Skip to main content

V1 Security Validation Summary

Local/sandbox attack validation for the V1 runtime baseline. This document summarizes validation results across 20 attack classes. Not production-live proof. Not compliance certification. Not an external penetration test.

Scope

  • All validation is local/sandbox unless explicitly marked otherwise.
  • Cloud-gated checks are identified with [CLOUD-GATED].
  • NOT_CLAIMED entries are explicitly out of scope for V1.
  • This is not a substitute for production-live penetration testing or compliance certification.

Validation Results

Attack ClassStatusNotes
Provider signature verification (Stripe wedge)PROVENLocal/mock validation on configured wedge path
Provider signature verification (GitHub)PROVENLocal/mock
Provider signature verification (Shopify)PROVENLocal/mock
Provider signature verification (Custom HMAC)PROVENLocal/mock
Provider signature verification (Twilio)PARTIALNot V1-complete — form-urlencoded routing is PARTIAL
mTLS enforcement (agent routes)PROVENLocal/mock validated
HMAC verification (agent routes)PROVENLocal/mock validated
Idempotency / duplicate detectionPROVENLocal/sandbox (FO-005, FO-006)
Tenant isolation (application layer)PROVENLocal/sandbox negative tests
API-key enumeration resistancePROVENNegative-tested
MCP permission boundaryPROVENHandler-level negative tests
Integrity evidencePROVENAutomated integrity verification
Outbound-only edge delivery modelPROVENArchitectural, validated in local/sandbox
Stripe cloud E2E proof[CLOUD-GATED]Historical proof exists on GKE; current revalidation AUTHORIZATION_BLOCKED
SSRF on SaaS dispatchBACKLOGScoped controls exist (ValidateTargetURL, SSRFDialContext, FLOW-02/03 hardening) — SaaS-wide dispatch not validated
Redirect-chain abusePARTIALWebhook dispatch path uses NoRedirects/SafeRedirects — most other clients follow redirects by default
Parser / payload bombsNOT_CLAIMEDNo global validated parser limits
Rate-limit bypassNOT_CLAIMEDNot validated across alternate surfaces
Timing side-channelsNOT_CLAIMEDNot validated
Header / forwarded-identity spoofingNOT_CLAIMEDTrust boundary not validated

Machine-Readable Summary

For AI agents and automated tooling, a machine-readable version of this summary is available: