ADCG's security model is built on isolation, verification, and zero implicit trust. Every component assumes it could be talking to a compromised peer.
All external submissions enter through the DMZ zone. There is no alternative path:
Tenant isolation is enforced at the PostgreSQL level:
tenant_id is set from the authenticated session, not from request parametersTwo authentication mechanisms:
Bearer Token (External)
Authorization: Bearer <api-key>
X-Tenant-ID: <tenant-id>
HMAC Signing (Service-to-Service)
| Boundary | Enforcement |
|---|---|
| DinD → Host/Core | No network route. DinD containers have no DNS resolution for core services. |
| DinD → Internet | No outbound NAT. Containers cannot make external requests. |
| DMZ → Host/Core | One-way message queue only. DMZ cannot query core databases or APIs. |
| External → Host/Core | API gateway only. No direct database or service access. |
All sensitive credentials are hashed before storage:
Security-relevant events (authentication failures, RLS violations, policy changes, approval chain completions) are logged to a separate security audit table with the same immutability guarantees as the evidence store.