Create user route
first capsule lineageRegistration creates an app-plane identity only. It does not grant admin, root, or direct native runtime authority.
Scoped User Plane · No Global Authority
Sovereign User Execution Workspace for governed XPScerpto requests.
Users can create scoped capsules, request native-runtime-gated operations, verify evidence, and manage limited API keys. This plane never receives root authority, never owns the hardware truth source, and never pretends a detached runtime is real.
Enter workspace
session + CSRF sealedEvery mutation is tied to a server-side session, CSRF token, and user action trace.