<!-- SPDX-License-Identifier: CC-BY-SA-4.0 -->
<!-- Copyright 2026 Saro -->

# Pre-Adapter Readiness Matrix

This matrix tracks whether the current implementation is ready for review before any future adapter work. `ready-for-review` means local invariants and gates exist; it does not mean production-ready.

| Category | Status | Evidence | Remaining risk | Next action |
| --- | --- | --- | --- | --- |
| compiler | ready-for-review | profile generation, seed stability, hash mutation, validation tests | future compiler changes may collapse diversity | keep corpus and mutation gates mandatory |
| profile validation | ready-for-review | unsupported policies and bounded limits rejected | schema expansion needs new validators | require tests for each new policy |
| framing | ready-for-review | round trip, malformed, oversized, cross-profile checks, fuzz tests | generated grammars may need more edge cases | expand corpus on grammar changes |
| stream semantics | ready-for-review | stream limit, terminal state, flow-control, backpressure gates | future concrete adapters may add concurrency pressure | keep stream adversary gates mandatory |
| proxy semantics | ready-for-review | synthetic target registry, proxy adversary scenarios, target isolation gates | synthetic targets are not real destinations | model adapter descriptors separately |
| carrier abstraction | ready-for-review | envelope validation, reconstruction, queue/retry/reorder gates | abstract models are not real carriers | keep adapter boundary tests separate from carrier models |
| security context | ready-for-review | transcript binding, key schedule, nonce, replay, downgrade, config hygiene gates | no production key exchange yet | design key exchange separately |
| runtime session lifecycle | ready-for-review | role validation, lifecycle, capability, compatibility, in-memory link gates | no real socket session manager | keep adapter boundary mapping tests mandatory |
| adapter interface architecture | ready-for-review | adapter config, capability, lifecycle, runtime boundary, backpressure, trace hygiene, and mutant gates | concrete network adapters are not implemented | keep contract tests mandatory |
| deterministic local adapter prototype | ready-for-review | memory ingress/egress adapters, deterministic source/sink models, runtime integration, sequence checks, backpressure gates, local adapter mutants, and generated parity | still in-memory only; no socket, packet, proxy, or VPN adapter | build deterministic byte transport harness next |
| deterministic byte transport harness | ready-for-review | byte frame encode/decode, fragmentation/reassembly, bounded byte pipe, sequence checks, corruption rejection, byte transport mutants, and generated parity | still uses deterministic in-memory byte pipe only | keep byte transport gates mandatory |
| byte-path fixtures and parity | ready-for-review | golden fixture manifest, malformed byte corpus, parity report, fixture drift gates, fixture hygiene scanner, and generated bytepath tests | freezes safe metadata only; not raw packet captures or production wire behavior | use as baseline for feature corpus and wire-shape evaluation |
| protocol feature corpus | ready-for-review | abstract corpus schema, taxonomy validation, entry coverage, corpus hygiene, and M19 audit gates | feature corpus is abstract and not a classifier or generator | keep corpus validation mandatory before wire-shape work |
| wire-feature extraction and baselines | ready-for-review | first-N packet-shape model, feature vectors, corpus comparison, collapse scanner, golden baselines, and generated parity | feature vectors are derived from deterministic fixtures only | use as baseline for wire-shape generator design |
| wire-shape generator | ready-for-review | deterministic wiregen policy sampler, profile `wire_shape` section, bytepath application, expected feature matching, golden fixtures, collapse scanner, audit gates, and generated parity | deterministic fixture model only; not a classifier or live traffic evaluator | use as input to wire evaluation and classifier dataset harness |
| wire evaluation and classifier dataset harness | ready-for-review | wireeval dataset records, deterministic CSV/JSONL exports, train/test/OOD splits, synthetic controls, drift checks, classifier-readiness gates, and generated parity | offline dataset harness only; no production classifier training or live captures | use as input to host-based detection resistance modeling |
| host-based detection resistance | ready-for-review | synthetic host observations, assignment modes, timeline windows, confidence scoring, resistance metrics, collapsed controls, fixture drift checks, and generated parity | synthetic hosts only; no real endpoint telemetry or classifier training | use as input to relay churn and fleet lifecycle modeling |
| relay churn and host rotation modeling | ready-for-review | synthetic relay lifecycle states, profile assignment, churn schedules, migration events, burn-risk scoring, collapse controls, fixture drift checks, and generated parity | synthetic fleet model only; no real hosts, deployment system, or infrastructure orchestration | use as evidence before concrete local proxy ingress design review |
| concrete local proxy ingress design review | ready-for-review | proxy ingress request contracts, target descriptor safety, capability mapping, runtime mapping, lifecycle integrity, failure-mode matrix, misuse controls, fixture drift, and generated parity | review model only; no concrete ingress runtime adapter | use as input to deterministic local proxy ingress prototype |
| deterministic local proxy ingress prototype | ready-for-review | synthetic CONNECT-like request events, target binding, runtime stream mapping, bounded queues, backpressure, error/reset isolation, collapse controls, fixtures, and generated parity | deterministic in-memory prototype only; no socket listener or public network adapter | keep M26 adversarial hardening gates mandatory |
| proxy ingress adversarial parity and hardening | ready-for-review | adversarial corpus, descriptor-abuse rejection, lifecycle/pressure hardening, reset/error isolation, mapping collapse controls, fixture drift, trace hygiene, M26 mutants, generated parity, and readiness reporting | deterministic local ingress only; no egress bridge yet | keep `localproxyingressadv` gates mandatory |
| adaptive path model and candidate taxonomy | ready-for-review | candidate family taxonomy, synthetic condition fixtures, freshness/uncertainty buckets, viability reports, decision inputs, misuse detection, fixture drift, trace hygiene, M27 mutants, and generated parity | taxonomy only; no path racing, probing, scoring, or bundle generation | use as input to generated transport bundle compiler |
| generated transport bundle compiler | needs-work | adaptive path decision inputs exist | bundle compiler is not implemented | design Milestone 28 |
| path racing and short-lived scoring harness | needs-work | candidate freshness and uncertainty fields exist | no racing, scoring, or active path selection yet | design Milestone 29 |
| continuous health monitoring and failover model | needs-work | synthetic observations and viability reports exist | no monitoring loop or failover model yet | design Milestone 30 |
| carrier-family design reviews | needs-work | carrier taxonomy and adaptive candidate families exist | family-specific design reviews are not written | design Milestone 31 |
| safe measurement-client design and privacy review | needs-work | trace hygiene and synthetic observation discipline exist | no measurement client design or privacy review yet | design Milestone 32 |
| local proxy egress and relay bridge model | needs-work | adapter, runtime, ingress, and adaptive path layers provide prerequisites | needs a separate trace-safe egress contract and bridge model | design Milestone 33 |
| end-to-end local proxy pipeline | needs-work | partial evidence from adapter, local adapter, byte transport, local proxy ingress, and adaptive path layers | full ingress-to-egress local proxy pipeline is not implemented | design Milestone 34 |
| production integration readiness review | needs-work | hardening and readiness gates exist | production integration review is not complete | design Milestone 35 |
| Android client architecture review | needs-work | adapter boundaries and trace hygiene models exist | Android architecture is not designed | design Milestone 36 |
| classifier/DPI evaluation | needs-work | explicitly out of current implementation | requires separate methodology and fixtures | design after wire-shape generator baselines are stable |
| concrete network/proxy/VPN adapters | needs-work | explicitly out of current implementation | requires separate threat model, protocol review, and adapter-specific tests | wait until local proxy ingress and egress prototypes are hardened |
| generated backend parity | ready-for-review | codegen audit, source scanner, generated hardening tests | generated code still uses shared helpers | continue scanner expansion |
| trace hygiene | ready-for-review | structured scanner rejects secret/payload markers and leak flags | new trace fields may need allowlist updates | run hardening gate after trace changes |
| resource bounds | ready-for-review | frame, stream, session, queue, target, envelope, adapter flow, and adapter buffer bounds tested | concrete adapter buffers may differ | mirror adapter limits in future implementations |
| panic safety | ready-for-review | `MustNotPanic` wrappers and fuzz tests for critical decoders | coverage is representative, not exhaustive | add wrappers for new parsers |
| API misuse resistance | ready-for-review | nil/zero/unknown/oversized/malformed misuse checks | public APIs may expand | add contract tests with each API |
| concurrency/race prep | ready-for-review | nonce/replay concurrent checks and race-test advice | most runtime pieces are deterministic single-session models | run `go test -race ./...` before adapter work |
| documentation | ready-for-review | KIP-0020, README, STATUS, docs site updates | docs can drift | update docs with every new command/gate |