EVE SSO consent plan

EVE Permission Activation Plan

WarpIntel keeps EVE permissions staged by feature. This plan shows what can stay public, what first login asks for, which private read upgrades need later review, and where high-trust write/action scopes remain gated before any CCP redirect begins.

Statuspublic-no-secret

Public route labels, preview links, and aggregate scope counts only.

Stages5

Public tools, first login, private reads, organization reads, and high-trust actions.

Previews4

Consent previews show scope bundles without starting OAuth.

OAuth Starts0

Activation review remains preview-only until a user intentionally signs in.

Next Review Stage

First Login Public Identity is the next non-live stage. It is currently marked ready-preview for /dashboard.

Activation JSON Permissions Center Scope Catalog JSON Data Rights

Step 1 / Live now

Public Tools Stay No Login

Trigger: Visitor opens a public tool, guide, report, or readiness page.
Gate: No EVE OAuth required; public data and browser-local records only.
Current Coverage: Public analyzers, market, industry, PI, maps, SRP, fleet, mining, access, support, and reports work without sign-in.
Scope Boundary: No EVE scopes requested

No EVE scopes are requested and no private EVE data is read.

Tools Local Reports Health JSON

Step 2 / Preview ready

First Login Public Identity

Trigger: Pilot chooses to sign in, save account reports, or review account controls.
Gate: WarpIntel EVE app, production callback, publicData scope, feature flag, and controlled live sign-in smoke are reviewed.
Current Coverage: Dashboard shell, safe session preview, consent preview, account controls, and no-secret readiness feeds are staged.
Scope Boundary: 1 scope(s); 0 high-trust; 0 write/action

First login asks only for publicData and does not request wallet, assets, location, skills, or corporation data.

Preview JSON Dashboard EVE SSO Readiness First Consent Preview

Step 3 / Future review

Personal Read Upgrades

Trigger: Signed-in pilot opens a private skill, asset, wallet, industry, PI, or character-audit enhancement.
Gate: Each feature explains the private read scopes, stores token metadata safely, and keeps raw private EVE data off public surfaces.
Current Coverage: Manual and browser-local versions are live for fit, character audit, market, industry, and PI workflows.
Scope Boundary: 28 scope(s); 0 high-trust; 0 write/action

Financial, skill, activity, PI, and audit scopes stay feature-specific and are never bundled into first login.

Preview JSON Fit Lab Character Audit PI Planner

Step 4 / Future review

Fleet, SRP, And Corporation Read Upgrades

Trigger: Reviewer opens SRP proof, fleet participation, corporation audit, structure, finance, or governance evidence.
Gate: Role review, owner approval, protected audit trail, and feature-specific consent are ready before corporation or fleet data syncs.
Current Coverage: Manual SRP, fleets, access, corp audit, corp stats, structures, and reserve planning are live without private sync.
Scope Boundary: 26 scope(s); 0 high-trust; 0 write/action

Location, online state, killmails, corporation wallets, structures, contracts, and governance data remain protected and role-scoped.

Preview JSON SRP Fleets Corp Audit

Step 5 / High trust

Optional Write And Client Actions

Trigger: User intentionally starts a specific write/client action from a reviewed feature screen.
Gate: Human click, role check, confirmation step, rollback plan, audit event, and owner-reviewed feature flag all pass.
Current Coverage: Write/client actions are not active; public fleet and SRP tools remain advisory-first.
Scope Boundary: 13 scope(s); 8 high-trust; 8 write/action

Write/action scopes are never launch defaults and every future action must be explicit, reversible where possible, and logged.

Preview JSON Fleets Fleet Readiness High-Trust Preview

No-Secret Activation Rule

This page does not expose tokens, client secrets, private EVE data, account payloads, raw submissions, provider credentials, or separate-project account data.