Runtime/HSM evidence is required; execution remains fail-closed until the backend proves readiness.
UI_READY
YES
RUNTIME_READY
NO - UNAVAILABLE
HSM_PROOF_READY
NO - NOT_CONFIGURED_OR_NOT_PROVEN
PRODUCTION_READY
NO
Fail-closed reason
runtime_or_hsm_evidence_required
Registration modeloadingPolicy is read from the server.
Email gaterequiredAPI keys stay blocked until email is verified.
Session planecookie + CSRFMutations require a server CSRF token.
Company authorityinvite onlyWorkspace roles do not grant admin/root authority.
Scoped User Route · Evidence Before Trust
Sovereign Execution Workspace
Run governed requests, bind outputs to capsule and HSMD evidence, and verify every result before trust is granted. This route cannot approve root claims, alter governance, or bypass evidence gates.
Governed ExecutionGate-boundnative adapter remains fail-closed when detached
Capsule EvidenceRequiredrequest output must be sealed before trust
HSMD BindingConsume onlyoperator-admitted receipts only
Security TraceReviewablelineage and boundary status visible
Create user route
first capsule lineage
Registration creates an app-plane identity only. It does not grant admin, root, or direct native runtime authority.
Enter workspace
session + CSRF sealed
Every mutation is tied to a server-side session, CSRF token, and user action trace.
Execution control plane
authenticated user
Capsules0
API keys0
Email—
MFA—
Companies0
Trace statussealed
Boundary seal—
scoperequestnative gatecapsuleverify
Identity assurance
email + MFA + recovery
This console now exposes the real account gates: email verification before API keys, one-time password reset tokens, and MFA enrollment without granting admin/root authority.
Email verified—
MFA enabled—
Recovery codes—
Registration—
Email verification
No verification request yet.
Password reset
No reset request yet.
MFA control
MFA enrollment output is shown once.
Company workspace
roles + invites + audit
Company authority is selected explicitly. API keys are company-scoped, members are role-bound, and audit-chain state is visible without crossing into admin/root.
No company workspace selected.
Projects
Members
No members loaded.
Invites
Company API keys
Company API key is shown once.
Audit tail
No audit loaded.
Audit chain not checked yet.
Identity & project scope
scoped SaaS grouping
Projects organize runtime requests without granting global runtime or admin authority. Every project-bound request still creates a sealed capsule.
Governed request action
native-only execution gate
No request yet.
Capsule evidence result
Latest result
NO_REQUEST
Request ID
—
Capsule ID
—
HSMD receipt
—
Replay status
PENDING_REQUEST
Verification
NOT_RUN
Verification output.
HSMD Evidence
HSMD evidence can be consumed here only after operator admission. This workspace cannot enroll HSM providers or elevate trust claims. Missing, stale, mismatched, or unverifiable evidence remains fail-closed.
HSMD evidence remains fail-closed until an operator-admitted real HSM receipt is published by /admin to this user/project/capsule/request scope.