{
    "product": "Faciotech Business Platform",
    "security": {
        "public_scope": "This discovery layer intentionally publishes product and API metadata only.",
        "excluded": [
            "internal agent instructions",
            "admin-only implementation notes",
            "customer data",
            "tenant secrets",
            "staging or infrastructure details",
            "private operational runbooks"
        ],
        "controls": [
            "tenant-authenticated APIs",
            "role and permission checks",
            "2FA and conditional access for admin surfaces",
            "audit logging",
            "tenant-scoped module entitlements",
            "sanitized public OpenAPI examples"
        ]
    },
    "auth": {
        "tenant_api": "Tenant-authenticated API access with permissions and module entitlements.",
        "admin": "Admin surfaces are protected by authentication, 2FA-capable flows, conditional access, and permission checks."
    },
    "responsible_use": [
        "Do not attempt to enumerate tenants, users, customers, staging hosts, or admin-only paths.",
        "Do not treat public metadata as authorization to call tenant APIs."
    ]
}