Security Review Evidence

Generated from executable security defaults and checked-in proof lanes in this repository.

Rerun Commands

mix ci.security
mix ci.verify
mix relyra.conformance --check
mix relyra.security_review --check
mix test test/security/strict_default_proof_test.exs --warnings-as-errors
mix test test/relyra/ecto/escape_hatch_audit_test.exs --warnings-as-errors

Strict Default Evidence

claim	executable state	seam	proof command	artifact
strict default signature policy	6 allowed signature methods; legacy SHA-1 override absent by default	`Relyra.Security.AlgorithmPolicy.default/0`	`mix test test/security/strict_default_proof_test.exs --warnings-as-errors`	`test/security/strict_default_proof_test.exs`
strict default digest policy	3 allowed digest methods; SHA-1 rejected unless time-boxed	`Relyra.Security.AlgorithmPolicy.enforce_digest_method/2`	`mix test test/security/strict_default_proof_test.exs --warnings-as-errors`	`test/security/strict_default_proof_test.exs`
relay_state raw URL rejection	opaque `rs_` handles only; raw URLs fail closed	`Relyra.Security.RelayState.validate/1`	`mix test test/security/strict_default_proof_test.exs --warnings-as-errors`	`test/security/strict_default_proof_test.exs`
signed content trust rejection	document-provided `KeyInfo` is never accepted as a trust source	`Relyra.Security.Signature.verify/3`	`mix test test/security/strict_default_proof_test.exs --warnings-as-errors`	`test/security/strict_default_proof_test.exs`

Escape Hatch And Audit Evidence

claim	executable state	seam	proof command	artifact
legacy unsigned metadata escape hatch is explicit and time-boxed	bypass exists only through `legacy_unsigned_metadata_policy.allow_until` on a metadata source	`Relyra.Metadata.AutoRefresh.refresh/2`	`mix test test/relyra/ecto/escape_hatch_audit_test.exs --warnings-as-errors`	`test/relyra/ecto/escape_hatch_audit_test.exs`
risky compatibility paths remain attributable	actor, cause, and correlation_id remain attached to metadata and audit rows	`Relyra.Ecto.MetadataApply` + `Relyra.Ecto.AuditWriter`	`mix test test/relyra/ecto/escape_hatch_audit_test.exs --warnings-as-errors`	`test/relyra/ecto/escape_hatch_audit_test.exs`
reviewer-facing evidence stays redaction-safe	actor PII is omitted and correlation_id is hashed in export	`Relyra.Diagnostic.AllowList.export_audit_log/1`	`mix test test/relyra/ecto/escape_hatch_audit_test.exs --warnings-as-errors`	`test/relyra/ecto/escape_hatch_audit_test.exs`
prior conformance and corpus regressions remain part of the packet	existing generated evidence is still required for review reruns	`Mix.Tasks.Relyra.Conformance`	`mix relyra.conformance --check`	`CONFORMANCE.md`

Linked Artifacts

artifact	role
`SECURITY_REVIEW.md`	canonical reviewer entry point
`docs/security_boundary.md`	trust-boundary and scope map
`docs/security_findings.md`	findings ledger and remediation policy
`SECURITY.md`	public policy and release prerequisites
`CONFORMANCE.md`	generated conformance and CVE regression evidence

← Previous Page Security Review Packet

Next Page → Security Boundary Map