Security / Transport

How CAPPS protects assets and data.

CAPPS handles access control. Capsule handles session verification. Layer 6 is the protected private core.

Return Home Spendability Portal Whitepaper Roadmap

Core Terms

Each term has one job.

Atomic AI Nexus

The public product surface users land on first.

CAPPS

The access-control and route-policy system.

Capsule

The scoped verification session required before protected routes open.

Layer 6

The protected private core where operator routes, vault logic, and sensitive systems stay isolated.

AI Core

The private operational intelligence layer that helps monitor routes and classify actions behind the public surface.

Security Views

CAPPS control and public trust surfaces together.

CAPPS board showing architecture, modules, and Capsule flow.
Atomic AI ecosystem board showing homepage, architecture, explorer, CAPPS, rails, status, and docs.

Transport Model

Verified first, then transported, then monitored.

CAPPS does not treat transport as an open pipe. A wallet must verify through Capsule, the route must pass policy, and value-touching actions must remain inside the allowed lane. That keeps public users out of Layer 6 and keeps asset movement auditable.

Capsule Gate

Capsule binds the user to a scoped session before any move opens. That gives the system a known identity, a known route, and a record of who requested the action.

Policy Relay

The gateway only relays allowed actions. It checks lane rules, write limits, and route boundaries so a public request cannot silently become a core operation.

Settlement Proof

POS and utility actions create a request first, then settle only after the signed transfer or proof arrives. That prevents loose, untracked movement.

Asset Safety

Funds stay separated from the public surface.

Reserve Boundary

The reserve is treated as protected, not casually spendable. Capped redemption, liquidity checks, and treasury safety checks keep that boundary visible.

Checkout Boundary

The internal POS rail creates a payment request and only settles after a wallet-signed transfer. That keeps the merchant path and settlement path separate.

Governance Boundary

CAPPS governance lanes control who can activate, authorize, or write. The founder path remains explicit and the public route never gets direct core write access.

Audit Boundary

All meaningful actions leave a log trail. That includes payment requests, settlements, lane decisions, and monitoring outputs so post-event review is possible.

Data Safety

Private data stays inside the sealed core boundary.

Core Isolation

Layer 6 is the protected private core. Public pages can explain the system, but they do not get unrestricted direct access to operator routes or vault data.

Scoped Session Data

Capsule sessions carry the minimum state needed for the current lane. That reduces accidental exposure and keeps identity, routing, and action scope tightly coupled.

Read-Only Surfaces

Explorer-style pages are read-only by design. They expose indexed activity and public state, not private write paths or direct operator controls.

Monitoring

AI Core and operational checks watch the stack continuously.

AI Core

The AI Core sits behind the public surface and helps coordinate routes, classify actions, and keep policy-aware operations inside the approved lanes.

Command System

The command system keeps the operating picture coherent so the right checks, alerts, and limits apply before a user reaches a sensitive boundary.

Operational Defense

Cyber defense agents, red-team agents, scouts, and sentries provide layered review: detect, probe, observe, and hold the line before drift becomes exposure.

Operational Checks

What actually keeps the system honest.

Monitor Layer

The Layer 6 monitor snapshots payments, spendability, reserve state, and recent activity so operators can see what moved and why.

Treasury Safety

Treasury checks watch for active relayers, manual-only units, and unlocked spend flags before any mainnet movement is treated as safe to proceed.

Hardening

Hardening checks look for policy violations, exposed control paths, and unsafe process patterns so the stack can be locked down as it evolves.

Review Trail

Every request, settlement, and gate decision leaves evidence. That makes the system auditable instead of relying on memory or trust alone.

Bottom Line

What users should expect.

Once a user is transported through the CAPPS flow, their assets and data are handled inside a bounded, logged, policy-checked path. That is safer than an open public route, but it is not magic and not flawless. The protection comes from layered verification, scoped settlement, private core isolation, and continuous monitoring by AI Core and operational defense checks.

Trust hubPublished proof set
Contract auditVerification and privileges
DNS proofDomain control posture
Incident responseDisclosure and containment