Appearance
Security & Readiness Overview
Audience: CISOs, FI risk reviewers, and integration leads
Last reviewed: 2026-07-11 (v0.1.0)
Product: Waspada AI — edge-first Malaysian mule-fraud telemetry (SDK → partner JWT → gateway → FMS / STIX / analyst SSE)
Readiness status
Waspada is past "hardened demo" and into operable pilot infrastructure. The trust stack is designed, implemented, and — for the durable path — exercised under controlled failure. It is not yet bank-production or RMiT-certified.
| Context | Status | Conditions |
|---|---|---|
| Supervised pilot (sandbox / BNM-sandbox) | Ready — with conditions | Advisory disposition only; partner JWT integration; FI retains freeze authority |
| Production / national infrastructure | Not yet | 4 gates open: independent VAPT, staging durable soak, FI RMiT acceptance, bank FMS webhook acceptance |
One-line status: Ship a supervised pilot today. Do not claim BNM-ready production until VAPT + staging durable soak + FI acceptance of the RMiT mapping.
What the hardening sprints delivered
Work landed as a deliberate sequence: close credibility holes → lock data foundations → measure extraction → ship durable runtime → prove ingest and outbox under load.
1. Credibility & AppSec
Closed adversarial-review residuals that would have failed a CISO read in minutes:
- HMAC
blinded_hash+ verifiable gateway signatures - Spec-shaped STIX egress; private/IPv6 host filtering
- PII dual gate (NRIC / phone / email); NRIC≠account disambiguation
- Hardened runtime (no demo signing oracle; Redis mandate via
REQUIRE_REDIS) - Advisory contract — alerts are intelligence, not automated freeze; ADV-005 public-triage quarantine
2. Phase B0 — durable data foundations
Postgres schema, tenancy, retention, and per-row DEK + AAD-bound alert envelopes. Boot refuses DATABASE_URL without a valid ALERT_DATA_KEK. Spec: phase-b0-foundations.
3. Extraction accuracy as a gate
Labeled Malay receipt corpus (n=37) with CI fail thresholds on account/BIC precision & recall. DuitNow QR “no account” treated as correct null — not invented. See security overview and EXTRACTION_METRICS.md.
Honest limit: NER/OCR/noisy screenshots are measured informationally, not CI-gated.
4. RMiT mapping + Phase B1–B4 runtime
| Layer | Shipped |
|---|---|
| Compliance | Paragraph-cited RMiT mapping across 10 domains (mapping ≠ certification) |
| B1 | 202 + event_id + schema_version: 2; durable audit_events; Redis Streams publish |
| B2 | Pipeline consumer; Streams consumer with processed_events idempotency |
| B3 | Encrypted alerts / corroboration writers |
| B4 | delivery_outbox + poller; Redis pub/sub for cross-replica SSE |
Runtime notes: phase-b1-b4-runtime.
5. Load-test + durable-path soak
| Topology | Result | Artifact |
|---|---|---|
| Memory (ingest + in-process pipeline) | 100 req/s · p50 13 ms · p99 64 ms · 3000/3000 2xx | REPORT.md |
| Durable (Redis + Postgres + outbox + mock FMS) | ~30–36 req/s · p99 ~1.8–2.0 s · ~98.5% outbox recovery through 20% mock fail; ~94.7% at 50% | REPORT-durable.md |
--mock-fms + fail-rate matrix exercises retry/backoff without a live bank webhook. Drain runs while the outbox poller is alive (first matrix was discarded after that methodology bug was found).
Durability–latency trade-off: durable-path p99 reflects the cost of guaranteed delivery (Postgres write + Redis Streams publish + outbox commit). Memory-only path is 64 ms p99. This is a measured design cost, not a performance bug — do not claim sub-second gateway ingest on the durable topology.
Trust stack — confirmed vs open
Confirmed (no known drift)
- Edge extraction → partner RS256 JWT → gateway defense-in-depth → FMS / STIX / SSE
- RMiT table paragraph-cited; B1–B4 modules match the runtime doc
audit_events, encryptedalerts(DEK+AAD),delivery_outbox, Streams +processed_events- Measured ingest latency (memory) and outbox recovery under mock FMS failure (local Docker)
Measured trade-off (not a gap)
Durable ingest p99 ~2 s is the price of the B1–B4 path above. Publish both topologies; never collapse them into one “gateway latency” claim.
Explicitly open
| Gap | Why it matters | Owner |
|---|---|---|
| Independent VAPT letter | FI / §11 expectation; largest remaining credibility hole | Hire |
| Staging durable soak (e.g. Railway Redis+Postgres) | Local Docker ≠ multi-service deploy proof | Engineering |
XAUTOCLAIM PEL sweep | Replica crash mid-handler leaves stuck Streams entries | B5 |
| Audit write batching | 1 INSERT/event fine for pilot; limits harder load | B5+ |
| Bank FMS acceptance | Live webhook + disposition policy | Partner-gated |
Claims we make / do not make
Make
- Edge-first, advisory mule-fraud telemetry for Malaysian typologies
- Measured extraction gate on clean Tier-1 account/BIC fields
- Hardened gateway with durable optional path (Redis + Postgres + outbox)
- Load numbers with topology stated (memory vs durable)
Do not make (yet)
- “BNM-compliant” / “RMiT-certified”
- Absolute “zero PII egress”
- Sub-second durable gateway ingest
- Cross-bank corroboration / automated freeze
- That public / WhatsApp reports feed bank FMS or corroboration (ADV-005 quarantines them until partner or analyst promotion)
- Production readiness without VAPT + FI acceptance
Recommended next moves (priority order)
- Commission VAPT — engagement brief is ready for provider RFP; goal is an external CISO letter
- Railway (or equivalent) durable soak — same mock-FMS matrix against staging
LOAD_TEST_URL(harness in PR #14) - B5
XAUTOCLAIM— close the documented Streams PEL gap (also called out as V-11 in the VAPT brief) - Partner sandbox — real FMS webhook acceptance (only step that requires a bank)
Document map
| Need | Read |
|---|---|
| This summary | You are here |
| VAPT RFP / kickoff | VAPT engagement brief |
| CISO pack | Security & compliance |
| Regulatory mapping | RMiT mapping |
| Data foundations | Phase B0 |
| Durable runtime | Phase B1–B4 |
| Advisory posture | Advisory contract |
| Latency proof | Load-test · Durable soak |