Service provisioning center
Secure communications, Cloudflare, AWS, SCC, mail, partner and reporting service scaffolds.
One authorized client, one real exposure-defense loop, zero fake actions.
Required services are prepared, labeled and blocked before real provisioning.
Principal
Jordan Hale
synthetic-principal-001
Findings
12
case-state fallback
StealthScore
54 -> 78
rubric estimate
External actions
0
human approval required
Loop proof
Evidence that this screen supports the Jordan Hale defense loop.
State declaration
No surface claims a live action that is not wired.
Any outside-world touch remains protected, gated, or dry-run. Scaffolded controls can acknowledge intent locally but do not send, provision, upload, scan, call, publish, or mutate external systems.
Capability proof
Route-level proof that this screen stays inside the Jordan Hale loop.
operate
Service provisioning center
A service setup center that shows what infrastructure the case needs and what is blocked before real provisioning.
Real today
The center renders service cards with owners, due days, related findings, protected flags, and next actions.
Scaffolded
Provider calls, resource creation, queue workers, partner completion, and real service activation are not executed in this UI phase.
externalActionTaken: false. No external action is triggered from this route.
operate
SCC provisioning
A configurable service class for secure client communications, case containers, cover coordination, or special client controls.
Real today
The route renders a clear SCC scaffold and avoids legal claims or automatic completion.
Scaffolded
Human/partner completion, document review, and service activation require protected workflow and partner handoff integration.
externalActionTaken: false. No external action is triggered from this route.
operate
Cloudflare posture
A domain security planning panel for DNS, WAF, bot defense, Turnstile, redirects, and security headers.
Real today
The panel renders checklist and recommendation scaffolds without Cloudflare credentials.
Scaffolded
Cloudflare API calls, WAF rule creation, Turnstile setup, and DNS mutation require protected backend integration.
externalActionTaken: false. No external action is triggered from this route.
evidence
AWS evidence storage
A storage map for evidence, screenshots, reports, retention policy, encryption, and access controls.
Real today
The UI shows storage classes and redaction-before-upload requirements with no AWS keys client-side.
Scaffolded
Presigned URLs, uploads, object-lock controls, lifecycle policies, and storage health checks require backend services.
externalActionTaken: false. No external action is triggered from this route.
operate
SendGrid mail provisioning
A mail setup checklist that explains DNS and template readiness without pretending email delivery works.
Real today
The route renders mail setup steps and dry-run email templates only.
Scaffolded
SendGrid credentials, DNS verification, mailbox provisioning, and email delivery require backend work and approval.
externalActionTaken: false. No external action is triggered from this route.
Support mode
5
Capabilities
1
Docker
1
Vercel
Postgres can persist support and audit facts locally or on Vercel. Deployments without DATABASE_URL stay public-safe and degraded.
integration
Provider provisioning
Cloudflare, AWS, SCC, and mail controls produce scaffold/protected responses only.
No resource has been provisioned.
externalActionTaken: false
integration
External service actions
Jitsi, Twilio, SendGrid, Cloudflare, AWS, SCC, scan, and submit tools all return implemented:false.
Every external action remains scaffolded/protected until intentionally wired.
externalActionTaken: false
safety
Responsible-use gates
Sensitive UI controls and MCP tools state human approval and externalActionTaken:false.
Safety gates remain active in fixture mode.
externalActionTaken: false
Service cards
Every card declares owner, dependency and protected status.
Comms
Secure Client Communications
Encrypted, auditable channel between operator and protected client.
- Provider
- Cloak Harbor
- Owner
- Platform
- Target
- Day 1
Network
Edge / WAF
Firewall, IP allowlisting and bot mitigation in front of the cockpit.
- Provider
- Cloudflare
- Owner
- Platform
- Target
- Day 0
Storage
Evidence Object Store
Write-once, redaction-aware evidence vault with retention controls.
- Provider
- AWS S3 / Vercel Blob
- Owner
- Platform
- Target
- Day 1
Comms
Transactional Mail
Outbound notice delivery — dry-run only in the demo.
- Provider
- SendGrid
- Owner
- Operations
- Target
- Day 2
Comms
SMS / Voice
Client notifications and verification — dry-run only in the demo.
- Provider
- Twilio
- Owner
- Operations
- Target
- Day 2
Comms
Secure Meeting
Private operator/client briefings with agenda and audit trail.
- Provider
- Jitsi
- Owner
- Operations
- Target
- Day 7
Discovery
Web Exposure Scan
Consented surface scan against the principal's known identifiers.
- Provider
- Cloak Harbor
- Owner
- Discovery
- Target
- Day 1
Platform
Job Queue / Workers
Durable workers for scans, re-checks and webhook delivery.
- Provider
- Vercel / Upstash
- Owner
- Platform
- Target
- Day 14
Security
Endpoint Hygiene
Credential rotation, passkeys, device hygiene and account recovery separation.
- Provider
- Cloak Harbor checklist
- Owner
- Cloak analyst
- Target
- Day 1
Network
VPN / Privacy Networking
Reduce network and identifier linkage where appropriate for the protected principal.
- Provider
- Partner
- Owner
- Partner
- Target
- Day 14
Partner
Legal / Trust Partner
Registered-agent substitution, property record review and cover entity coordination.
- Provider
- Legal / trust partner
- Owner
- Legal/Trust partner
- Target
- Day 7
Remediation
Data Broker Opt-Out
Suppress people-search, phone and household exposure records.
- Provider
- Broker operators
- Owner
- Cloak analyst
- Target
- Day 2
Monitoring
Recurrence Monitoring
Re-check suppressed sources and report re-exposure without unbounded crawling.
- Provider
- Cloak Harbor
- Owner
- Cloak analyst
- Target
- Day 14
Reporting
Executive Reporting
Generate before/after report and evidence-linked proof for the principal.
- Provider
- Cloak Harbor
- Owner
- Cloak analyst
- Target
- Day 30
Related findings
Synthetic exposure objects connected to this surface.
EXP-002CriticalValidatedProperty record links residence to principal name
Highest physical-risk exposure in the case.
EXP-004HighAction readyWHOIS-style metadata exposes personal email
Links online identity to physical contact details.
EXP-005CriticalWaiting partnerOfficer filing names principal at residential address
Requires legal/trust partner remediation.
EXP-007HighValidatedReused credential pattern in synthetic breach corpus
Most direct account-takeover vector.
Guarded interactions
All sensitive controls are honest scaffolds.
Request service setup
No external action taken from this UI phase.
Evidence, risk, work, approval, report
The single loop remains visible from every route.