Security Validation — honest CURE surfacing

GFTCL-LION-SECURITY-001.

What the cell HONESTLY guarantees

The cell surfaces post-quantum cryptography work without claiming summit closure. MLKEMConstraint.lean and PQWalletFinance.lean are CURE-state (skeleton + algebraic tautology) — the actual ML-KEM break is Nobel-class open work on summit.mlkem.break.

The substrate CHECK enforces closes_summit = 0 on every security_validations row. The cell physically cannot lie that it closed an open summit.

What the cell DOES seal:

Conformance test outcomes (KAT match / mismatch)
Attack-test outcomes (T1–T9: pass / fail / inconclusive / refused)
Constitutional posture: outcome=attack_succeeded is signaled NEUTRAL, not BAD — a refutation is a first-class valid observation

Walkthrough

SecurityDomainPanel → tap an implementation → SecurityValidationWalkthrough opens:

1. Implementation confirmation — (impl_id, kind, version) from sealed substrate row

2. Test kind — kat_conformance / constant_time / side_channel / oracle_check

3. Outcome — pass | fail | inconclusive | refused (substrate CHECK enforces)

4. Honest scope reminder — touches_summit shown; closes_summit forced to 0

5. Witness sealed — append-only security_validations; signed quintet; broadcast permitted

Federation

NATS subject: gaiaftcl.security.validation.sealed
AlertableDomain: SecurityAlertableEvents (seedRules: conformance_match → GOOD; attack_succeeded → NEUTRAL with honest scope text)
Peer recompute: GET /federation/witnesses/{emission_id}

What stays NAMED OPEN (Nobel-class)

summit.mlkem.break — the actual cryptanalytic break of ML-KEM. The cell does NOT claim closure under any circumstances; substrate CHECK refuses closes_summit=1.
summit.pq.wallet_hardening — full PQ wallet operational seal
summit.pq.side_channel_complete — exhaustive side-channel resistance proof

Files

Lean: proof/lean/FirstRoars/MLKEMConstraint.lean (CURE), PQWalletFinance.lean (CURE)
Engine: cells/xcode/Sources/SecurityUI/SecurityEngine.swift
Panel: cells/xcode/Sources/SecurityUI/SecurityDomainPanel.swift
Alertable: cells/xcode/Sources/SecurityAlertableEvents/
Substrate: V125 pq_implementations + security_validations (CHECK closes_summit=0)

Federation cosignature: pending operator signing host (v26). Witness (sha256 of rendered body): 97223e233c630912b64d29d7a822cfd91f0bd20c4c99f0c25eb65ff8070fa513. This page serves with a substrate-honest pending-signature notice until the operator's Franklin signer cosigns it.