⚠️ This page has been superseded.
The DaemonEye Security Design Overview was duplicated across two Confluence pages. As of 2026-04-26 there is one canonical version, with this page retired to remove the source-of-truth ambiguity.
For the security design itself: see DaemonEye Security Design Overview (page id 1802346, under the Architecture section). It is the more comprehensive of the two — covers the same Component Security Design, Threat Model, Cryptographic Framework, NIST SP 800-53 mappings, and US Government ISSO Considerations as this page, plus additional NIST families (Maintenance, Risk Assessment) and Footnotes that this page lacks.
For the honest current-state implementation status (which features are Implemented vs In Progress vs Planned, including the daemoneye-cli read/write database-access architecture violation, Merkle inclusion proof stub, and the placeholder SQL detection executor): see PRD §13 — Roadmap, Current state.
Why the consolidation: This page was a near-duplicate of 1802346 that had drifted to include paid-tier "Business Tier Data Protection Features" and "Enterprise Tier Data Protection Features" sections — those are policy-violating in the OSS context per AGENTS.md and live in the commercial repo / private Confluence pages instead. Rather than maintain two parallel security-design pages with subtle drift, the canonical version is held at 1802346 and the implementation-status truth lives in the PRD.