Diagram 04 · Trust Handoffs

Cross-Boundary Integration

MuleSoft is the broker. Every call between accredited boundaries flows through it. Each edge labeled with its trust mechanism.

CROSS-BOUNDARY BROKER MuleSoft Anypoint every call between boundaries passes through here named credentials · mTLS · JWT pass-through · ABAC tag propagation policy enforcement point · obligations applied · per-call audit deployed inside Game Warden · PCE required at IL5+ SOVEREIGN CRITICAL PATH Boundary 01 · Game Warden · sovereign critical path Sponsor 360 + Lumbra Nebula + Sovereign Pipeline + AI containers + ABAC + MuleSoft all run here SF Sponsor 360 LWC · UI gateway in-enclave session LUMBRA Lumbra Nebula high-side agentic AI orchestrator · guardrails in production on C2S DATA Sovereign Pipeline data ingestion + processing Airbyte · Airflow · Unstructured.io Snowflake ELT · Elastic 3P · MODELS AI Model Pool in-enclave containers Gemini · Llama · Cohere ABAC ABAC Services ACDS · PAP · VDE · Locksmith MuleSoft calls ACDS for every call Boundary 02 · Salesforce Government Cloud Plus single tenant · US citizen administered SF Mission CRM Sales Cloud · workflow OS Records · Flow · Apex Salesforce Shield · PEP sharing · field encryption · BYOK Event Monitoring stream Backup & Restore point in time · multi-region AP Boundary 04 · Snowflake Snowflake Government · IL5 GovCloud · data warehouse 3P Snowflake · PEP data warehouse row + column policies Boundary 03 · Elastic Private SaaS search · obs · SIEM 3P Elastic Cloud · PEP hybrid search · Kibana document-level security Customer-owned · ITSM + Identity preserved · MuleSoft-mediated AUTH Identity Provider PIV / CAC · OIDC source ServiceNow customer ITSM · incidents · change Optional · External AI APIs customer-permitted egress only AWS Bedrock Claude · Anthropic · GovCloud Vertex AI Gemini managed · Google Cloud UI calls (intra-boundary) agent data + egress calls MuleSoft calls ACDS per call CRM writes named creds · mTLS · JWT Event Monitoring stream OAuth + key-pair · mTLS API key + mTLS · doc ABAC CDC event · MuleSoft-mediated OIDC + JWKS · attribute pull incidents · change records customer-permitted external egress TRUST MECHANISMS Named Credentials Salesforce-managed cert + secret rotation mTLS ACM-managed certs both directions JWT pass-through operator identity propagates ABAC propagation attrs attached per request Per-call audit