{"app":"13flow","buyer_security_questions":["Who owns token custody and rotation on the buyer side?","Which scopes are needed for the pilot and which are deliberately excluded?","What request volume and burst profile should be configured before go-live?","Does the buyer require IP allow-listing, contractual DPA clauses or a custom retention policy?","Which evidence links must be archived before recurring access begins?"],"core_v1_boundary":{"change_rule":"prefer extending existing contracts over adding new surfaces","keep_out":["public account or payment collection","public prospect PII persistence","automated billing or CRM workflow","production x402 settlement","validated alpha, expected-return or probability claims","new dashboards when existing admin, buyer, onboarding or workspace surfaces can carry the need"],"operator_review_required":true,"pro_boundary":{"default_customer_scopes":["funds:read","quality:read","workspace:write"],"forbidden_customer_scopes":["admin:read"],"operator_issued_keys":true,"tokens_included_in_payloads":false,"web_worker_creates_tokens":false},"public_open_build":{"browser_accounts":false,"public_offer_usd_per_month":19,"public_submission_endpoint":false,"read_only":true,"sandbox_only_key":true,"self_serve_checkout":false,"token_collection":false},"required_gates":["pytest offline suite","public smoke","Pro workspace smoke","Pro key lifecycle smoke","encrypted Pro DB backup restore verification"],"routine_publication":{"manual_13f_review_required":false,"mode":"automated_fail_closed","signal_rule":"only trusted funds are eligible for scores, consensus and watchlist signals"},"sales_motion":"controlled_pilot_only","source":"docs/CORE_V1_BOUNDARY.md","status":"controlled_pilot_core_v1"},"data_quality":{"evidence":["/coverage","/api/data-quality"],"manual_13f_review_required_for_routine_publication":false,"mode":"automated_fail_closed","quarantined_funds":0,"review_items":11,"signal_eligible_funds":44,"signal_rule":"only trusted funds are eligible for scores, consensus and watchlist signals","trusted_funds":44},"evidence_links":[{"href":"/api/research-readiness","label":"Research readiness"},{"href":"/api/security-posture","label":"Security posture"},{"href":"/coverage","label":"Coverage and quality"},{"href":"/validation","label":"Validation boundary"},{"href":"/api/openapi.json","label":"Public OpenAPI"}],"generated_at":"2026-07-15T23:13:29+00:00","git_sha":"d002a2dd2ffce5d0fe1d0e8a1f742e18c3df0cfa","mcp_surface":{"evidence":["/methodology/mcp","/developers"],"host_origin_policy":"MCP server enforces Host/Origin validation and a bounded request body","pro_tool_boundary":"Private tools fail closed without a valid operator-issued key","public_path":"/api/mcp","rate_limit":"per-client rate limit in MCP process","transport":"streamable-http"},"non_claims":["third-party penetration test","SOC 2, ISO 27001 or regulated outsourcing certification","public self-serve account flow","managed-service SLA","validated alpha or investment advice","complete coverage of non-13F assets, shorts or intra-quarter trades"],"operations":{"backup":"private DB backup is encrypted and restore verification is performed off-host with the private key","deploy_gate":"public smoke and private workspace checks must pass after each deploy","external_checks_required":[{"command":"sudo EXPECTED_SHA=$SHA /opt/13flow/deploy/smoke-public.sh","id":"public_smoke","status":"external_required"},{"command":"sudo EXPECTED_SHA=$SHA PRO_TOKEN=\"$PRO_TOKEN\" /opt/13flow/deploy/smoke-pro-workspace.sh","id":"pro_workspace_smoke","status":"external_required"},{"command":"/opt/13flow/deploy/prepare-pro-backup-restore-check.sh and deploy/verify-pro-db-backup.sh on restore host","id":"encrypted_backup_restore","status":"external_required"},{"command":"systemctl list-timers | grep 13flow-pro-workspace-snapshot","id":"snapshot_timer","status":"external_required"}],"operator_boundary":"This endpoint does not read systemd, Apache configs, journal logs, backup files or secrets. Those remain operator-side checks."},"privacy":{"payload_policy":"security posture exposes controls and evidence links, never keys, hashes, IPs, user agents or request bodies","public_accounts":false,"secrets_in_payloads":false,"self_serve_checkout":false,"tokens_echoed":false},"pro_surface":{"audit":"accepted, denied and rate-limited Pro requests create audit rows without storing plaintext tokens","browser_storage":"diagnostic/cockpit pages use sessionStorage only; not localStorage","cache_policy":"private no-store for authenticated Pro responses","credential_headers":["Authorization: Bearer <token>","X-13FLOW-Key: <token>"],"evidence":["/api/pro/v1/status","/api/pro/v1/usage","/api/pro/v1/onboarding","/pro/onboarding"],"rate_limits":"persistent per-key minute/day quotas","service_boundary":"separate /api/pro/v1 service with scoped API keys","token_in_url_allowed":false,"workspace_limits":{"max_activity_returned":100,"max_alerts_returned":100,"max_history_returned":100,"max_request_bytes":262144,"max_snapshots_per_watchlist":100,"max_tickers_per_watchlist":50,"max_watchlists_per_key":50}},"public_surface":{"auth_billing_accounts":"not registered in open mode","evidence":["/api/version","/api/config","/api/live-status","/api/openapi.json"],"headers":["nosniff baseline","DENY frame policy","no-referrer baseline","per-response CSP with no third-party scripts"],"mode":"read_only_open_build","mutation_policy":"public endpoints are GET-oriented; Pro writes live only behind the separate Pro service","synthetic_data":false},"scope":"Security posture for a controlled technical pilot. This is an operator evidence pack, not a third-party penetration test, SOC 2 report, investment-advice review or managed-service SLA.","status":"controlled_pilot_security_ready"}
