE", "topic": "Outbound-only edge connectivity (wedge topology)", "claim_maturity": "WIRED", "helps_prevent": ["Requirement for inbound webhook listener ports on private networks for the wedge pattern"], "helps_detect": [], "does_not_prevent": ["Mis-egress to wrong target", "SaaS SSRF", "Compromised edge forwarding"], "validation_level": "Architecture and product narrative — structural property, not automated abuse test", "current_limitation": "Topology benefit — not a universal security guarantee", "next_validation": null, "public_evidence_ref": null, "roadmap_ref": null }, { "id": "PRIM-CANARY-CERT-ROTATION", "topic": "Canary TLS certificate rotation", "claim_maturity": "NOT_E2E_VALIDATED", "helps_prevent": ["Some risky big-bang cert cutovers on workloads with canary rotation wired"], "helps_detect": [], "does_not_prevent": ["Rotation failure on all workloads", "Outage during failed rotation"], "validation_level": "cert-manager renewal wired; canary path evidenced for subset per security-capability-validation", "current_limitation": "Partial workload coverage — not production-live everywhere", "next_validation": "E2e canary rotation gate for egress matching ingester parity", "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json", "roadmap_ref": null }, { "id": "PRIM-DELIVERY-POLICY-TLS", "topic": "DeliveryPolicy TLS and trust-chain controls", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Policy-driven delivery TLS until implemented"], "validation_level": "Public governance lists as deferred — not PASS", "current_limitation": "Not live as product-ready control", "next_validation": "Contract + sandbox proof before any public claim", "public_evidence_ref": null, "roadmap_ref": null }, { "id": "PRIM-SSRF-SAAS-DISPATCH", "topic": "SSRF controls on SaaS-origin dispatch", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["SSRF to internal networks", "Redirect-chain bypass"], "validation_level": "Webhook-security smoke gates exist — not full SSRF contract", "current_limitation": "Do not describe dispatch as SSRF-protected", "next_validation": "Negative SSRF test suite + public gate receipt", "public_evidence_ref": null, "roadmap_ref": "WH-AS-001" }, { "id": "PRIM-PAYLOAD-POINTER", "topic": "Large payload pointer model", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Large-body DoS on inline paths"], "validation_level": "Not implemented", "current_limitation": "Oversized bodies may hit ad hoc limits only", "next_validation": "Signed object-reference contract + load test", "public_evidence_ref": null, "roadmap_ref": "WH-AS-003" }, { "id": "PRIM-INGEST-VALIDATION", "topic": "Ingestion payload validation (type, depth, size)", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["JSON depth bombs", "Malformed content-type abuse"], "validation_level": "Post-V1 backlog", "current_limitation": "No global evidenced parser limits", "next_validation": "Fuzz fixtures + reject-path metrics", "public_evidence_ref": null, "roadmap_ref": "WH-AS-004" }, { "id": "PRIM-SOURCE-RATE-LIMIT", "topic": "Per-source ingestion rate limits", "claim_maturity": "NOT_E2E_VALIDATED", "helps_prevent": [], "helps_detect": ["Some tenant-level throttling where plan limits apply"], "does_not_prevent": ["Single-source floods", "DDoS-scale abuse"], "validation_level": "Tenant/plan rate limiting wired in places — per-source limits backlog", "current_limitation": "Not DDoS-proof ingestion", "next_validation": "Per-webhook-source limit contract + abuse test", "public_evidence_ref": null, "roadmap_ref": "WH-AS-005" }, { "id": "PRIM-RESPONSE-TRUNCATION", "topic": "Target response body limits", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Log/storage exhaustion from large upstream responses"], "validation_level": "Not contract-proven", "current_limitation": "May store full responses on some paths", "next_validation": "Max-bytes policy + regression tests", "public_evidence_ref": null, "roadmap_ref": "WH-AS-006" }, { "id": "PRIM-HEADER-SANITIZATION", "topic": "Sensitive header sanitization before persist/log", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Credential leakage in delivery logs"], "validation_level": "Post-V1 backlog", "current_limitation": "Do not claim headers are never logged", "next_validation": "Scrub contract + sample log tests", "public_evidence_ref": null, "roadmap_ref": "WH-AS-007" }, { "id": "PRIM-REDIRECT-REVALIDATION", "topic": "Redirect hop limits and revalidation", "claim_maturity": "BACKLOG", "helps_prevent": [], "helps_detect": [], "does_not_prevent": ["Redirect-based SSRF"], "validation_level": "Not implemented as proven control", "current_limitation": "Redirect chains may bypass static URL assumptions", "next_validation": "Hop limit + per-hop policy tests", "public_evidence_ref": null, "roadmap_ref": "WH-AS-008" }, { "id": "PRIM-WEBHOOK-SECURITY-GATES", "topic": "Webhook security smoke gates", "claim_maturity": "AUTOMATED_TESTED", "helps_prevent": [], "helps_detect": ["Some misconfigurations caught by sandbox webhook-security gate scripts"], "does_not_prevent": ["SSRF", "Full dispatch abuse classes"], "validation_level": "Sandbox-oriented gate scripts — not production-live SSRF proof", "current_limitation": "Gate pass ≠ SSRF-safe product claim", "next_validation": "Extend gates per WH-AS-001 contract", "public_evidence_ref": null, "roadmap_ref": "WH-AS-001" } ] }