# Cloak Harbor Personal Exposure Defense

> AI-native operating layer for Personal Exposure Defense. Defensive Personal Exposure Defense (PED) control plane for authorized operators protecting a consented principal. This is a synthetic-data demo — no real people are scraped, enriched, or exposed.

## What this is
- A defensive control plane: discover, validate, score, remediate, and report on a consented principal's public exposure.
- NOT a people-search engine, doxxing tool, or OSINT crawler. See https://cloak.platphormnews.com/docs/responsible-use.
- Magic rule: one synthetic principal, one real exposure-defense loop, zero fake actions.
- UI scaffolds are labeled. Outside-world actions require human approval and protected server-side authorization.

## Core docs
- Overview: https://cloak.platphormnews.com/docs
- Personal Exposure Defense: https://cloak.platphormnews.com/docs/personal-exposure-defense
- SigReduce open-core schema: https://cloak.platphormnews.com/docs/sigreduce
- Architecture: https://cloak.platphormnews.com/docs/architecture
- Responsible use: https://cloak.platphormnews.com/docs/responsible-use
- FAQ: https://cloak.platphormnews.com/faq

## API (synthetic demo)
- OpenAPI: https://cloak.platphormnews.com/openapi.yaml
- OpenAPI JSON: https://cloak.platphormnews.com/openapi.json
- Health: https://cloak.platphormnews.com/api/health
- Findings: GET https://cloak.platphormnews.com/api/v1/findings (paginated)
- Finding detail: GET https://cloak.platphormnews.com/api/v1/findings/{id}
- Principal: GET https://cloak.platphormnews.com/api/v1/principal
- StealthScore: GET https://cloak.platphormnews.com/api/v1/stealthscore
- Integrations: GET https://cloak.platphormnews.com/api/v1/integrations
- Events outbox: GET https://cloak.platphormnews.com/api/events
- Action packet draft: POST https://cloak.platphormnews.com/api/v1/action-packets/draft (dry-run, human approval required)
- Webhook receiver: POST https://cloak.platphormnews.com/api/webhooks (signed, idempotent)

## UI scaffold routes
- Presenter: https://cloak.platphormnews.com/present
- Discovery: https://cloak.platphormnews.com/discovery
- Queue: https://cloak.platphormnews.com/queue
- Evidence: https://cloak.platphormnews.com/evidence
- Score: https://cloak.platphormnews.com/score
- Kanban: https://cloak.platphormnews.com/kanban
- Calendar: https://cloak.platphormnews.com/calendar
- Review: https://cloak.platphormnews.com/review
- Actions: https://cloak.platphormnews.com/actions
- Communications: https://cloak.platphormnews.com/communications
- Provisioning: https://cloak.platphormnews.com/provisioning
- Reports: https://cloak.platphormnews.com/reports
- Screenshots: https://cloak.platphormnews.com/screenshots

## Auth & limits
- Read endpoints are public-safe (synthetic data only).
- State-changing endpoints require Authorization: Bearer $PLATPHORM_API_KEY or X-PlatPhorm-API-Key: $PLATPHORM_API_KEY.
- Webhooks require an HMAC signature in x-cloak-signature.
- All external/takedown actions are DRY-RUN and require explicit human approval. AI never auto-submits.

## Machine index
- https://cloak.platphormnews.com/llms-full.txt
- https://cloak.platphormnews.com/llms-index.json