Graph Kernel Security Hardening — Project Charter

**Version**: 1.0.0 **Created**: 2026-01-02 **Status**: Locked **Authority**: Master Implementation Constitution (CLAUDE.md) Make the Graph Kernel's security guarantees **impossible to bypass**, **cheap to verify**, and **easy to reason about when things go wrong**. This project exists to eliminate three classes of failure: 1. **Bypass**: Code paths that skip verification because it's too expensive 2. **Confusion**: Unclear boundaries between admissible and non-admissible evidence 3. **Opacity**: Incidents that require manual log archeology to diagnose **Falsifiability**: The project succeeds when: - Every promotion pipeline physically cannot accept non-admissible evidence (type system enforces it) - Token verification has < 5ms p99 latency with caching enabled - Slice boundary violations trigger alerts within 60 seconds with full provenance context This project will **NOT**: - Change the core slicing algorithm or policy framework - Redesign the HMAC token scheme (current HMAC-SHA256 is sufficient) - Add new slice expansion modes or phase weights - Build a UI or dashboard (observability is metrics + alerts only) - Optimize slice generation performance (current ~45ms is acceptable) - Change the external API contract (only add optional fields for provenance)