CapitalGuard

Methodology · version 1.0.0

Scores that can survive scrutiny.

CapitalGuard separates documented controls, verified vulnerabilities, reproducible synthetic tests, and product claims. Evidence can raise a score. Marketing cannot.

Non-negotiable claim boundary

A Public-Control Score measures publicly documented control coverage. It is not a penetration test, breach rate, safety certification, endorsement, or guarantee.

Five dimensions

One hundred possible points.

1

Access and scope transparency

How clearly official material explains what the tool can read, retrieve, index, or inherit.

Maximum 20 points

2

Data and retention controls

How clearly users can understand and control history, training use, retention, sharing, and deletion.

Maximum 20 points

3

Connector and permission controls

How specifically official material documents connected services, scopes, revocation, and least privilege.

Maximum 20 points

4

Action, approval, and isolation controls

How clearly the product documents approvals, write boundaries, sandboxing, network access, and consequential actions.

Maximum 20 points

5

Audit and administrative evidence

How much official material describes logs, policy enforcement, provenance, signed activity, or administrator review.

Maximum 20 points

Scoring ladder

Documentation earns every point.

Reviewers score the material available on the review date. Missing public evidence is recorded as missing, not guessed from product reputation.

0

No relevant official documentation located

1–5

Generic description with little operational detail

6–10

Named user setting or boundary with limited scope detail

11–15

Concrete controls plus meaningful operational boundaries

16–20

Detailed scope, enforcement, revocation, isolation, or audit evidence

Synthetic benchmark

Reproduce the detection contract safely.

The public harness verifies inert markers in a synthetic repository. It does not execute a command, exploit a vendor, contact a network, or scan customer material.

pnpm run observatory:benchmark

Fixture paths are confined to fixtures/observatory/synthetic-repo.

Every marker maps to one or more CapitalGuard Standard 1.0.0 controls.

The harness computes SHA-256 digests for fixtures and the canonical run result.

A passing fixture proves harness behavior only; it does not prove a vendor product is safe.

Standard Test Vectors

Source policy

Vendor documentation, vendor advisories, government records, recognized standards, and primary research. Secondary claims cannot establish a score alone.

Change control

Daily checks compare official-source hashes. Changes are flagged for human review; interpretations and scores remain versioned until reviewed.

Corrections

Material corrections create a changelog entry, update affected records and exports, and preserve the version history instead of silently rewriting it.

Use the evidence

Inspect a record, then protect the real scope.