v1.1.0: Enterprise Security & Compliance Baseline

Enterprise B2B Readiness Release

This release establishes the baseline for Enterprise Procurement and technical due diligence. It contains the public, non-sensitive artifacts required for architectural review, integration planning, and security compliance.

Security & Governance Updates

• Trust Center Established: Added formal SLAs, Incident Response policies, and Data Privacy (GDPR/Zero-Retention) documentation.
• Compliance Mapping: Published SOC2 Type II and ISO27001 mapping matrix (SOC2_MAPPING.md).
• Third-Party Assurance: Included a redacted Executive Summary template for bi-annual penetration testing (PENTEST_SUMMARY_TEMPLATE.md).
• Vendor Risk Management: Added a CAIQ-Lite standard questionnaire for accelerated procurement.

API Contract & Integration (OAS3)

• Contract Hardening: Enforced Idempotency-Key headers for write operations and exposed standard X-RateLimit headers.
• API Lifecycle: Published strict deprecation and sunset policies (12-month notice guarantee).
• Automated Validation: CI/CD pipeline now enforces zero-warnings via Redocly and executes automated Mock-driven Contract Testing via Prism and Newman.

Note: Core backend repositories and cryptographic modules remain isolated and air-gapped from this public integration portal.