{
  "schema": "capps-security-operations-mesh-v1",
  "status": "public-production-route-live",
  "publishedAt": "2026-06-15T18:20:00Z",
  "route": "/capps-security-operations-mesh.html",
  "positioning": "CAPPS binds red-team, engineering and cyber-defence agent lanes to capsules, monitoring, audit proof and revocation.",
  "capsuleRule": "all security agent lanes move through capsule-bound roles and public-safe evidence states",
  "agentLanes": [
    { "name": "Red-Team Capsule", "state": "monitoring-route-active", "scope": ["adversarial review", "abuse-case mapping", "route probing", "claim challenge"], "boundary": "no public exploit payloads" },
    { "name": "Engineering Capsule", "state": "monitoring-route-active", "scope": ["validator fixes", "deployment checks", "file integrity", "route wiring"], "boundary": "no unreviewed production changes" },
    { "name": "Cyber-Defence Capsule", "state": "monitoring-route-active", "scope": ["header checks", "public exposure checks", "sensitive boundary", "revocation needs"], "boundary": "no public private logs" },
    { "name": "AI Core Security Assist", "state": "monitoring-route-active", "scope": ["risk classification", "safe checklists", "claim gating", "route planning"], "boundary": "human review required" }
  ],
  "sealedControls": [
    "capsule ID",
    "role gate",
    "route policy",
    "policy version",
    "review state",
    "expiry",
    "evidence hash",
    "revocation state"
  ],
  "monitoredSurfaces": [
    "CAPPS ID",
    "passport-style verification",
    "chosen access registry",
    "revocation audit ledger",
    "CAPPS Worlds",
    "chats",
    "broadcasts",
    "connections",
    "anti-bullying sentries",
    "Atomic Copilot",
    "SafeAI Registry",
    "Health Shield",
    "School Pilot",
    "public UI",
    "sitemap",
    "file integrity"
  ],
  "hardening": [
    "no private logs on public pages",
    "no credentials on public pages",
    "no exploit payload publication",
    "no unreviewed external claims",
    "human review required for high-risk security actions",
    "revocation before scale",
    "file integrity validation",
    "public route validation",
    "security header validation"
  ],
  "linkedRoutes": [
    "/atomic-copilot.html",
    "/capps-access-boundary.html",
    "/capps-chosen-access-registry.html",
    "/capps-revocation-audit-ledger.html",
    "/capps-age-passport-gateway.html",
    "/capps-worlds.html",
    "/public-data/capps-security-operations-mesh.json"
  ]
}