The point about the gateway operating on the envelope while the problems live in the letter lines up with what I keep hitting: by the time the messages array is assembled, the 60,000 line CI log and the leaked Authorization header are already baked in, so routing-layer inspection is too late. The audit gap you describe is the one that bites hardest for me, since reconstructing the exact assembled context three sessions later is impossible once the component sources have changed underneath you. Are you capturing the assembled payload as an immutable snapshot at the assembly layer, and if so how do you keep secrets out of that stored copy?
The point about the gateway operating on the envelope while the problems live in the letter lines up with what I keep hitting: by the time the messages array is assembled, the 60,000 line CI log and the leaked Authorization header are already baked in, so routing-layer inspection is too late. The audit gap you describe is the one that bites hardest for me, since reconstructing the exact assembled context three sessions later is impossible once the component sources have changed underneath you. Are you capturing the assembled payload as an immutable snapshot at the assembly layer, and if so how do you keep secrets out of that stored copy?