{"ok":true,"checkedAt":"2026-06-02T19:12:11.147Z","profileVersion":"moral-trade-incident-response-v0.1-2026-05","purpose":"Public incident-response and disclosure-lane contract for privacy, security, payment-provider, evidence-integrity, unsafe-disclosure, availability, and copilot-output incidents.","validation":{"status":"pass","validatorName":"moral-trade-incident-response-profile","validatorVersion":"moral-trade-incident-response-validator-v0.1","profileVersion":"moral-trade-incident-response-v0.1-2026-05","checks":[{"id":"intake-channels","label":"Incident intake channels","status":"pass","evidence":"safety_page_report, privacy_data_request, admin_console_report, provider_alert, validator_health_blocker"},{"id":"incident-categories","label":"Incident categories and owners","status":"pass","evidence":"privacy_leakage, security_control_failure, payment_provider_error, evidence_integrity_issue, unsafe_matching_or_disclosure, availability_route_failure, copilot_output_violation"},{"id":"severity-levels","label":"Severity levels and response SLAs","status":"pass","evidence":"sev0_active_sensitive_exposure:1h, sev1_control_or_payment_failure:4h, sev2_review_integrity_issue:24h, sev3_service_degradation:72h"},{"id":"response-phases","label":"Response phases cover containment, notice, public aggregates, and validator updates","status":"pass","evidence":"triage_and_severity, containment_and_pause, affected_participant_notice, provider_escalation, root_cause_and_correction, public_aggregate_update, validator_and_backlog_update"},{"id":"disclosure-rules","label":"Disclosure rules stay participant-scoped and privacy-safe","status":"pass","evidence":"affected_participant_notice_required, public_aggregate_only, no_private_details_in_public_postmortem, validator_blockers_linked, human_review_before_reopening"},{"id":"readiness-gates","label":"Incident readiness gates reference known response phases","status":"pass","evidence":"trust_badge_incident_lane->triage_and_severity+containment_and_pause+public_aggregate_update+validator_and_backlog_update, paid_action_incident_lane->triage_and_severity+containment_and_pause+affected_participant_notice+provider_escalation+root_cause_and_correction, copilot_assist_incident_lane->triage_and_severity+containment_and_pause+root_cause_and_correction+validator_and_backlog_update"},{"id":"public-non-claims","label":"Public non-claims prevent incident-response overclaiming","status":"pass","evidence":"Moral Trade does not claim 24/7 staffed security operations. | Moral Trade does not claim zero incidents or zero residual security risk. | Moral Trade does not publish raw private wishes, source notes, contact details, payment secrets, or provider payloads in public incident summaries. | Moral Trade does not treat incident-response publication as proof that MFA, device/session review, key rotation, or field-level encryption are complete."},{"id":"incident-tests","label":"Incident-response test hooks","status":"pass","evidence":"incident_response_profile_validator, incident_readiness_gate_audit, incident_privacy_boundary_smoke, incident_health_route_contract_smoke, security_profile_incident_lane_smoke, technical_spec_incident_response_smoke"},{"id":"sample-readiness-audits","label":"Sample readiness gates execute","status":"pass","evidence":"trust_badge_incident_lane:pass, paid_action_incident_lane:pass, copilot_assist_incident_lane:pass"}],"blockers":[]},"publicContract":{"intakeChannels":["safety_page_report","privacy_data_request","admin_console_report","provider_alert","validator_health_blocker"],"incidentCategories":[{"key":"privacy_leakage","owner":"privacy_reviewer"},{"key":"security_control_failure","owner":"security_reviewer"},{"key":"payment_provider_error","owner":"payment_reviewer"},{"key":"evidence_integrity_issue","owner":"evidence_reviewer"},{"key":"unsafe_matching_or_disclosure","owner":"safety_reviewer"},{"key":"availability_route_failure","owner":"operations_reviewer"},{"key":"copilot_output_violation","owner":"copilot_reviewer"}],"severityLevels":[{"key":"sev0_active_sensitive_exposure","responseSlaHours":1,"notificationSlaHours":24},{"key":"sev1_control_or_payment_failure","responseSlaHours":4,"notificationSlaHours":48},{"key":"sev2_review_integrity_issue","responseSlaHours":24,"notificationSlaHours":120},{"key":"sev3_service_degradation","responseSlaHours":72,"notificationSlaHours":168}],"responsePhases":["triage_and_severity","containment_and_pause","affected_participant_notice","provider_escalation","root_cause_and_correction","public_aggregate_update","validator_and_backlog_update"],"disclosureRules":["affected_participant_notice_required","public_aggregate_only","no_private_details_in_public_postmortem","validator_blockers_linked","human_review_before_reopening"],"readinessGates":[{"key":"trust_badge_incident_lane","requires":["triage_and_severity","containment_and_pause","public_aggregate_update","validator_and_backlog_update"],"readiness":{"status":"pass","gateKey":"trust_badge_incident_lane","requiredPhases":["triage_and_severity","containment_and_pause","public_aggregate_update","validator_and_backlog_update"],"blockers":[]}},{"key":"paid_action_incident_lane","requires":["triage_and_severity","containment_and_pause","affected_participant_notice","provider_escalation","root_cause_and_correction"],"readiness":{"status":"pass","gateKey":"paid_action_incident_lane","requiredPhases":["triage_and_severity","containment_and_pause","affected_participant_notice","provider_escalation","root_cause_and_correction"],"blockers":[]}},{"key":"copilot_assist_incident_lane","requires":["triage_and_severity","containment_and_pause","root_cause_and_correction","validator_and_backlog_update"],"readiness":{"status":"pass","gateKey":"copilot_assist_incident_lane","requiredPhases":["triage_and_severity","containment_and_pause","root_cause_and_correction","validator_and_backlog_update"],"blockers":[]}}],"publicNonClaims":["Moral Trade does not claim 24/7 staffed security operations.","Moral Trade does not claim zero incidents or zero residual security risk.","Moral Trade does not publish raw private wishes, source notes, contact details, payment secrets, or provider payloads in public incident summaries.","Moral Trade does not treat incident-response publication as proof that MFA, device/session review, key rotation, or field-level encryption are complete."],"incidentTests":["incident_response_profile_validator","incident_readiness_gate_audit","incident_privacy_boundary_smoke","incident_health_route_contract_smoke","security_profile_incident_lane_smoke","technical_spec_incident_response_smoke"]},"blockers":[]}