Evidence Execution
session: detached
Runtime readinessFAIL_CLOSED

Runtime/HSM evidence is required; execution remains fail-closed until the backend proves readiness.

UI_READY
YES
RUNTIME_READY
NO - UNAVAILABLE
HSM_PROOF_READY
NO - NOT_CONFIGURED_OR_NOT_PROVEN
PRODUCTION_READY
NO
Fail-closed reason
runtime_or_hsm_evidence_required
Registration modeloadingPolicy is read from the server.
Email gaterequiredAPI keys stay blocked until email is verified.
Session planecookie + CSRFMutations require a server CSRF token.
Company authorityinvite onlyWorkspace roles do not grant admin/root authority.

Scoped User Route · Evidence Before Trust

Sovereign Execution Workspace

Run governed requests, bind outputs to capsule and HSMD evidence, and verify every result before trust is granted. This route cannot approve root claims, alter governance, or bypass evidence gates.

Identity & ScopeUser-boundsession, CSRF, project scope
Governed ExecutionGate-boundnative adapter remains fail-closed when detached
Capsule EvidenceRequiredrequest output must be sealed before trust
HSMD BindingConsume onlyoperator-admitted receipts only
Security TraceReviewablelineage and boundary status visible

Create user route

first capsule lineage

Registration creates an app-plane identity only. It does not grant admin, root, or direct native runtime authority.

Enter workspace

session + CSRF sealed

Every mutation is tied to a server-side session, CSRF token, and user action trace.