Access Control

Access Owner Decision

This public mirror turns access readiness into owner decision branches: keep access human-reviewed, record protected review evidence, start a controlled access pilot later, or enable role sync only after proof. It publishes aggregate branch, proof, consent, approval-guard, and safety counts only. OAuth, provider calls, database writes, approvals, expiry changes, grants, role sync, private-scope prompts, and private EVE data remain gated.

Recommended BranchKeep Access Human Reviewed

Public intake can remain live while approvals, grants, expiries, and role sync stay protected.

Decision Branches3/4

1 branch stays blocked by owner proof.

Protected Review5

Review actions and packet exports stay behind protected human review.

Consent Plans8

Private scopes stay feature-specific and previewed before provider redirect.

Approval Guard2

Approved and active access require a future expiry before protected save.

Proof Targets8

No proof target starts OAuth, calls providers, writes data, grants access, or syncs roles.

First LoginpublicData

0 private scope(s) are required for basic sign-in.

Public MirrorReady

No protected admin routes, private packet bodies, or separate-project account details are exposed.

Access Decision Brief

Access owner decision brief: Keep Access Human Reviewed, protected review routes 5, consent plans 8. This browser-local brief packages public access readiness counts, owner branch counts, proof targets, approval guard counts, consent plan counts, and safety boundaries while live access decisions, expiries, grants, role sync, private-scope prompts, private EVE data, provider calls, and database writes remain excluded.

Brief Actions3

Copy, download, or save the public-safe access decision packet locally.

Boundaries5

Raw requests, reviewer notes, grant state, role sync, and private EVE data stay excluded.

Local StorageOnly

No server-side save, provider call, EVE call, database write, grant, or role sync occurs.

Live ActionsGated

Approvals, expiries, grants, role sync, and private-scope prompts remain locked.

Access grants gated
recommended

Keep access human reviewed

Recommended while public access intake is ready and live grants remain protected.

Public Route
/access-readiness
Requirements
3
available

Record protected review evidence

Available next step for clearing owner-review evidence without granting access.

Public Route
/owner-handoff
Requirements
3
available

Start controlled access pilot

Available only as a controlled pilot after protected owner review records the approval path.

Public Route
/access
Requirements
3
blocked

Enable role sync after proof

Blocked until owner role-sync policy, dry-run evidence, and rollback proof are recorded.

Public Route
/activation-readiness
Requirements
3
safe

Access owner decision page

Shows public-safe access decision branches without protected review rows.

Route
/access-owner-decision
safe

Access owner decision JSON

Returns no-store branch, proof-target, and safety counts only.

Route
/api/access/owner-decision-readiness
safe

Access readiness

Shows public intake, protected review, consent, and grant-boundary counts.

Route
/access-readiness
safe

Access readiness JSON

Machine-readable readiness stays aggregate and no-secret.

Route
/api/access/readiness
safe

Access request form

Collects public requests without granting access from the public surface.

Route
/access
safe

Permissions

Explains first-login publicData and feature-specific private consent paths.

Route
/permissions
safe

EVE SSO readiness

Keeps OAuth and private scopes gated behind feature consent.

Route
/eve-sso-readiness
safe

Health JSON

Lets production smoke prove the Access owner-decision mirror stayed public-safe.

Route
/api/health

Public Boundary

Public Access owner-decision readiness exposes decision branch labels, recommended branch state, public access readiness counts, approval rehearsal counts, feature-consent counts, approval-expiry guard labels, proof target outcomes, public route labels, and no-side-effect booleans only. It does not expose raw access request rows, protected review packets, protected route bodies, character labels, contact values, Discord handles, evidence URLs, reviewer notes, access grant state, role-sync payloads, provider credentials, EVE tokens, private EVE data, account data, private logs, provider cookies, or separate-project account details, and it does not start OAuth, call EVE or CCP, trigger providers, write database rows, approve access, change expiries, grant access, sync roles, prompt private scopes, or mutate data.