Manifest scope
Declare what Seal may inspect and which paths or authority claims remain outside scope.
Report-Only Evidence Boundary
Latticra Seal
Seal is Latticra's local verification and policy-boundary layer. It records evidence, denials, report-only dry runs, and non-authority posture before runtime enforcement can be claimed.
Current Role
Describe, measure, report, deny.
Seal begins with bounded evidence: manifests, hash baselines, policy checks, and deterministic reports. It is not a production security product, sandbox, root installer, kernel layer, network authority, or runtime enforcement authority.
Hash baseline
Compare local evidence against lock material and report changed, missing, or new records.
Policy checks
Fail closed for malformed input, unsupported authority, denied paths, or unsafe assumptions.
Report surface
Emit human-readable local evidence with mode, status, warnings, failures, and authority flags.
Future handoff
Prepare metadata for future runtime-boundary work without granting runtime authority now.
Dry-Run Posture
The runtime dry-run answers what would be refused.
The current dry-run report surface renders default-deny metadata for blocked requests. It does not execute tools, read or write host files, use the network, verify signatures, or grant runtime authority.
local evidence
default deny
operator review
Report Fields
What the current dry-run surface is meant to show.
These values keep the public posture narrow: a denied dry-run is evidence of refusal, not proof of host security.
Blocked Cases
Unsafe or unsupported requests stay denied.
Seal's current blocked-request vocabulary is explicit so readers can tell which negative cases are represented.
Unknown tool
Unsupported tools remain denied instead of guessed or auto-approved.
Unsigned request
Missing request signature metadata remains a blocked case.
Invalid schema
Malformed or unsupported parameter shape fails closed.
Stale request
Freshness failures remain denied in the metadata path.
Replayed request
Replay-class cases remain blocked without mutating a live replay cache.
Invalid signature
Invalid signature metadata stays denied without claiming production verification.
Authority Boundary
PASS does not mean the host is secure.
A passing Seal check means the checked evidence matched the declared local expectations for that command. It does not mean production security, malware prevention, runtime isolation, kernel enforcement, or certification.
Present
Local reports, manifest/hash baseline, policy regression, blocked-case metadata, and dry-run report surface.
Denied
Network authority, runtime enforcement authority, root authority, host mutation, tool execution, and production-security claims.
Promotion rule
Runtime enforcement can be considered only after implementation, status alignment, negative-case evidence, and guarded tests exist.
Local Checks
Run Seal as a report and regression lane.
These commands are local evidence checks. They do not grant root, network, runtime, or host-protection authority.
Smoke and report lanes
make seal
sh scripts/test-latticra-seal-report.shPolicy denials
make seal-policy-denials
sh scripts/test-latticra-seal-policy-decision.shRuntime dry-run report
sh scripts/latticra-seal-runtime-dry-run-report.sh
sh scripts/test-latticra-seal-runtime-dry-run-report-surface.shSource Records
Use the exact Seal records for authority claims.
Seal docsSubsystem landing page and documentation map.
Seal statusCurrent readiness, evidence, and authority limits.
ReportsReport meanings, fields, PASS, and FAIL interpretation.
Cryptographic assuranceFIPS/CMVP claim gates, key lifecycle, Seal crypto metadata, and no signing authority.
Crypto assurance baselineExact source record for crypto claim gates, randomness, post-quantum planning, and non-claims.
Dry-run reportDefault-deny runtime dry-run report surface.