Capability Truth Matrix

Complete matrix of platform capabilities with their implementation status, operator impact, and source of truth.

beginner4 min readimplemented

Overview#

This matrix documents the implementation status of every Intended platform capability. Each subsystem is categorized as:

Implemented — fully operational in production
Staged — designed and documented but not yet available in production
Readiness — integration surface exists but runtime behavior is not yet active

Info

This matrix is validated against the platform codebase. Last validated: 2026-03-10.

Subsystem	Status	Operator Impact	Source of Truth
Intent Gateway	Implemented	Accepts and validates all intent evaluation requests	code
Policy Engine	Implemented	Evaluates intents against active policy set	code
Semantic Analysis	Implemented	Enriches intent context with structured signals	code
Decision Token Signing	Implemented	Issues RS256-signed authorization tokens	code
Audit Pipeline	Implemented	Records all evaluation decisions to append-only log	code
Policy Store	Implemented	Version-controlled policy lifecycle management	code

Capability	Status	Operator Impact	Source of Truth
Policy Authoring	Implemented	Create and validate policies via CLI and API	code
Policy Simulation	Implemented	Compare, drift-detect, and blast-radius analysis	code
Policy Deployment	Implemented	Staged deployment with approval gates	code
Policy Rollback	Implemented	Instant rollback to any previous version	code
Incident Response	Implemented	Audit trail querying, token inspection, kill switch	code
Control Center Dashboard	Implemented	Unified operational cockpit for runtime monitoring and audited interventions	code

Info

Control Center is live and integrates throughput, topology health, anomaly pressure, and emergency intervention controls.

Capability	Status	Operator Impact	Source of Truth
Tenant Management	Implemented	Create, configure, suspend, and delete tenants	code
Role-Based Access	Implemented	Built-in and custom roles with permission boundaries	code
API Token Governance	Implemented	Create, rotate, revoke tokens with scope constraints	code
Audit Export	Implemented	Export audit events in JSON, CSV, or Parquet	code
Emergency Controls	Implemented	Kill switches, circuit breakers, bulk token revocation	code
Identity Provider Integration (SSO)	Implemented	Runtime OIDC/SAML + SCIM provisioning with tenant-bound enforcement and auditability	code

Info

Identity provider support is operational with runtime OIDC/SAML callback handling, SCIM lifecycle endpoints, and tenant-bound enforcement controls.

Capability	Status	Operator Impact	Source of Truth
REST API (Intents)	Implemented	Submit and retrieve intent evaluations	code
REST API (Policies)	Implemented	CRUD operations on policy definitions	code
REST API (Audit)	Implemented	Query, filter, and export audit events	code
Decision Token Verification	Implemented	Verify tokens locally or via API	code
Enforcement SDK	Implemented	TypeScript/Python middleware for enforcement	code
Connector SDK	Implemented	Build custom connectors with fail-closed token validation and capability manifests	code
CLI	Implemented	Policy, token, deployment, and health operations	code

Warning

The Connector SDK is available with production-safe base adapter primitives and connector conformance expectations.

Capability	Status	Operator Impact	Source of Truth
Fail-Closed Defaults	Implemented	All failures result in deny decisions	code
Enforcement Lineage	Implemented	Full traceability from policy to enforcement	code
Cryptographic Token Signing	Implemented	RS256 signatures with key rotation	code
Tenant Data Isolation	Implemented	Complete data and key isolation per tenant	code
Operational Readiness Checks	Implemented	CLI and API health validation	code
Compliance Evidence Packs	Implemented	SOC2, ISO 27001, HIPAA-aligned exports	code