Production-ready deployment
NOT CLAIMEDPRODUCTION_READY=NO
Evidence-first Visual Truth Interface
XPScerpto ist ein gesteuertes souveränes Kryptografie-Infrastrukturportal. Diese Startseite zeigt Nachweise, aktuelle NO-Flags, Produktsurfaces und gate-gebundene Security-Posture vor Claim-Sprache.
Truth gate
Claims are displayed only when a gate, report or source is linked. NO flags remain visible.
Explicit NO flags
The public website does not soften or hide missing external evidence.
PRODUCTION_READY=NO
LIVE_EXTERNAL_IMAP_MAILBOX_VERIFIED=NO
evidence required per module
no real mailbox credentials provided
Product surfaces
Each card links to an actual route and uses real local screenshots after browser replay.
Scoped user workspace for projects, capsules and bounded requests.
Governed editorial, evidence, runtime and deployment control plane.
Admin correspondence operations with live IMAP truth boundary preserved.
Public proof plane for reports, runtime truth and closure evidence.
Local/VPN/hardware-gated root authority outside normal admin power.
Architecture, authority model, threat model and validation policy.
Evidence Center preview
Unavailable values remain unavailable; missing artifacts are not fabricated.
unavailableunavailableunavailableunavailableunavailableunavailableunavailableDeployment identity
The deployment fingerprint endpoint remains the source of truth for live identity.
9b0d4ba89dac0dc5058cbff3d6884e606073726abce43464a7728f124aebf1d819aac1f1e849b723ab38d38bunavailableunavailableruntime_treeunavailablenot production-ready; evidence-first public surfaceSecurity / integrity posture
Security cards point to the corresponding route, API or service-worker source.
Operational timeline
Timeline entries avoid unsupported closure language.
Mobile installable web shell
The mobile shell may cache only public UI assets and safe public shells. Admin, correspondence, evidence, live IMAP status, API responses, cookies, CSRF tokens, message content, raw MIME, and attachments remain network-only/no-store.
P6.9.4-WEB-PWA-ADMIN-OPERATIONS-TRUTH-GATED
Eine souveräne Startseite für Plattformarchitektur, Autoritätsgrenzen, Nutzer-/Admin-/Root-Ebenen und Nachweise ohne externe Abhängigkeiten oder ungeprüfte Produktionsbehauptungen.
HSMD / HSM Evidence Gate
A dedicated hardware-trust admission section that keeps HSM/PKCS#11 inside XPScerpto authority and evidence boundaries.
HSMD places HSM and PKCS#11 in a strict admission path: discovery, fingerprinting, challenge-sign verification, receipt binding, drift monitoring, then scoped admission or fail-closed rejection.
Identify providers and slots without granting ambient trust.
Bind slot, provider and policy identity beyond a file path.
Verify a live cryptographic response from the expected hardware path.
Record an auditable admission receipt.
Provider, slot or identity drift returns the claim to fail-closed.
Domains consume only the admitted claim within explicit authority boundaries.
Configuration is not evidence.
It is not real HSM proof.
Testing only; never a live trust claim.
Old receipts or unresolved drift fail closed.
Module Constellation
The homepage shows the platform as a governed system, not as disconnected feature cards.
public boundary and provider closure
authority-gatedHWruntime intelligence authority
evidence-admission gateHSMDHSM / PKCS#11 evidence admission gate
HW-authorized onlySIMDsealed execution route
truth-gatedVeloSeal64demo-capable unit surface
evidence-firstIntegrity Fabricseal, transcript and evidence story
not final productionPQCpost-quantum fabric status
status-onlyFHEfoundation/status posture only until real engine closure
gatedRuntimenative adapter gate
Studio-grade control plane
A production-style interface for public review, editorial control and evidence inspection.
backend_real is separated from native_runtime_attached and production_ready.
Pages, blocks, SEO, language content, navigation, footer, theme and evidence are governed from /admin.
A backend-backed demonstration emits JSON evidence without claiming native C++ attachment.
Strong public narrative with clear limits: presentation-ready, not technical-audit-final.
Evidence Wall
The page foregrounds what is proven, gated, or explicitly not production-ready.
Authority lineage
Public, app, admin and root-control are intentionally split to prevent governance collapse.
Separated Control Planes
The landing page now explains which plane can do what and which powers are intentionally absent.
read-only pages, evidence, docs and truthful runtime banners
SCOPED_SANDBOX_AUTHORITYUser Workspacescoped capsules and bounded live-demo requests
OPERATIONS_GOVERNANCE_AUTHORITYAdmin Controleditorial workflow, evidence manager and runtime governance view
LOCAL_ROOT_RELEASE_AUTHORITYRoot-Controllocal/VPN/hardware-gated release authority, not normal admin power
Evidence-first UI
The portal renders truth, lineage, capsules and rejection state before marketing claims.
Homepage Readiness Dossier
A sovereign front page must sell confidence without lying about runtime proof.
Home, sovereignty, architecture, modules, security, performance, evidence, EU readiness, docs and contact.
Hero, authority chain, module constellation, evidence wall and plane map are visible without scrolling through admin-only context.
No CDN, no external font, no remote script and no third-party visual dependency.
REAL_NATIVE_RUNTIME_EXECUTION remains gated until the native adapter exists.
Authority visual
Dieses Portal trennt den realen Python-Backendbetrieb vom nativen C++-Runtime. Aussagen bleiben durch Nachweise und den Runtime-Truth-Contract begrenzt.
External facts enter through the public/backend boundary only.
Native runtime is not asserted unless the configured probe and evidence allow it.
SIMD/VeloSeal64/Integrity/PQC pages consume evidence-bound status, not local claims.
Public proof panels read from the evidence manager and runtime truth contract.
No unproven production claim
production_ready is computed from native runtime attachment plus qualifying evidence; it is not an editorial toggle.
Evidence-first UI
Echte native Ausführung oder explizites Fail-Closed
Projekte, API-Schlüssel, Kapseln und Audit-Spuren
Projekt-Datensätze pro Nutzer für Ausführungsgruppen.
Jede Annahme oder Ablehnung erzeugt eine verifizierbare Kapsel.
Scoped Keys tragen explizite Rechte und Quoten.
Öffentliche Nachweise ohne Produktionsübertreibung
Runtime Truth, Asset-Seals, Sprachparität, Security-Chain und Deployment Readiness werden als prüfbare Berichte offengelegt.