{
  "$schema": "https://calm.finos.org/release/1.1/meta/calm.json",
  "unique-id": "poc-hypergraph-incident-response-fabric",
  "name": "PoC Shared Domain Hypergraph - Incident Response Fabric",
  "description": "A FINOS CALM (tm:finos-calm) v1.1 architecture of the cross-industry, private incident-response fabric. Insurers, insured enterprises, agent runtimes, standards bodies, and the PoC evidence layer collaborate on attributed, privacy-bound incident response. Controls are keyed to Standards Anchor Registry (tm:) slugs; every node/relationship is followable to a standard clause (std:) via the crosswalk.",
  "metadata": {
    "channel": "djat-poc-hypergraph-20260716",
    "modeling_language": "tm:finos-calm",
    "integrates_with": "Pathways encodings (hypergraph-pathways/) + Trust Key deep links (poc-hypergraph://)",
    "poc_construct": "tm:poc-cv-standard"
  },
  "nodes": [
    {
      "unique-id": "insured-enterprise",
      "node-type": "actor",
      "name": "Insured Enterprise",
      "description": "An organization deploying agentic AI whose security posture is underwritten. Seals incidents privately and exposes conformance tiers to the fabric."
    },
    {
      "unique-id": "ciso",
      "node-type": "actor",
      "name": "CISO / Security Team",
      "description": "Human principals who file private incident reports and honor response requests on behalf of the insured enterprise."
    },
    {
      "unique-id": "insurer",
      "node-type": "actor",
      "name": "AI Insurer / Underwriter",
      "description": "Prices AI risk from attributed, verifiable incident evidence rather than claim-based assurances. Realizes tm:aiuc-1.",
      "metadata": { "insurance_bifurcation": "AI-embracing side" }
    },
    {
      "unique-id": "assessor",
      "node-type": "actor",
      "name": "Independent Assessor",
      "description": "Accredited third party who attests conformance tiers. Verifies Trust Keys offline; does not need issuer platform access."
    },
    {
      "unique-id": "agent-runtime",
      "node-type": "system",
      "name": "Agentic AI Runtime",
      "description": "The boundary-crossing agent whose actions must be made evidenceable. The subject of the vulnerability lifecycle.",
      "controls": {
        "zero-trust-access": {
          "description": "Authenticate and authorize every agent request (NIST SP 800-207).",
          "requirements": [
            { "requirement-url": "tm:nist-sp-800-207", "config": { "sdg_domain": "authorization", "node": "authorization:access_decision" } }
          ]
        },
        "least-privilege": {
          "description": "Minimal capability grants; expansion is a non-delegable act.",
          "requirements": [
            { "requirement-url": "tm:anthropic-zt-agents", "config": { "sdg_domain": "authorization", "node": "authorization:least_privilege" } }
          ]
        }
      }
    },
    {
      "unique-id": "tool-gateway",
      "node-type": "service",
      "name": "MCP / Tool Gateway",
      "description": "Filters and mediates agent tool access; introspects MCP to do tool filtering. Where tool-misuse (ASI02) is contained.",
      "controls": {
        "mcp-tool-filtering": {
          "description": "Filter which tools an agent may reach (OWASP AISVS MCP Security).",
          "requirements": [
            { "requirement-url": "tm:owasp-aivss", "config": { "sdg_domain": "security", "node": "security:mcp_security" } }
          ]
        }
      }
    },
    {
      "unique-id": "tee-enclave",
      "node-type": "system",
      "name": "TEE / Confidential Compute Enclave",
      "description": "Attests the execution environment was untampered; a mechanism the evidence layer builds on.",
      "controls": {
        "enclave-attestation": {
          "description": "Attest enclave integrity as an input to signed evidence.",
          "requirements": [
            { "requirement-url": "tm:confidential-computing-tee", "config": { "sdg_domain": "security", "node": "security:tee_control" } }
          ]
        }
      }
    },
    {
      "unique-id": "poc-evidence-layer",
      "node-type": "service",
      "name": "Proof-of-Control Evidence Layer",
      "description": "Signs each agent action at the moment it occurs, producing tamper-resistant runtime evidence placed on the verification spectrum. The core of tm:poc-cv-standard.",
      "controls": {
        "signed-runtime-evidence": {
          "description": "Tamper-resistant log signed at the moment of each action; exists before any dispute.",
          "requirements": [
            { "requirement-url": "tm:poc-cv-standard", "config": { "std": "std:poc-cv-0.1.0-rev/part2/evidence-properties", "sdg_domain": "security", "node": "security:signed_evidence" } }
          ]
        },
        "cryptographic-verification": {
          "description": "Stage-3 evidence mathematically checkable by any party without trusting the operator.",
          "requirements": [
            { "requirement-url": "tm:poc-cv-standard", "config": { "std": "std:poc-cv-0.1.0-rev/part2/spectrum", "sdg_domain": "provenance", "node": "provenance:crypto_verify" } }
          ]
        }
      }
    },
    {
      "unique-id": "trust-key-service",
      "node-type": "service",
      "name": "Trust Key Linking Primitive",
      "description": "Mints portable, offline-verifiable provenance roots with dimensional deep links (poc-hypergraph://). The linking mechanism across every indexed dimension.",
      "controls": {
        "hash-linked-cross-reference": {
          "description": "Cross-reference planes by hash only; no merged super-hash.",
          "requirements": [
            { "requirement-url": "Pattern.TrustKey.ProvenanceKey", "config": { "merge_policy": "hash_linked_cross_reference_only" } }
          ]
        }
      }
    },
    {
      "unique-id": "incident-fabric",
      "node-type": "system",
      "name": "Private Incident-Response Fabric",
      "description": "The shared, in-network collaboration surface: seal -> private report -> honor -> emerge. Accretes attributed response patterns and threat intel without exposing raw incident detail.",
      "controls": {
        "incident-response-governance": {
          "description": "Zero-trust incident-response governance for autonomous agents (CSA ATF).",
          "requirements": [
            { "requirement-url": "tm:csa-atf", "config": { "sdg_domain": "security", "node": "security:response_playbook" } }
          ]
        },
        "coordinated-disclosure": {
          "description": "Timed, attributed disclosure balancing the privacy floor against collective defense.",
          "requirements": [
            { "requirement-url": "tm:owasp-agentic-top10", "config": { "sdg_domain": "security", "node": "security:disclosure" } }
          ]
        }
      }
    },
    {
      "unique-id": "standards-registry",
      "node-type": "ecosystem",
      "name": "Standards Anchor Registry",
      "description": "The trademark-like registry (tm:) of every named standard/community. Each anchor is an authenticated entry point for engagement. Includes tm:finos-calm, tm:finos-aigf, tm:finos-ccc.",
      "metadata": { "registry": "hypergraph-domain/registry/external-names.yaml" }
    }
  ],
  "relationships": [
    {
      "unique-id": "ciso-files-report",
      "relationship-type": { "interacts": { "actor": "ciso", "nodes": ["incident-fabric"] } },
      "description": "The CISO files a private incident report into the fabric (Hypergraph.Incident.PrivateReport@v1)."
    },
    {
      "unique-id": "enterprise-runs-agent",
      "relationship-type": { "composed-of": { "container": "insured-enterprise", "nodes": ["agent-runtime", "tool-gateway", "tee-enclave"] } },
      "description": "The insured enterprise deploys the agent runtime behind a tool gateway on confidential compute."
    },
    {
      "unique-id": "agent-through-gateway",
      "relationship-type": { "connects": { "source": { "node": "agent-runtime" }, "destination": { "node": "tool-gateway" } } },
      "protocol": "mTLS",
      "description": "Agent tool calls are mediated by the MCP/tool gateway (contains ASI02 tool misuse)."
    },
    {
      "unique-id": "agent-in-enclave",
      "relationship-type": { "deployed-in": { "container": "tee-enclave", "nodes": ["agent-runtime"] } },
      "description": "The agent executes inside the attested enclave."
    },
    {
      "unique-id": "runtime-emits-evidence",
      "relationship-type": { "connects": { "source": { "node": "agent-runtime" }, "destination": { "node": "poc-evidence-layer" } } },
      "protocol": "HTTPS",
      "description": "Every action is signed by the PoC evidence layer at the moment it occurs.",
      "controls": {
        "sign-at-action-time": {
          "description": "Bind evidence to the action before any dispute arises.",
          "requirements": [
            { "requirement-url": "tm:poc-cv-standard", "config": { "std": "std:poc-cv-0.1.0-rev/part2/evidence-properties" } }
          ]
        }
      }
    },
    {
      "unique-id": "evidence-minted-into-trustkey",
      "relationship-type": { "connects": { "source": { "node": "poc-evidence-layer" }, "destination": { "node": "trust-key-service" } } },
      "description": "Signed evidence is bound into a Trust Key provenance root with dimensional deep links."
    },
    {
      "unique-id": "trustkey-into-fabric",
      "relationship-type": { "connects": { "source": { "node": "trust-key-service" }, "destination": { "node": "incident-fabric" } } },
      "description": "Trust Keys carry attributed, privacy-bound incident evidence into the fabric (deep links only)."
    },
    {
      "unique-id": "insurer-reads-fabric",
      "relationship-type": { "interacts": { "actor": "insurer", "nodes": ["incident-fabric"] } },
      "description": "The insurer underwrites from attributed conformance tiers and response patterns (Hypergraph.Underwrite.ThreatProfile@v1).",
      "controls": {
        "underwrite-on-evidence": {
          "description": "Price AI risk on verifiable evidence, not claim-based assurances.",
          "requirements": [
            { "requirement-url": "tm:aiuc-1", "config": { "sdg_domain": "security", "node": "security:insurer_fabric" } }
          ]
        }
      }
    },
    {
      "unique-id": "assessor-verifies-trustkey",
      "relationship-type": { "interacts": { "actor": "assessor", "nodes": ["trust-key-service"] } },
      "description": "The assessor verifies Trust Keys offline (Pathways.TrustKey.Verify@v1) - powerful party does least."
    },
    {
      "unique-id": "fabric-registers-anchors",
      "relationship-type": { "connects": { "source": { "node": "incident-fabric" }, "destination": { "node": "standards-registry" } } },
      "description": "Every control and pattern in the fabric cites a tm: anchor; mentions are tracked by the anchor-name ledger."
    }
  ],
  "flows": [
    { "unique-id": "vulnerability-lifecycle", "$ref": "../flows/vulnerability-lifecycle.flow.calm.json" }
  ]
}
