Appearance
Advisory intelligence contract (pilot)
All Waspada FMS alerts are advisory intelligence. The bank owns any freeze / risk-score decision.
Machine-readable fields (gateway-signed)
| Field | Pilot value | Notes |
|---|---|---|
disposition | advisory | actionable requires corroboration_count ≥ CORROBORATION_ACTIONABLE_THRESHOLD (default 3). Unreachable with a single design partner. |
client_reported_confidence | 0–1 | SDK extraction_confidence — client-claimed, not gateway-assessed. Signed for integrity only. |
mule_key | sha256(account|bic) | Stable identity for dedupe / future corroboration. |
corroboration_count | 1 | This submission only (Phase A). Partner-signed counts only — see source tier. |
action_requested | MONITOR | Never ELEVATE_RISK_SCORE while advisory. |
urgency | HIGH / CRITICAL | Enrichment signal (e.g. young domain). Not a freeze instruction. |
advisory_notice | fixed string | Also covered by gateway_signature. |
source_tier | partner_signed (pilot) | First-class trust field — see below. |
Do not wire urgency alone to an auto-freeze. Verify gateway_signature over the canonical signed payload (includes disposition / client_reported_confidence / mule_key).
STIX egress stamps the same advisory framing on indicator and threat-actor objects (x_waspada_disposition, real mapped confidence — never a fabricated 95). Auto-actionable STIX indicators are suppressed while disposition is advisory (federation rule).
Analyst dispositions
POST /api/v1/alerts/disposition records { alert_id, mule_key, disposition } as a structured disposition_recorded log event (Phase A). There is no queryable store until Phase B.
Source tier & public-triage quarantine (ADV-005)
Status: Contract locked before public ingest / WhatsApp magic-link surfaces exist.
Pilot today: only thepartner_signedpath is live. Quarantine table andsource_tierenforcement land with public ingest — not after.
Crowd / anonymous reports are a poisoning vector into corroboration and FMS. Most “report a scam” apps let crowd reports drive blocklists directly. Waspada does not: crowd reports are structurally incapable of affecting a bank decision without corroboration or accountable analyst promotion. That is a differentiator — put it in the CISO pack, not only here.
Taxonomy (source_tier)
| Tier | Origin | Trust |
|---|---|---|
partner_signed | Partner RS256 JWT ingest | May increment corroboration, may reach FMS (advisory), may federate via STIX under advisory rules. |
public_triage | Anonymous sandbox / WhatsApp magic-link funnel | Quarantine tier. Never bank-affecting on its own. |
analyst_promoted | A public_triage indicator an analyst explicitly reviewed | Analyst is the accountable party; only then may the indicator count / federate as if partner-grade (still advisory until corroboration threshold). |
mule_key remains the join key across tiers. Promotion happens only via (a) analyst action that sets analyst_promoted, or (b) an independent partner_signed event for the same mule_key.
Hard “never”s — public_triage (named checkpoints)
| Invariant | Enforcement point |
|---|---|
Never increments corroboration.report_count | Corroboration UPSERT in persistAlert / alerts-repo — skip when source_tier = public_triage. |
Never creates a delivery_outbox row / reaches a bank FMS | enqueueDelivery — refuse / no-op for public_triage. |
Never counts toward the corroboration_count that gates advisory → actionable | resolveAdvisoryContract — only partner_signed (+ post-promotion analyst_promoted) reports contribute. |
| Never emits an auto-actionable STIX indicator SDO | STIX formatter — suppress actionable indicators while disposition is advisory; public_triage never raises disposition. |
Never is written to alerts | Public ingest routes to triage_quarantine, not alerts. |
What public_triage may do
- Extract and show indicators to the submitting user on-device (sandbox).
- Persist to a separate
triage_quarantinetable (encrypted envelopes / tenancy pattern aligned with B0 where applicable). - Surface on an analyst queue for review.
- Join later to a
partner_signedevent on the samemule_key(partner event remains the bank-facing authority).
Quarantine store governance (PDPA)
Anonymous-sourced account numbers are still pseudonymous personal data. triage_quarantine is its own governed surface — not an ungoverned side pool.
| Control | Rule |
|---|---|
| Retention | 30 days default (retention_expires_at) — shorter than the 90-day partner alerts default. |
| Erasure | Crypto-shred / delete row + purge mule_key from quarantine indexes; same backup-bound discipline as partner stores. |
| DPIA | Own line in DPIA — purpose, legal basis, retention, poisoning residual risk. |
| Runbook | Row in Retention & erasure. |
STIX federation
Automated STIX federation suppresses auto-actionable indicator SDOs while disposition is advisory. public_triage origin never produces actionable disposition. Federation of quarantined indicators (if any) must carry x_waspada_source_tier: public_triage and remain non-actionable until promotion + contract rules allow.
Implementation gate
Do not ship WhatsApp magic-link mint, anonymous sandbox→gateway ingest, or a triage_quarantine writer until:
source_tieris present on the ingest/alert path and checked at the four checkpoints above, and- Mint endpoints (if any) are authenticated + rate-limited (never an open link-minting oracle).
Until then, public sandbox stays client-local (draft police report on-device; no anonymous gateway write into alerts / corroboration / outbox).