%% CapBan — security as a typed pipeline, not a bolt-on. Dangerous capability
%% (firewall mutation) confined to one idempotent, validated seam.
flowchart LR
E["Event<br/>(typed at the boundary)"]
I["Normalized Identity"]
POL["Policy<br/>allowlist → denylist → score"]
D["Decision<br/>carries its evidence"]
EN["Enforcement<br/><b>single confined seam</b><br/>idempotent · validated · no shell"]
A["Audit<br/>structured JSON → SIEM"]
NFT[("nftables / k8s<br/>(only reachable here)")]
E --> I --> POL --> D --> EN --> A
EN -->|"idempotent apply"| NFT
Capban Pipeline
Content source: Canonical Unit · canon/diagrams/capban-pipeline.mmd · Canonical source: canon/diagrams/capban-pipeline.mmd
Incoming References
Case Study 1
- CapBancase-capban
Law 1
- Security Is a Property, Not a Featurelaw-03-security-is-a-property
Projection 3
- Talk 0004 Systems In The Smalltalk-0004-systems-in-the-small
- Talk 0004 Systems In The Small Notestalk-0004-systems-in-the-small-notes
- Talk 0004 Systems In The Small Slidestalk-0004-systems-in-the-small-slides