|
| 1 | +# Evidence Matrix — Enterprise-Shaped Scenario Harness |
| 2 | + |
| 3 | +## Status |
| 4 | + |
| 5 | +**Version:** v0.1 |
| 6 | +**Scope:** Synthetic / mocked downstream / CI replay |
| 7 | +**Rule:** Claims can widen only when evidence widens. |
| 8 | + |
| 9 | +## Matrix |
| 10 | + |
| 11 | +| Claim | Required evidence | Current proof | Missing proof | Next test | |
| 12 | +|---|---|---|---|---| |
| 13 | +| Missing authority blocks send | Gate returns `DENY` when `authority_token` is absent | ESP-001 synthetic harness and pytest assert `DENY` | Integration with real gate primitive | Wire ESP-001 to `commit_gate_core` gate object | |
| 14 | +| Denied action does not reach downstream adapter | Mock downstream adapter has zero send calls after denial | `test_esp_001_email_no_send.py` asserts `send_call_count == 0` and `sent_messages == []` | Live SMTP/API connector evidence | Add realistic connector boundary mock with call log fixture | |
| 15 | +| Receipt is written | Synthetic result records `receipt_written=true` and fixture exists | `ESP-001-refusal-receipt.json` + trace harness receipt | Persistent audit sink / append-only log | Add in-memory append-only receipt log with hash chain | |
| 16 | +| State does not mutate | Before and after state hashes match in synthetic trace | `run_scenario_001.py` asserts `before_hash == after_hash` | External state store evidence | Add state store mock with committed-state snapshot | |
| 17 | +| Scenario is replayable | Test runs under pytest and GitHub Actions workflow | `.github/workflows/enterprise-shaped-scenarios.yml` | Confirm passing CI run after merge/push | Inspect workflow result after trigger | |
| 18 | +| Path-local boundary is clear | Claim boundary states synthetic, path-local, not runtime enforcement | README, scenario, receipt claim boundary | External reviewer confirmation | Add hostile review issue template | |
| 19 | +| Enterprise readiness | Multiple realistic workflows, bypass tests, external review, controlled pilot | Not proven | Payment, access, HR, vendor risk, bypass suite, external review | Build ESP-002 payment expired-authority test | |
| 20 | +| Production enforcement | Live execution layer, routing proof, monitoring, persistence, failure handling | Not proven | Real integration and operational evidence | HOLD until real integration exists | |
| 21 | +| Compliance / certification | Independent qualified assessment against named standard | Not proven | Auditor/certifier review | HOLD until external authority exists | |
| 22 | + |
| 23 | +## Current score posture |
| 24 | + |
| 25 | +This is stronger than a documentation-only scenario because it now has: |
| 26 | + |
| 27 | +- inspectable structure |
| 28 | +- mocked downstream adapter |
| 29 | +- pytest non-call proof |
| 30 | +- synthetic trace harness |
| 31 | +- receipt fixture |
| 32 | +- CI replay surface |
| 33 | + |
| 34 | +It is still not enterprise-ready evidence because it lacks: |
| 35 | + |
| 36 | +- live execution layer |
| 37 | +- external review |
| 38 | +- real-world controlled application |
| 39 | +- path-universal bypass analysis |
| 40 | +- production or audit evidence |
| 41 | + |
| 42 | +## Compression line |
| 43 | + |
| 44 | +The harness proves a mocked downstream email adapter is not called when authority is missing. It does not prove live enterprise enforcement. |
0 commit comments