Owner: Robert Taylor (Eng) · Department: Engineering · Status: Live · Version: 1.0
Effective Date: 2026-06-13 · Last Reviewed: 2026-06-13 · Next Review Date: 2026-09-13
Source of Truth: this page · Maturity: 2 (Draft)
Kill a compromised/invalid seal.
⚠ CRITICAL CURRENT-STATE (Gate 6): seal revocation is modeled but has NO write-path in code (
revoked_at/reason/bycolumns +SealStatus.REVOKEDexist and the verifier reads them, but nothing sets them — backend-truth audit §10.4). Revocation is not self-service today. Until an endpoint exists, revocation is an engineering escalation: an engineer must set the revocation fields directly (with audit) and bust the 60s verify cache.
A POST /seals/{id}/revoke endpoint + cache invalidation + a ComplianceAuditLog write. Tracked as an engineering gap.
Playbooks index · SOPs · Reference · Home