Cloak HarborExposure Defense

Architecture

How the cockpit, machine surface and integrations fit together on the Vercel substrate.

Layers

  • Exposure Defense Cockpit — the executive UI: overview, intake, exposures, evidence, StealthScore, Kanban, calendar, action packets, report and trace.
  • Control plane API — a versioned /api/v1 surface for principals, findings, evidence, risk, kanban, calendar, actions, reports and integrations.
  • Machine surface — health, OpenAPI, llms.txt, sitemap, RSS, robots, .well-known manifests and an MCP server.
  • AI Gateway adapter — server-side drafting with a deterministic template fallback when the gateway is unavailable.

Access model

The demo environment is intended to sit behind firewall / IP allowlisting, so there is no heavy public login wall in the UI. Protected, state-changing actions are gated server-side by a PLATPHORM_API_KEY presented via Authorization: Bearer or X-PlatPhorm-API-Key. The key is never exposed client-side.

AI safety

  • Server-side only — no client model calls
  • Every draft is labeled AI-drafted and human-reviewed before any external action
  • AI may never submit takedowns automatically or enrich real people without authorization
  • If the gateway is unavailable, the system degrades to labeled deterministic templates — it never fakes output

PlatPhorm proof pattern

Rather than tour a collection of sites, Cloak Harbor maps real operating capabilities to each stage of the defense loop. The machinery runs behind the scenes; only the operational story is surfaced.