{
  "schema_version": "1.1.0",
  "document": "claim-maturity",
  "last_updated": "2026-07-04",
  "readiness_scope": "Sandbox/local validation unless an item states otherwise. Production-live cloud deployment is tracked separately.",
  "narrative_vs_proof": "Blogs and narrative-context are narrative_context only. This file states assurance level \u2014 not penetration-test results.",
  "maturity_legend": {
    "WIRED": "Code or configuration exists on supported paths; behavior not fully validated.",
    "AUTOMATED_TESTED": "Unit, integration, validator, or mock-harness evidence exists \u2014 not full public e2e.",
    "E2E_VALIDATED": "Documented end-to-end journey or live gate passed in stated scope only.",
    "NOT_E2E_VALIDATED": "Some automated or mock proof; no acceptable public e2e proof in current scope.",
    "BACKLOG": "Tracked post-V1 hardening \u2014 not shipped as a guarantee.",
    "NOT_CLAIMED": "Explicitly out of scope or forbidden to claim publicly."
  },
  "field_legend": {
    "helps_prevent": "Meaningfully reduces likelihood or impact when maturity is AUTOMATED_TESTED or E2E_VALIDATED.",
    "helps_detect": "Surfaces, logs, or deduplicates issues \u2014 does not imply prevention.",
    "does_not_prevent": "Boundaries reviewers must not infer.",
    "validation_level": "How far assurance goes today (no internal paths).",
    "current_limitation": "Honest ceiling on the claim.",
    "next_validation": "Next step when NOT_E2E_VALIDATED or BACKLOG.",
    "current_validation_level": "Per-primitive stages: contract_defined, source_validated, accelerated_simulation, runtime_partial, not_24h_validated \u2014 see each item."
  },
  "local_trust_posture_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json",
  "items": [
    {
      "id": "PRIM-IDEMPOTENCY-DEDUP",
      "topic": "Delivery idempotency and duplicate detection",
      "claim_maturity": "AUTOMATED_TESTED",
      "helps_prevent": [],
      "helps_detect": [
        "Duplicate delivery attempts within configured idempotency window in validated mock scenarios"
      ],
      "does_not_prevent": [
        "Exactly-once delivery",
        "Replay outside dedup window",
        "Replay-proof or zero-duplicate guarantees platform-wide"
      ],
      "validation_level": "Capability manifest lists victory_locked duplicate-idempotency scenario; mock execution evidence category",
      "current_limitation": "At-least-once with idempotency where wired \u2014 not replay prevention and not production-live proof",
      "next_validation": "Sandbox e2e journey publishing duplicate-event receipt without extra side effect",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/manifest.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-HMAC-AGENT-SAAS",
      "topic": "Agent-to-control-plane HMAC",
      "claim_maturity": "AUTOMATED_TESTED",
      "helps_prevent": [
        "Unsigned agent API calls on routes where HMAC middleware is enforced"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Replay of signed requests outside nonce/idempotency",
        "Stolen key abuse",
        "Exactly-once delivery"
      ],
      "validation_level": "Implementation present per security-capability-validation; automated crypto unit tests in shared delivery libraries",
      "current_limitation": "Agent-route scope only; not a statement about webhook provider signatures",
      "next_validation": "Documented sandbox e2e agent heartbeat with rotated key",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-PROVIDER-SIGNATURE",
      "topic": "Provider webhook signatures (e.g. Stripe)",
      "claim_maturity": "AUTOMATED_TESTED",
      "helps_prevent": [
        "Casually forged provider payloads on configured Stripe wedge paths in mock scope"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Forged events on unconfigured adapters",
        "Production-live Stripe attestation",
        "All third-party providers"
      ],
      "validation_level": "Wedge claim map PROVEN in local_mock for Stripe ingestion signature path; not all providers",
      "current_limitation": "Mock/sandbox scope per wedge-claim-map limitation text",
      "next_validation": "Public sandbox e2e Stripe webhook with signature failure negative case",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/wedge-claim-map.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-CONSTANT-TIME-SIG-COMPARE",
      "topic": "Constant-time signature comparison",
      "claim_maturity": "WIRED",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Timing side-channels on unreviewed paths",
        "All signature entrypoints"
      ],
      "validation_level": "Unit-level HMAC compare tests exist in shared libraries; not uniformly mapped to every ingress path",
      "current_limitation": "Design intent on sensitive compares \u2014 not certified timing resistance everywhere",
      "next_validation": "Security review checklist per ingress adapter with automated regression",
      "public_evidence_ref": null,
      "roadmap_ref": null
    },
    {
      "id": "PRIM-MTLS-AGENT-SAAS",
      "topic": "Agent-to-SaaS mutual TLS",
      "claim_maturity": "NOT_E2E_VALIDATED",
      "helps_prevent": [
        "Passive eavesdropping on segments where mTLS is enforced"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "MITM on paths without mTLS",
        "Compromised enrolled clients",
        "Data-plane paths where mTLS E2E evidence is still being collected (per-path maturity tracked in wedge-claim-map.json; product standard claims mTLS on every Zen-controlled data-plane hop)"
      ],
      "validation_level": "Architecture required; manifest trust-mtls-enforcement proven_local_mock; CI mTLS gates in sandbox profile",
      "current_limitation": "Not all routes or environments have live E2E evidence; per-path maturity tracked in wedge-claim-map.json and security-capability-validation.json",
      "next_validation": "Sandbox e2e agent sync over mTLS with documented gate artifact",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-SPIFFE-SPIRE",
      "topic": "SPIFFE/SPIRE workload identity [SUPERSEDED \u2014 see PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL]",
      "claim_maturity": "NOT_E2E_VALIDATED",
      "helps_prevent": [
        "Workload impersonation on connections where SPIFFE verification is active"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Customer-operated SPIRE in V1",
        "Authorization decisions",
        "SVID rotation as operational proof",
        "24h survival validation"
      ],
      "validation_level": "SUPERSEDED. SPIFFE/SPIRE is WIRED on Zen-managed internal paths (see PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL). External provider ingress uses provider-specific signature verification, not SPIFFE \u2014 this is an architectural boundary, not a coverage gap.",
      "current_limitation": "SUPERSEDED \u2014 see PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL for current claim and maturity.",
      "next_validation": "Published SVID rotation drill receipt in demo scope",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": true,
        "accelerated_simulation": false,
        "runtime_partial": true,
        "not_24h_validated": true,
        "next_validation": "SVID rotation operational receipt without internal task IDs in public copy"
      }
    },
    {
      "id": "PRIM-ZEN-LOCAL-TRUST-AUTHORITY",
      "topic": "zen-agent as customer-plane local trust authority facade",
      "claim_maturity": "WIRED",
      "helps_prevent": [],
      "helps_detect": [
        "Mis-enrollment or stale flow config surfaced via agent health and sync status"
      ],
      "does_not_prevent": [
        "Compromised cluster admin",
        "24h validated autonomy from SaaS",
        "Customer SPIRE operations"
      ],
      "validation_level": "Architecture and enrollment contracts \u2014 agent supervises local trust projection",
      "current_limitation": "Visible local authority \u2014 not a validated long-outage survival proof",
      "next_validation": "Sandbox documented agent-led material refresh without SaaS on hot path",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": true,
        "accelerated_simulation": false,
        "runtime_partial": false,
        "not_24h_validated": true,
        "next_validation": "Accelerated control-plane outage simulation with public-safe receipt"
      }
    },
    {
      "id": "PRIM-ZEN-LOCK-SURVIVAL-STORE",
      "topic": "ZenLock encrypted local survival material store",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Plaintext-at-rest for material stored in zen-lock on configured survival paths"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Memory exposure",
        "Universal secret coverage",
        "Validated 24h survival",
        "ZenLock as rotation engine"
      ],
      "validation_level": "Custody model documented \u2014 zen-lock encrypts and projects local material",
      "current_limitation": "Scope-limited flows \u2014 not all credentials or air-gap bundles",
      "next_validation": "Rotation drill artifact redacted for public publication",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/credential-lifecycle-ownership.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": true,
        "accelerated_simulation": false,
        "runtime_partial": false,
        "not_24h_validated": true,
        "next_validation": "Demonstrate survival-store refresh with zen-lock audit trail in demo scope"
      }
    },
    {
      "id": "PRIM-KEY-MATERIAL-ROTATION",
      "topic": "Key and certificate material rotation lifecycles",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Some cert/key expiry outages via cert-manager and HMAC rotation controllers"
      ],
      "helps_detect": [
        "Rotation failures surfaced in lifecycle metrics where wired"
      ],
      "does_not_prevent": [
        "Zero-downtime rotation everywhere",
        "24h survival without refresh",
        "Customer target cert rotation"
      ],
      "validation_level": "Per-type rotation owners in credential-lifecycle-ownership \u2014 HMAC/TLS/JWK/SVID lifecycles separate from zen-lock custody",
      "current_limitation": "Rotation wired per subsystem \u2014 not one universal engine; not 24h-validated",
      "next_validation": "Public-safe rotation gate linking manifest trust proofs",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/credential-lifecycle-ownership.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": true,
        "accelerated_simulation": false,
        "runtime_partial": true,
        "not_24h_validated": true,
        "next_validation": "E2e rotation negative test in sandbox with maturity bump only if evidenced"
      }
    },
    {
      "id": "PRIM-AIR-GAPPED-ADAPTER-HANDOFF",
      "topic": "Air-gapped adapter material handoff",
      "claim_maturity": "WIRED",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Live SaaS dependency on every adapter bootstrap",
        "Validated air-gap compliance certification"
      ],
      "validation_level": "Contract-defined offline bundle import path for adapter/egress material \u2014 operator-mediated",
      "current_limitation": "Handoff mechanics defined \u2014 not production customer-exposed SPIRE controls",
      "next_validation": "Documented offline bundle verify + project flow without secret leakage in public artifacts",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": false,
        "accelerated_simulation": false,
        "runtime_partial": false,
        "not_24h_validated": true,
        "next_validation": "Source-validated handoff verifier in repo with public capability ID only"
      }
    },
    {
      "id": "PRIM-SPIFFE-SPIRE-NATIVE-INTERNAL",
      "topic": "Zen-managed SPIFFE/SPIRE-native internal identity (V1)",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Workload impersonation on hops where SPIFFE-verified mTLS is enforced"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Customer-operated SPIRE in V1",
        "SPIRE on every workload",
        "Public customer-exposed SPIRE admin in V1",
        "SVID rotation production proof"
      ],
      "validation_level": "Internal Zen-managed SPIFFE/SPIRE-native identity \u2014 SPIRE is not customer-operated in V1",
      "current_limitation": "V1 does not offer customer-managed SPIRE; fuller Workload API hardening is roadmap",
      "next_validation": "Demo-scope rotation receipt without claiming customer SPIRE ops",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": true,
        "accelerated_simulation": false,
        "runtime_partial": true,
        "not_24h_validated": true,
        "next_validation": "Clarify public vs internal SPIRE boundaries in capability manifest cross-links"
      }
    },
    {
      "id": "PRIM-LOCAL-MATERIAL-EXPIRY-FAIL-CLOSED",
      "topic": "Expired or invalid local material fails closed",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Silent use of expired certs/keys on enforced mTLS/HMAC paths"
      ],
      "helps_detect": [
        "Auth failures when material is expired or mismatched"
      ],
      "does_not_prevent": [
        "Misconfigured paths without enforcement",
        "Compromised valid material",
        "24h survival without SaaS"
      ],
      "validation_level": "Fail-closed intent on enforced agent and data-plane paths \u2014 per-path maturity varies",
      "current_limitation": "Not uniformly e2e-validated on every adapter and environment",
      "next_validation": "Negative test: expired projected material rejects connection on documented path",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/local-trust-posture.json",
      "roadmap_ref": null,
      "current_validation_level": {
        "contract_defined": true,
        "source_validated": true,
        "accelerated_simulation": false,
        "runtime_partial": false,
        "not_24h_validated": true,
        "next_validation": "Automated negative test published as manifest-linked proof_status"
      }
    },
    {
      "id": "PRIM-ZENLOCK-SECRETS",
      "topic": "ZenLock encrypted secret custody",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Plaintext-at-rest for secrets stored via ZenLock on configured paths"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Memory exposure",
        "Operator recovery of material",
        "Universal secret migration"
      ],
      "validation_level": "Documented custody model; not zero-knowledge cryptography",
      "current_limitation": "Scope-limited to configured enrollment and signing material flows",
      "next_validation": "Rotation drill evidence without exposing secret material in public artifacts",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/credential-lifecycle-ownership.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-RLS-TENANT",
      "topic": "Database row-level security for tenant isolation",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Some accidental cross-tenant SQL access on RLS-protected tables"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Application-layer tenant bugs",
        "Cache or log leakage",
        "Formal isolation certification"
      ],
      "validation_level": "RLS policies in schema migrations; no published cross-tenant fuzz e2e",
      "current_limitation": "Defense-in-depth only \u2014 not enterprise isolation proof",
      "next_validation": "Automated negative tests for cross-tenant reads on covered tables",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/manifest.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-EVIDENCE-INTEGRITY",
      "topic": "Evidence integrity",
      "claim_maturity": "AUTOMATED_TESTED",
      "helps_prevent": [],
      "helps_detect": [
        "Tampering of included evidence artifacts versus published integrity roots in verified trees"
      ],
      "does_not_prevent": [
        "Authentication",
        "Identity proof",
        "Encryption",
        "Replay prevention",
        "Delivery guarantees"
      ],
      "validation_level": "Automated verification gates on evidence packs in repo workflow scope",
      "current_limitation": "Integrity comparison for evidence bundles \u2014 not runtime security control",
      "next_validation": null,
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/evidence/v1/manifest.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-OUTBOUND-ONLY-EDGE",
      "topic": "Outbound-only edge connectivity (wedge topology)",
      "claim_maturity": "WIRED",
      "helps_prevent": [
        "Requirement for inbound webhook listener ports on private networks for the wedge pattern"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Mis-egress to wrong target",
        "SaaS SSRF",
        "Compromised edge forwarding"
      ],
      "validation_level": "Architecture and product narrative \u2014 structural property, not automated abuse test",
      "current_limitation": "Topology benefit \u2014 not a universal security guarantee",
      "next_validation": null,
      "public_evidence_ref": null,
      "roadmap_ref": null
    },
    {
      "id": "PRIM-CANARY-CERT-ROTATION",
      "topic": "Canary TLS certificate rotation",
      "claim_maturity": "NOT_E2E_VALIDATED",
      "helps_prevent": [
        "Some risky big-bang cert cutovers on workloads with canary rotation wired"
      ],
      "helps_detect": [],
      "does_not_prevent": [
        "Rotation failure on all workloads",
        "Outage during failed rotation"
      ],
      "validation_level": "cert-manager renewal wired; canary path evidenced for subset per security-capability-validation",
      "current_limitation": "Partial workload coverage \u2014 not production-live everywhere",
      "next_validation": "E2e canary rotation gate for egress matching ingester parity",
      "public_evidence_ref": "https://docs.zen-mesh.io/ai/security/v1/security-capability-validation.json",
      "roadmap_ref": null
    },
    {
      "id": "PRIM-DELIVERY-POLICY-TLS",
      "topic": "DeliveryPolicy TLS and trust-chain controls",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Policy-driven delivery TLS until implemented"
      ],
      "validation_level": "Public governance lists as deferred \u2014 not PASS",
      "current_limitation": "Not live as product-ready control",
      "next_validation": "Contract + sandbox proof before any public claim",
      "public_evidence_ref": null,
      "roadmap_ref": null
    },
    {
      "id": "PRIM-SSRF-SAAS-DISPATCH",
      "topic": "SSRF controls on SaaS-origin dispatch",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "SSRF to internal networks",
        "Redirect-chain bypass",
        "SaaS-wide SSRF coverage"
      ],
      "validation_level": "Scoped SSRF controls exist: central ValidateTargetURL + SSRFDialContext library tested (409-line negative suite), FLOW-03 proxy-mode ServiceRef path validated in local/mock, FLOW-02 egress target validation, BFF internal client hardened. SaaS-wide API dispatch and provider dispatchers not yet validated.",
      "current_limitation": "Scoped SSRF controls exist on FLOW-02/03 and BFF paths. SaaS-wide control-plane dispatch, provider dispatchers (Splunk/Grafana/PagerDuty/Teams/Git), and shared client libraries not yet validated. Do not describe dispatch as fully SSRF-protected.",
      "next_validation": "Negative SSRF test suite + public gate receipt",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-001"
    },
    {
      "id": "PRIM-PAYLOAD-POINTER",
      "topic": "Large payload pointer model",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Large-body DoS on inline paths"
      ],
      "validation_level": "Not implemented",
      "current_limitation": "Oversized bodies may hit ad hoc limits only",
      "next_validation": "Signed object-reference contract + load test",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-003"
    },
    {
      "id": "PRIM-INGEST-VALIDATION",
      "topic": "Ingestion payload validation (type, depth, size)",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "JSON depth bombs",
        "Malformed content-type abuse"
      ],
      "validation_level": "Post-V1 backlog",
      "current_limitation": "No global evidenced parser limits",
      "next_validation": "Fuzz fixtures + reject-path metrics",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-004"
    },
    {
      "id": "PRIM-SOURCE-RATE-LIMIT",
      "topic": "Per-source ingestion rate limits",
      "claim_maturity": "NOT_E2E_VALIDATED",
      "helps_prevent": [],
      "helps_detect": [
        "Some tenant-level throttling where plan limits apply"
      ],
      "does_not_prevent": [
        "Single-source floods",
        "DDoS-scale abuse"
      ],
      "validation_level": "Tenant/plan rate limiting wired in places \u2014 per-source limits backlog",
      "current_limitation": "Not DDoS-proof ingestion",
      "next_validation": "Per-webhook-source limit contract + abuse test",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-005"
    },
    {
      "id": "PRIM-RESPONSE-TRUNCATION",
      "topic": "Target response body limits",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Log/storage exhaustion from large upstream responses"
      ],
      "validation_level": "Not contract-proven",
      "current_limitation": "May store full responses on some paths",
      "next_validation": "Max-bytes policy + regression tests",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-006"
    },
    {
      "id": "PRIM-HEADER-SANITIZATION",
      "topic": "Sensitive header sanitization before persist/log",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Credential leakage in delivery logs"
      ],
      "validation_level": "Post-V1 backlog",
      "current_limitation": "Do not claim headers are never logged",
      "next_validation": "Scrub contract + sample log tests",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-007"
    },
    {
      "id": "PRIM-REDIRECT-REVALIDATION",
      "topic": "Redirect hop limits and revalidation",
      "claim_maturity": "BACKLOG",
      "helps_prevent": [],
      "helps_detect": [],
      "does_not_prevent": [
        "Redirect-based SSRF"
      ],
      "validation_level": "Not implemented as proven control",
      "current_limitation": "Redirect chains may bypass static URL assumptions",
      "next_validation": "Hop limit + per-hop policy tests",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-008"
    },
    {
      "id": "PRIM-WEBHOOK-SECURITY-GATES",
      "topic": "Webhook security smoke gates",
      "claim_maturity": "AUTOMATED_TESTED",
      "helps_prevent": [],
      "helps_detect": [
        "Some misconfigurations caught by sandbox webhook-security gate scripts"
      ],
      "does_not_prevent": [
        "SSRF",
        "Full dispatch abuse classes"
      ],
      "validation_level": "Sandbox-oriented gate scripts \u2014 not production-live SSRF proof",
      "current_limitation": "Gate pass \u2260 SSRF-safe product claim",
      "next_validation": "Extend gates per WH-AS-001 contract",
      "public_evidence_ref": null,
      "roadmap_ref": "WH-AS-001"
    }
  ]
}