{
  "id": "attack_isolation_recovery",
  "label": "Attack Isolation & Recovery Canonical",
  "phase": "phase-14",
  "category": "fleet_monitoring_mirror_failover",
  "status": "ACTIVE_DH_MIRROR",
  "purpose": "Attack Isolation & Recovery Canonical is the Phase 14 authority that contains suspected compromise in a YEFF AI v1 client server before fleet, backup, mirror or failover systems spread the damage.",
  "function": "Classify attack or compromise indicators, isolate affected runtime paths, freeze unsafe synchronization, preserve forensic evidence, protect backup custody and route recovery through approved incident and failover gates.",
  "technology_requirements": [
    {
      "technology": "Attack Isolation & Recovery",
      "required_for": "Attack Isolation & Recovery Canonical is the Phase 14 authority that contains suspected compromise in a YEFF AI v1 client server before fleet, backup, mirror or failover systems spread the damage.",
      "required_by_phase": "phase-14",
      "required_by_category": "attack_isolation_recovery",
      "required_by_buckets": [
        "Prerequisites",
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until Attack Isolation & Recovery is implemented and validated in the future Execution & Monitoring Panel",
      "validation_command": "MISSING until attack_isolation_recovery can prove scope, evidence, execution state and promotion decision",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/attack_isolation_recovery.json",
      "status_source": "Documentation Hub + future Execution & Monitoring Panel",
      "blocking_if_missing": true,
      "failure_impact": "If this gate fails, Devon can preserve availability while spreading malicious or corrupted state into backups, mirrors, standby paths or central records."
    }
  ],
  "depends_on": [],
  "used_by": [],
  "overview": {
    "summary": "Attack Isolation & Recovery Canonical is the Phase 14 authority that contains suspected compromise in a YEFF AI v1 client server before fleet, backup, mirror or failover systems spread the damage.",
    "function": "FUNCTION: Classify attack or compromise indicators, isolate affected runtime paths, freeze unsafe synchronization, preserve forensic evidence, protect backup custody and route recovery through approved incident and failover gates.",
    "system_position": "This category owns hostile-condition containment. It is not ordinary incident handling and not generic server recovery. The exclusive risk here is contaminated recovery. During attack, normal automation can replicate, mirror, notify or fail over compromised state unless isolation comes first.",
    "failure_impact": "If this gate fails, Devon can preserve availability while spreading malicious or corrupted state into backups, mirrors, standby paths or central records."
  },
  "failure_impact": "If this gate fails, Devon can preserve availability while spreading malicious or corrupted state into backups, mirrors, standby paths or central records."
}
