✅ Unauthorized access → fail-closed 401 before any origin hop (timing-safe secret compare).
✅ Unmapped enforced route → fail-closed 403 (never silently proxies an unscoped /v1 route).
✅ Over-quota / meter-down → fail-closed (request costs $0, never bills past entitlement).
✅ KV burst-limiter blip → fail-open (never locks out a paying caller).
✅ Page XSS/clickjacking → strict CSP (default-src 'none', zero JS), X-Frame-Options DENY, HSTS.
⚠️ x402 settlement → delegated to the WAVE hub; on-chain amount/recipient/replay enforced there (task #10).
☐ Entitlement mirror → enforced only once the per-org KV sync job ships (task #9).
☐ Full 823-route scope table → stubbed to known scopes today (task #6).