{"ok":true,"request_id":"req_a8wf9mwzmqws3ife","service":"cloak-harbor-ped","version":"v1","data":{"service":"cloak-harbor-ped","version":"v1","environment":"production","status":"healthy","mode":"synthetic-demo","timestamp":"2026-06-27T19:54:21.578Z","checks":{"fixtures":"ok","ai_gateway":"configured-server-side","api_key_gate":"enforced","database":"configured-postgres","blob_storage":"configured-server-side","aws_evidence_vault":"configured-server-side","wayback":"missing-env","twilio":"missing-env","capability_persistence":"configured","cache":"unsupported","mcp":"supported","trace":"local-redacted-spans"},"runtime":{"backendMode":"postgres","requestedBackendMode":"auto","databaseConfigured":true,"postgresSupported":true,"persistenceProvider":"vercel_postgres","isVercel":true,"vercelDegraded":false,"persistenceState":"configured","supportFlags":[{"id":"deterministic-fixtures","label":"Deterministic synthetic fixture mode","category":"data","uiState":"connected","dockerPostgres":true,"vercel":true,"proof":"Jordan Hale, 12 findings, 5 Kanban lanes, 6 milestones, and StealthScore 54 to 78 are stable on every render.","degradedCopy":"Never degraded; this is the safe public baseline.","externalActionTaken":false},{"id":"capability-catalog","label":"PED OS capability catalog","category":"ui","uiState":"connected","dockerPostgres":true,"vercel":true,"proof":"The JSON catalog feeds the landing page, API, MCP, LLMS, and tests.","degradedCopy":"Catalog remains readable even when persistence is unavailable.","externalActionTaken":false},{"id":"postgres-capability-support","label":"Postgres capability support flags","category":"data","uiState":"configured","dockerPostgres":true,"vercel":true,"configuredBy":"DATABASE_URL, plus CLOAK_BACKEND_MODE=postgres for forced local mode","proof":"Postgres-backed setup seeds cloak_capability_support and verifies durable support rows.","degradedCopy":"Vercel reports fixture/degraded mode only until DATABASE_URL is configured.","externalActionTaken":false},{"id":"local-audit-events","label":"Local audit event persistence","category":"workflow","uiState":"configured","dockerPostgres":true,"vercel":true,"configuredBy":"DATABASE_URL","proof":"Postgres writes cloak_local_audit_events with external_action_taken=false.","degradedCopy":"Deployments without DATABASE_URL show public-safe trace fixtures and do not claim durable audit persistence.","externalActionTaken":false},{"id":"protected-capability-bootstrap","label":"Protected capability bootstrap API","category":"api","uiState":"protected_required","dockerPostgres":true,"vercel":true,"configuredBy":"PLATPHORM_API_KEY + DATABASE_URL","proof":"POST /api/v1/setup and POST /api/v1/capabilities seed support rows only after platform-key authorization.","degradedCopy":"Without Postgres, the route returns postgres_not_configured instead of fake success.","externalActionTaken":false},{"id":"mcp-capability-introspection","label":"MCP capability introspection","category":"api","uiState":"connected","dockerPostgres":true,"vercel":true,"proof":"get_demo_capabilities_ui and cloakharbor://demo/capabilities expose the catalog and runtime mode.","degradedCopy":"MCP still reports fixture/degraded runtime when Postgres is absent.","externalActionTaken":false},{"id":"external-service-actions","label":"External service actions","category":"integration","uiState":"scaffolded","dockerPostgres":false,"vercel":false,"proof":"Jitsi, Twilio, SendGrid, Cloudflare, AWS, SCC, scan, and submit tools all return implemented:false.","degradedCopy":"Every external action remains scaffolded/protected until intentionally wired.","externalActionTaken":false},{"id":"web-scan-execution","label":"Live web scan execution","category":"integration","uiState":"scaffolded","dockerPostgres":false,"vercel":false,"proof":"The planner can preview scope; it does not crawl, fetch, or run BrowserOps capture.","degradedCopy":"No live scan has been performed in demo mode.","externalActionTaken":false},{"id":"message-delivery","label":"SMS/email delivery","category":"integration","uiState":"dry_run","dockerPostgres":false,"vercel":false,"proof":"Communications surfaces show templates and approval gates only.","degradedCopy":"No message has been sent and no delivered state is shown.","externalActionTaken":false},{"id":"provider-provisioning","label":"Provider provisioning","category":"integration","uiState":"protected_required","dockerPostgres":false,"vercel":false,"proof":"Cloudflare, AWS, SCC, and mail controls produce scaffold/protected responses only.","degradedCopy":"No resource has been provisioned.","externalActionTaken":false},{"id":"executive-report-publish","label":"Executive report publishing","category":"workflow","uiState":"ready_for_review","dockerPostgres":true,"vercel":true,"proof":"Reports generate, review, and record blocked Docs/Sheets/Files handoff intents in Postgres.","degradedCopy":"No report is published to Docs, Sheets, Files, or AWS until those integrations are configured.","externalActionTaken":false},{"id":"responsible-use-gates","label":"Responsible-use gates","category":"safety","uiState":"connected","dockerPostgres":true,"vercel":true,"proof":"Sensitive UI controls and MCP tools state human approval and externalActionTaken:false.","degradedCopy":"Safety gates remain active in fixture mode.","externalActionTaken":false}],"supportSummary":{"total":12,"dockerPostgresSupported":8,"vercelSupported":8,"externalActionTaken":false},"serverCapabilities":[{"key":"platform-auth","name":"PlatPhorm protected actions","category":"platform","purpose":"Server-side authorization for protected operator actions and cross-site handoffs.","requiredEnv":["PLATPHORM_API_KEY"],"configuredEnv":["PLATPHORM_API_KEY"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"platform-handoffs","name":"PlatPhorm handoff switch","category":"platform","purpose":"Kill switch for protected Docs, Sheets, Files, BrowserOps, Sandbox, Trace, and Pentest handoffs.","requiredEnv":["PLATPHORM_API_KEY","CLOAK_ENABLE_PLATFORM_HANDOFFS"],"configuredEnv":["PLATPHORM_API_KEY","CLOAK_ENABLE_PLATFORM_HANDOFFS"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"postgres","name":"Persistent case database","category":"persistence","purpose":"Durable client, evidence, findings, Kanban, report, workflow, and protected intent storage.","anyEnv":[{"label":"DATABASE_URL or POSTGRES_URL","anyOf":["DATABASE_URL","POSTGRES_URL","POSTGRES_PRISMA_URL"]}],"requiredEnv":["DATABASE_URL or POSTGRES_URL"],"configuredEnv":["DATABASE_URL"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"neon","name":"Neon project metadata","category":"persistence","purpose":"Vercel/Neon project identity and direct database environment for production diagnostics.","requiredEnv":["NEON_PROJECT_ID","DATABASE_URL or POSTGRES_URL"],"anyEnv":[{"label":"DATABASE_URL or POSTGRES_URL","anyOf":["DATABASE_URL","POSTGRES_URL","POSTGRES_URL_NON_POOLING"]}],"configuredEnv":["NEON_PROJECT_ID","DATABASE_URL"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"vercel-blob","name":"Vercel Blob evidence storage","category":"storage","purpose":"Server-side evidence artifact storage for reports, screenshots, exports, and redacted bundles.","requiredEnv":["BLOB_READ_WRITE_TOKEN"],"configuredEnv":["BLOB_READ_WRITE_TOKEN"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"aws-evidence-vault","name":"AWS evidence vault credentials","category":"storage","purpose":"Server-side object storage credential set for evidence vault operations.","requiredEnv":["AWS_ACCESS_ID","AWS_ACCESS_SECRET"],"configuredEnv":["AWS_ACCESS_ID","AWS_ACCESS_SECRET"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"ai-gateway","name":"Vercel AI Gateway","category":"ai","purpose":"Redacted case guidance and draft generation through Vercel-managed model routing.","anyEnv":[{"label":"AI_GATEWAY_API_KEY or VERCEL_OIDC_TOKEN","anyOf":["AI_GATEWAY_API_KEY","VERCEL_OIDC_TOKEN"]}],"requiredEnv":["AI_GATEWAY_API_KEY or VERCEL_OIDC_TOKEN"],"configuredEnv":["AI_GATEWAY_API_KEY"],"missingEnv":[],"state":"configured","secretValuesExposed":false},{"key":"ai-provider-fallbacks","name":"Direct AI provider fallbacks","category":"ai","purpose":"Server-side fallback credentials for provider-specific workflows when Gateway is unavailable.","anyEnv":[{"label":"OPENAI_API_KEY or ANTHROPIC_API_KEY or GROK_API_KEY","anyOf":["OPENAI_API_KEY","ANTHROPIC_API_KEY","GROK_API_KEY"]}],"requiredEnv":["OPENAI_API_KEY or ANTHROPIC_API_KEY or GROK_API_KEY"],"configuredEnv":[],"missingEnv":["OPENAI_API_KEY or ANTHROPIC_API_KEY or GROK_API_KEY"],"state":"missing-env","secretValuesExposed":false},{"key":"wayback","name":"Wayback source evidence","category":"discovery","purpose":"Authorized public archive checks and historical source evidence collection.","requiredEnv":["WAYBACK_API_KEY"],"configuredEnv":[],"missingEnv":["WAYBACK_API_KEY"],"state":"missing-env","secretValuesExposed":false},{"key":"twilio","name":"Twilio secure communications","category":"communications","purpose":"Approved client notifications and phone verification workflows from server-side routes.","requiredEnv":["TWILIO_API_KEY"],"configuredEnv":[],"missingEnv":["TWILIO_API_KEY"],"state":"missing-env","secretValuesExposed":false}],"serverCapabilitySummary":{"total":10,"configured":7,"missingEnv":3,"secretValuesExposed":false},"externalActionTaken":false,"explanation":"Vercel Postgres/Neon persistence is configured for production state, audit ledgers, and protected operator workflows."},"serverCapabilitySummary":{"total":10,"configured":7,"missingEnv":3,"secretValuesExposed":false},"counts":{"findings":12,"integrations":28,"planned_or_degraded":4},"routeComplianceScore":1,"discoveryStatus":{"llms":"supported","openapi":"supported","sitemap":"supported","sitemapIndex":"supported","rss":"supported","feed":"supported","atom":"supported","robots":"supported","wellKnown":"supported","mcp":"supported","publicPrivateBoundary":"protected writes require PLATPHORM_API_KEY"},"rssStatus":"supported","sitemapStatus":"supported","llmsStatus":"supported","openapiStatus":"supported","trustedDomainStatus":"trusted-platphormnews-domain","traceEnabled":true,"traceExportEnabled":false,"traceContextAccepted":true,"traceContextPropagated":true,"redactionStatus":"raw secrets, IPs, cookies, bodies and x-vercel-ja4-digest are not exposed publicly","vercelMetadataCaptured":"safe headers only when present"}}