{
  "canon_meta": {
    "canon_id": "devon-delivery-security-canonical",
    "version": "2.0.0",
    "status": "PLANNED",
    "domain": "delivery_security",
    "master_authority": "master_architecture_index.md",
    "preserve_original_content": true,
    "canonical_layer_key": "trust_layer",
    "phase_origin": [
      "phase-08"
    ],
    "installation_order": 15,
    "primary_stage": "foundations_security"
  },
  "objective": "Define secure delivery, provenance and release integrity rules.",
  "scope": [
    "artifact_integrity",
    "build_provenance",
    "release_gates",
    "rollback_ready_state",
    "operator_approval",
    "promotion_policy"
  ],
  "evidence_model": [
    "build_record",
    "artifact_registry",
    "promotion_gate_record",
    "rollback_record"
  ],
  "approval_gate": [
    "delivery_controls_defined",
    "promotion_rules_reviewed",
    "delivery_policy_approved"
  ],
  "governance_reference": {
    "master_authority": "master_architecture_index.md",
    "primary_axis": "canonical_layer",
    "secondary_axis": "deployment_order",
    "preserve_phase_registry": true,
    "preserve_original_content": true
  },
  "canonical_layer_key": "trust_layer",
  "phase_origin": [
    "phase-08"
  ],
  "installation_order": 15,
  "primary_stage": "foundations_security",
  "security_governance_extensions": {
    "canonical_position": {
      "canonical_layer_key": "trust_layer",
      "phase_origin": [
        "phase-08"
      ],
      "installation_order": 15
    },
    "security_stage_group": "foundations_security"
  }
}
