Access Control
Access Owner Decision
This public mirror turns access readiness into owner decision branches: keep access human-reviewed, record protected review evidence, start a controlled access pilot later, or enable role sync only after proof. It publishes aggregate branch, proof, consent, approval-guard, and safety counts only. OAuth, provider calls, database writes, approvals, expiry changes, grants, role sync, private-scope prompts, and private EVE data remain gated.
Public intake can remain live while approvals, grants, expiries, and role sync stay protected.
1 branch stays blocked by owner proof.
Review actions and packet exports stay behind protected human review.
Private scopes stay feature-specific and previewed before provider redirect.
Approved and active access require a future expiry before protected save.
No proof target starts OAuth, calls providers, writes data, grants access, or syncs roles.
0 private scope(s) are required for basic sign-in.
No protected admin routes, private packet bodies, or separate-project account details are exposed.
Access Decision Brief
Access owner decision brief: Keep Access Human Reviewed, protected review routes 5, consent plans 8. This browser-local brief packages public access readiness counts, owner branch counts, proof targets, approval guard counts, consent plan counts, and safety boundaries while live access decisions, expiries, grants, role sync, private-scope prompts, private EVE data, provider calls, and database writes remain excluded.
Copy, download, or save the public-safe access decision packet locally.
Raw requests, reviewer notes, grant state, role sync, and private EVE data stay excluded.
No server-side save, provider call, EVE call, database write, grant, or role sync occurs.
Approvals, expiries, grants, role sync, and private-scope prompts remain locked.
Keep access human reviewed
Recommended while public access intake is ready and live grants remain protected.
- Public Route
- /access-readiness
- Requirements
- 3
Record protected review evidence
Available next step for clearing owner-review evidence without granting access.
- Public Route
- /owner-handoff
- Requirements
- 3
Start controlled access pilot
Available only as a controlled pilot after protected owner review records the approval path.
- Public Route
- /access
- Requirements
- 3
Enable role sync after proof
Blocked until owner role-sync policy, dry-run evidence, and rollback proof are recorded.
- Public Route
- /activation-readiness
- Requirements
- 3
Access owner decision page
Shows public-safe access decision branches without protected review rows.
- Route
- /access-owner-decision
Access owner decision JSON
Returns no-store branch, proof-target, and safety counts only.
- Route
- /api/access/owner-decision-readiness
Access readiness
Shows public intake, protected review, consent, and grant-boundary counts.
- Route
- /access-readiness
Access readiness JSON
Machine-readable readiness stays aggregate and no-secret.
- Route
- /api/access/readiness
Access request form
Collects public requests without granting access from the public surface.
- Route
- /access
Permissions
Explains first-login publicData and feature-specific private consent paths.
- Route
- /permissions
EVE SSO readiness
Keeps OAuth and private scopes gated behind feature consent.
- Route
- /eve-sso-readiness
Health JSON
Lets production smoke prove the Access owner-decision mirror stayed public-safe.
- Route
- /api/health
Public Boundary
Public Access owner-decision readiness exposes decision branch labels, recommended branch state, public access readiness counts, approval rehearsal counts, feature-consent counts, approval-expiry guard labels, proof target outcomes, public route labels, and no-side-effect booleans only. It does not expose raw access request rows, protected review packets, protected route bodies, character labels, contact values, Discord handles, evidence URLs, reviewer notes, access grant state, role-sync payloads, provider credentials, EVE tokens, private EVE data, account data, private logs, provider cookies, or separate-project account details, and it does not start OAuth, call EVE or CCP, trigger providers, write database rows, approve access, change expiries, grant access, sync roles, prompt private scopes, or mutate data.
