Production-ready deployment
NOT CLAIMEDPRODUCTION_READY=NO
Evidence-first visual truth interface
XPScerpto is a governed sovereign cryptographic infrastructure portal. This homepage exposes verified evidence, current NO flags, product surfaces and gate-bound security posture before any claim language.
Truth gate
Claims are displayed only when a gate, report or source is linked. NO flags remain visible.
Explicit NO flags
The public website does not soften or hide missing external evidence.
PRODUCTION_READY=NO
LIVE_EXTERNAL_IMAP_MAILBOX_VERIFIED=NO
evidence required per module
no real mailbox credentials provided
Product surfaces
Each card links to an actual route and uses real local screenshots after browser replay.
Scoped user workspace for projects, capsules and bounded requests.
Governed editorial, evidence, runtime and deployment control plane.
Admin correspondence operations with live IMAP truth boundary preserved.
Public proof plane for reports, runtime truth and closure evidence.
Local/VPN/hardware-gated root authority outside normal admin power.
Architecture, authority model, threat model and validation policy.
Evidence Center preview
Unavailable values remain unavailable; missing artifacts are not fabricated.
unavailableunavailableunavailableunavailableunavailableunavailableunavailableDeployment identity
The deployment fingerprint endpoint remains the source of truth for live identity.
b015b55f61ee4730b9c39e483f0db08dd05d7ac9704e0446c5e9c7c420cb4e33a4903b73441fc796e6b35f9funavailableunavailableruntime_treeunavailablenot production-ready; evidence-first public surfaceSecurity / integrity posture
Security cards point to the corresponding route, API or service-worker source.
Operational timeline
Timeline entries avoid unsupported closure language.
Mobile installable web shell
The mobile shell may cache only public UI assets and safe public shells. Admin, correspondence, evidence, live IMAP status, API responses, cookies, CSRF tokens, message content, raw MIME, and attachments remain network-only/no-store.
P6.9.4-WEB-PWA-ADMIN-OPERATIONS-TRUTH-GATED
A sovereign cryptographic platform front page for architecture, authority boundaries, user/admin/root planes and evidence-first trust signals — with no external dependency and no unsupported production claim.
HSMD / HSM Evidence Gate
A dedicated hardware-trust admission section that keeps HSM/PKCS#11 inside XPScerpto authority and evidence boundaries.
HSMD places HSM and PKCS#11 in a strict admission path: discovery, fingerprinting, challenge-sign verification, receipt binding, drift monitoring, then scoped admission or fail-closed rejection.
Identify providers and slots without granting ambient trust.
Bind slot, provider and policy identity beyond a file path.
Verify a live cryptographic response from the expected hardware path.
Record an auditable admission receipt.
Provider, slot or identity drift returns the claim to fail-closed.
Domains consume only the admitted claim within explicit authority boundaries.
Configuration is not evidence.
It is not real HSM proof.
Testing only; never a live trust claim.
Old receipts or unresolved drift fail closed.
Module Constellation
The homepage shows the platform as a governed system, not as disconnected feature cards.
public boundary and provider closure
authority-gatedHWruntime intelligence authority
evidence-admission gateHSMDHSM / PKCS#11 evidence admission gate
HW-authorized onlySIMDsealed execution route
truth-gatedVeloSeal64demo-capable unit surface
evidence-firstIntegrity Fabricseal, transcript and evidence story
not final productionPQCpost-quantum fabric status
status-onlyFHEfoundation/status posture only until real engine closure
gatedRuntimenative adapter gate
Studio-grade control plane
A production-style interface for public review, editorial control and evidence inspection.
backend_real is separated from native_runtime_attached and production_ready.
Pages, blocks, SEO, language content, navigation, footer, theme and evidence are governed from /admin.
A backend-backed demonstration emits JSON evidence without claiming native C++ attachment.
Strong public narrative with clear limits: presentation-ready, not technical-audit-final.
Evidence Wall
The page foregrounds what is proven, gated, or explicitly not production-ready.
Authority lineage
Public, app, admin and root-control are intentionally split to prevent governance collapse.
Separated Control Planes
The landing page now explains which plane can do what and which powers are intentionally absent.
read-only pages, evidence, docs and truthful runtime banners
SCOPED_SANDBOX_AUTHORITYUser Workspacescoped capsules and bounded live-demo requests
OPERATIONS_GOVERNANCE_AUTHORITYAdmin Controleditorial workflow, evidence manager and runtime governance view
LOCAL_ROOT_RELEASE_AUTHORITYRoot-Controllocal/VPN/hardware-gated release authority, not normal admin power
Evidence-first UI
The portal renders truth, lineage, capsules and rejection state before marketing claims.
Homepage Readiness Dossier
A sovereign front page must sell confidence without lying about runtime proof.
Home, sovereignty, architecture, modules, security, performance, evidence, EU readiness, docs and contact.
Hero, authority chain, module constellation, evidence wall and plane map are visible without scrolling through admin-only context.
No CDN, no external font, no remote script and no third-party visual dependency.
REAL_NATIVE_RUNTIME_EXECUTION remains gated until the native adapter exists.
Authority visual
This portal distinguishes the real Python backend from the native C++ runtime. Claims remain gated by evidence and runtime truth checks.
External facts enter through the public/backend boundary only.
Native runtime is not asserted unless the configured probe and evidence allow it.
SIMD/VeloSeal64/Integrity/PQC pages consume evidence-bound status, not local claims.
Public proof panels read from the evidence manager and runtime truth contract.
No unproven production claim
production_ready is computed from native runtime attachment plus qualifying evidence; it is not an editorial toggle.
Evidence-first UI
Real native execution or explicit fail-closed state
Scoped projects, API keys, capsules and audit traces
Per-user project records for execution grouping.
Every accepted or rejected request creates a verifiable capsule.
Scoped keys carry explicit capabilities and quotas.
Public proof without production overclaim
Runtime truth, asset seals, language parity, security chain status and deployment readiness are exposed as verifiable reports.