EVE SSO Owner Decision

This public mirror shows the owner decision lane after the controlled EVE SSO pilot: accept the limited publicData login, repeat the protected pilot, or keep public login rolled back and hidden. It publishes only branch labels, counts, route labels, and safety checks. Protected evidence values, credentials, tokens, sessions, account payloads, and private EVE data stay out of this page.

Recommended BranchRepeat Controlled Pilot

Public login remains hidden.

Decision Branches2/3

1 branch blocks public login exposure.

Owner Checklist4/8

4 item(s) still need protected review.

Pilot EvidenceMissing

Not Recorded

Public Login ExposureHidden

Keep Gated

Rollback5

Rollback labels stay visible before any public login exposure.

Live Smoke4

19 checklist labels support the protected decision path.

Proof Targets8

Every target listed here is no OAuth and no private data.

Public MirrorReady

No protected admin routes, secrets, tokens, cookies, or private account data are exposed.

blocked

Accept controlled publicData login

Public login must stay hidden until protected owner evidence and checklist proof are complete.

Public Route: /eve-sso-acceptance
Requirements: 5

recommended

Repeat protected controlled-login pilot

Repeat the controlled owner pilot and keep public login hidden while missing evidence is collected.

Public Route: /eve-sso-pilot-readiness
Requirements: 4

available

Rollback or keep public login hidden

Rollback remains available if evidence, callback, scope, or smoke proof does not line up.

Public Route: /eve-sso-launch
Requirements: 4

review

Pilot evidence fields complete

This owner decision check still needs protected owner-pilot evidence or review.

review

Pilot outcome passed

This owner decision check still needs protected owner-pilot evidence or review.

review

Owner public-login decision ready

This owner decision check still needs protected owner-pilot evidence or review.

review

Tracker row recorded

This owner decision check still needs protected owner-pilot evidence or review.

ready

First-login scope stays publicData only

This owner decision check is ready from public-safe aggregate evidence.

ready

Token-health review stays clean

This owner decision check is ready from public-safe aggregate evidence.

ready

Public login remains gated after review

This owner decision check is ready from public-safe aggregate evidence.

ready

Rollback and live-smoke path ready

This owner decision check is ready from public-safe aggregate evidence.

smoke

Verify public health

Public Route: /api/health
Safety: No OAuth, no private data

smoke

Verify EVE session status remains private

Public Route: /api/auth/eve/session?returnTo=/dashboard
Safety: No OAuth, no private data

smoke

Verify publicData consent preview remains dry

Public Route: /api/auth/eve/consent-preview?scopes=publicData&returnTo=/dashboard
Safety: No OAuth, no private data

smoke

Export protected acceptance packet

Public Route: /eve-sso-acceptance
Safety: No OAuth, no private data

safe

Owner decision page

Shows public-safe decision branch counts without protected packet bodies.

Route: /eve-sso-owner-decision

safe

Owner decision JSON

Returns no-store branch, checklist, and safety counts only.

Route: /api/auth/eve/owner-decision-readiness

safe

Acceptance mirror

Shows aggregate pilot evidence counts before any public login exposure.

Route: /eve-sso-acceptance

safe

Pilot readiness

Keeps repeat-pilot requirements visible while login remains gated.

Route: /eve-sso-pilot-readiness

safe

Launch checklist

Shows callback, flag, and rollback gates without credential values.

Route: /eve-sso-launch

safe

Session status

Confirms signed-out state without exposing session payloads.

Route: /api/auth/eve/session?returnTo=/dashboard

safe

publicData consent preview

Shows first-login scope review without redirecting to EVE SSO.

Route: /permissions/preview?scopes=publicData&returnTo=/dashboard

safe

Health JSON

Lets production smoke prove the owner-decision mirror stayed public-safe.

Route: /api/health

Public Boundary

Public EVE SSO owner-decision readiness exposes decision branch labels, recommended branch state, owner checklist counts, rollback labels, live-smoke route labels, proof target outcomes, public links, and side-effect booleans only. It does not expose protected evidence values, client credential values, EVE tokens, cookie values, session payloads, raw scopes, private EVE data, account payloads, provider credentials, raw logs, protected admin packet bodies, or separate-project account details, and it does not start OAuth, exchange tokens, mutate sessions, call EVE or CCP, read tokens, read private EVE data, write database rows, call providers, or run account-control actions.

Owner Decision JSON Acceptance Pilot Readiness Launch Checklist Test Plan publicData Preview Data Rights Releases Health JSON