{
  "version": "v1.0",
  "status": "ACTIVE",
  "document_role": "security_monitoring_authority",
  "objective": "Define canonical monitoring coverage for server, application, runtime and memory security.",
  "monitoring_domains": {
    "host_baseline": [
      "ssh_policy_defined",
      "firewall_policy_defined",
      "sudo_policy_defined",
      "patch_policy_defined",
      "service_exposure_reviewed",
      "network_exposure_reviewed"
    ],
    "application_baseline": [
      "auth_controls_present",
      "authorization_controls_present",
      "secrets_handling_defined",
      "error_state_policy_defined"
    ],
    "runtime_baseline": [
      "runtime_policy_defined",
      "sandbox_boundary_defined",
      "protected_env_controls_defined"
    ],
    "memory_and_retrieval": [
      "memory_scope_contract_loaded",
      "retrieval_scope_filter_enforced",
      "scope_violation_events_emitted",
      "cross_boundary_access_denied"
    ],
    "delivery_and_promotion": [
      "promotion_policy_defined",
      "approval_policy_defined",
      "backup_integrity_evidence_present"
    ]
  },
  "ui_security_panel_contract": {
    "required_cards": [
      "host_security_baseline",
      "runtime_security_baseline",
      "memory_isolation",
      "retrieval_scope_enforcement",
      "security_events",
      "promotion_security",
      "host_security_runtime",
      "ssh_hardening_runtime",
      "firewall_runtime",
      "fail2ban_runtime"
    ],
    "status_model": [
      "PASS",
      "FAIL",
      "MISSING"
    ]
  },
  "canon_meta": {
    "canon_id": "devon-security-monitoring-canonical",
    "version": "2.0.0",
    "status": "ACTIVE",
    "master_authority": "master_architecture_index.md",
    "preserve_original_content": true,
    "canonical_layer_key": "trust_layer",
    "phase_origin": [
      "phase-08"
    ],
    "installation_order": 15,
    "primary_stage": "foundations_security"
  },
  "governance_reference": {
    "master_authority": "master_architecture_index.md",
    "primary_axis": "canonical_layer",
    "secondary_axis": "deployment_order",
    "preserve_phase_registry": true,
    "preserve_original_content": true
  },
  "canonical_layer_key": "trust_layer",
  "phase_origin": [
    "phase-08"
  ],
  "installation_order": 15,
  "primary_stage": "foundations_security",
  "canonical_position": {
    "canonical_layer_key": "trust_layer",
    "phase_origin": [
      "phase-08"
    ],
    "installation_order": 15,
    "primary_stage": "foundations_security"
  },
  "runtime_observable_signals": {
    "host_security_runtime": [
      "host_snapshot.security.status",
      "host_snapshot.security.ufw.status",
      "host_snapshot.security.ufw.active",
      "host_snapshot.security.ufw.ssh_rule_present",
      "host_snapshot.security.fail2ban.status",
      "host_snapshot.security.fail2ban.active",
      "host_snapshot.security.fail2ban.sshd_jail_present",
      "host_snapshot.security.ssh_hardening.status",
      "host_snapshot.security.ssh_hardening.passwordauthentication",
      "host_snapshot.security.ssh_hardening.permitrootlogin",
      "host_snapshot.security.ssh_hardening.x11forwarding",
      "host_snapshot.security.ssh_hardening.allowtcpforwarding"
    ]
  }
}
