Integration map
8-state lifecycle matrix for all external services and PlatPhorm systems.
One authorized client, one real exposure-defense loop, zero fake actions.
Integration truth is visible without implying live external action.
Principal
Jordan Hale
synthetic-principal-001
Findings
12
case-state fallback
StealthScore
54 -> 78
rubric estimate
External actions
0
human approval required
Loop proof
Evidence that this screen supports the Jordan Hale defense loop.
State declaration
No surface claims a live action that is not wired.
Any outside-world touch remains protected, gated, or dry-run. Scaffolded controls can acknowledge intent locally but do not send, provision, upload, scan, call, publish, or mutate external systems.
Capability proof
Route-level proof that this screen stays inside the Jordan Hale loop.
operate
Integration map
A lifecycle matrix that explains which services are configured, missing, scaffolded, dry-run, protected, degraded, unavailable, or future.
Real today
The integration tiles render deterministic lifecycle states and provider/environment labels.
Scaffolded
Live health checks, env mutation, provider calls, and cross-site workflows require protected backend integration.
externalActionTaken: false. No external action is triggered from this route.
operate
Service provisioning center
A service setup center that shows what infrastructure the case needs and what is blocked before real provisioning.
Real today
The center renders service cards with owners, due days, related findings, protected flags, and next actions.
Scaffolded
Provider calls, resource creation, queue workers, partner completion, and real service activation are not executed in this UI phase.
externalActionTaken: false. No external action is triggered from this route.
Support mode
2
Capabilities
2
Docker
2
Vercel
Postgres can persist support and audit facts locally or on Vercel. Deployments without DATABASE_URL stay public-safe and degraded.
integration
External service actions
Jitsi, Twilio, SendGrid, Cloudflare, AWS, SCC, scan, and submit tools all return implemented:false.
Every external action remains scaffolded/protected until intentionally wired.
externalActionTaken: false
integration
Provider provisioning
Cloudflare, AWS, SCC, and mail controls produce scaffold/protected responses only.
No resource has been provisioned.
externalActionTaken: false
api
MCP capability introspection
get_demo_capabilities_ui and cloakharbor://demo/capabilities expose the catalog and runtime mode.
MCP still reports fixture/degraded runtime when Postgres is absent.
externalActionTaken: false
safety
Responsible-use gates
Sensitive UI controls and MCP tools state human approval and externalActionTaken:false.
Safety gates remain active in fixture mode.
externalActionTaken: false
Integration lifecycle
8-state external-service matrix.
Vercel AI Gateway
AI
Drafts action packets and report language.
Drafts/dry-runs available; no external change.
AI_GATEWAY_API_KEYSendGrid
Communications
Transactional email for notices and client updates.
Interface built; backend wiring pending.
SENDGRID_API_KEYTwilio
Communications
SMS / voice notifications and verification.
Interface built; backend wiring pending.
TWILIO_AUTH_TOKENJitsi
Communications
Secure operator/client meetings.
Interface built; backend wiring pending.
JITSI_APP_IDCloudflare
Network
WAF, allowlisting and edge protection.
Set the environment variable to enable.
CLOUDFLARE_API_TOKENAWS S3
Storage
Evidence object storage with retention.
Interface built; backend wiring pending.
AWS_ACCESS_KEY_IDVercel Blob
Storage
Demo-grade evidence + export storage.
Set the environment variable to enable.
BLOB_READ_WRITE_TOKENNeon Postgres
Data
Durable system of record for cases and audit log.
Planned on the roadmap.
DATABASE_URLPlatPhorm MCP
Platform
Agent access to read-only and protected demo tools.
Drafts/dry-runs available; no external change.
Claws
Platform
Remediation workflow handoff; protected and scaffolded for this UI phase.
Server-side approval required to act.
BrowserOps
Evidence
Evidence capture journeys and screenshots for synthetic or authorized scopes.
Interface built; backend wiring pending.
SearchOps
Discovery
Bounded discovery planning; no live scan in demo mode.
Interface built; backend wiring pending.
Evals
Quality
Validate safety, clarity and no-fake-live-state claims.
Planned on the roadmap.
Trace
Auditability
Trace-linked proof for local dry-run events.
Drafts/dry-runs available; no external change.
Product Hunt
Growth
Launch + reach signals (read-only).
Planned on the roadmap.
PRODUCTHUNT_TOKENRelated findings
Synthetic exposure objects connected to this surface.
EXP-001HighNew exposureAggregated people-search profile with home + relatives
Single most reused source feeding downstream aggregators.
EXP-002CriticalValidatedProperty record links residence to principal name
Highest physical-risk exposure in the case.
EXP-003MediumAction readyReserved mobile number indexed against principal
Direct path to account-takeover via OTP.
EXP-004HighAction readyWHOIS-style metadata exposes personal email
Links online identity to physical contact details.
Guarded interactions
All sensitive controls are honest scaffolds.
Check integration state
No external action taken from this UI phase.
Evidence, risk, work, approval, report
The single loop remains visible from every route.