Server-derived brand

innovate PCI shell

Assessment workspace

Questionnaire responses, evidence metadata, review findings, readiness, and unsigned-attestation workflow.

Organization: Innovate Lab Tenant
Entity: ent_innovate_platform_lab
Scope: server-derived registry scope
Role: pci_operator
Stage: lab
Active theme: Pay Theory

Technical details

brand_pointer: partner://innovate/brand/lab/v2026-05-01
asset_pointer: https://assets.innovate.test/pci/
brand_reasons: none

Partner brand service

Loading partner-owned brand manifest from /api/session/brand.

Brand API: /api/session/brand
Boundary: No browser tenant authority, brand override authority, theme mutation, asset upload, endpoint value, account identifier, physical id, secret, live-data path, or fallback browser storage.

Trusted tenant context

Tenant authority: trusted API session

Tenant: pci_tnt_innovate_lab; partner: innovate; stage: lab; registry version: 3.

No viewer authority inputs were used.

PRD-384 permission matrix

Server-derived navigation and actions

hidden-not-disabled

Role-specific navigation and actions are projected from /api/permissions/matrix. The browser cannot supply tenant, entity, role, signer, or forwarded-header authority; never-allowed actions are omitted from the shell instead of rendered disabled.

Matrix source: api_server_derived_from_session_registry_context
Primary role lane: pci_operator from server matrix metadata
Visible actions: 8
Suppressed actions: 1 action(s) withheld without client-side disabled controls.
Viewer role accepted: false
Signer input accepted: false

Step-up reauthentication handoff

When the server-derived permission matrix marks an action as requiring step-up, this shell sends the operator to the same-origin PCI API/BFF step-up route. The browser never constructs Autheory authorize URLs and never supplies tenant, role, principal, subject, MFA, freshness, or permission authority.

Override inherited answer Reauthenticate Only sensitive_action=answer.override is sent as a non-authoritative retry hint.
Queue audit export Reauthenticate Only sensitive_action=operator.audit_export is sent as a non-authoritative retry hint.

Step-up initiate: /api/session/step-up
Callback boundary: /api/session/callback is API/BFF-owned after provider reauthentication.
Allowed browser hint: sensitive_action / action only; the API must re-check session, CSRF policy for unsafe service retries, tenant registry, permissions, and freshness.

Visible server-allowed actions
Action	Category	Step-up	Reason
Review tenant	tenant	server authorized	role_allows_tenant_review
Review evidence package	evidence	server authorized	role_allows_evidence_review
Create evidence metadata intake	evidence	server authorized	role_allows_evidence_upload_metadata
Answer questionnaire	assessment	server authorized	role_allows_answer
Override inherited answer	assessment	server step-up required	operator_step_up_required
Invite submerchant	onboarding	server authorized	operator_scope_review_required
Save workflow state	workflow	server authorized	role_allows_workflow_metadata_save
Queue audit export	audit	server step-up required	role_allows_operator_audit_export_metadata

auth.session_refreshed

Module status

Data Collection enabled / primary Data Collection is enabled by trusted session context.
Monitoring enabled / integrated Monitoring is enabled by trusted session context.

Assessment follow-up neededSAQ A

Assessment follow-up needed

Use the shared Data Collection workspace to finish answers, request evidence metadata, and resolve review readiness without moving authority into the browser.

Needs attention

missing_evidence_metadata
unresolved_review_finding

Assessment service details

Assessment data services

Live assessment workspace

read-only-load

Loading the current assessment bundle, responses, findings, remediation, and readiness from same-origin APIs.

Request policy

trusted-session-no-query-no-body-no-viewer-authority-assessment-workspace

Read APIs

/api/assessments/bootstrap
/api/assessments/responses
/api/review/findings
/api/remediation/plan
/api/readiness/status

Boundary

No browser tenant, entity, cycle, finding, remediation, or evidence authority; no request bodies, endpoint values, account identifiers, physical ids, restricted text, evidence content, document content, export bodies, live-data paths, or browser storage fallback.

Current assessment state
Area	State	Next signal

Question responses from assessment service
Requirement	Answer state	Evidence requests

Review findings from workflow service
Finding	Severity	State	Workflow task

Remediation plan from workflow service
Step	Status	Description ref

Assessment workspaceservice-ref://api/assessment-workspace/m4.6

Assessment workspace

Workspace: assessment-workspace://cycle_lab_2026_readiness/submerchant-a; API shape: service-ref://api/assessment-workspace/m4.6.

Ready for review

Entity: ent_innovate_test_merchant_a
Cycle: cycle_lab_2026_readiness
Package: corpus-package://pci/saq-a/v2026-05-01

Response completion

Ready for review

92%

92%

Answered questions

Ready for review

22/24Current questionnaire answers

Evidence bundle

Accepted

currentRefs and hashes only

Assessment readiness

Blocked — action needed

blockedUnsigned attestation metadata

Workspace refs

completion_state: ready_for_review
completion_status: ready_for_review
evidence_bundle_ref: evidence-bundle://cycle_lab_2026_readiness/submerchant-a/metadata
evidence_bundle_status: current

Questionnaire actionsCSRF-bound

Work the assessment

Ready for review

Use these controls to save an answer, complete the current assessment, or request an evidence follow-up through the same-origin API. Tenant, entity, cycle, evidence, document, and account authority stay server-derived.

Assessment action refs

save_api: /api/assessments/responses/save
complete_api: /api/assessments/complete
evidence_api: /api/evidence/requests
csrf_cookie: __Host-pt_pci_csrf

Last API result

Waiting for operator action.

Questionnaire controlsCSRF-bound

Control answer workbench

Ready for review

Work the concrete questionnaire controls for this cycle. Each row can save an answer or request evidence through the same-origin assessment APIs; tenant, cycle, evidence, and account authority remain server-derived.

Per-control Save answer and Request evidence workbench
Control	Section	Answer state	Evidence state
Payment-page script inventory Control refs `requirement_ref` `requirement-ref://saq-a/6-4-3` `answer_ref` `answer-ref://operator/accept-inherited-metadata`	Payment flow questionnaire	Ready for reviewready for review	Acceptednot required
AOC package evidence Control refs `requirement_ref` `requirement-ref://saq-a/record-only/aoc` `answer_ref` `answer-ref://operator/accept-inherited-metadata`	Payment flow questionnaire	Ready for reviewready for review	Acceptedaccepted ref only
Monitoring readiness evidence Control refs `requirement_ref` `requirement-ref://saq-a/record-only/monitoring` `answer_ref` `answer-ref://operator/update-required-metadata`	Monitoring readiness questionnaire	Blocked — action neededblocked	Missingmissing

Questionnaire progressSAQ A

Questionnaire response workspace

Responses are loaded as the current assessment summary. Entity, cycle, and evidence authority stay with the service.

Ready for review

Questionnaire progress and inherited-answer state
Response group	Completion	Answered	Inheritance	Badges	Safe validation messages
Payment flow questionnaire Response group refs `response_group_ref` `response-group://cycle_lab_2026_readiness/submerchant-a/payment-flow`	Ready for reviewready for review	12/12 100%	Inherited 8 Stale 0 Overrides 1	Acceptedinherited Ready for reviewoverride Acceptedready	In progressinfo`response.override_review_pending`Operator review is pending for one override supplied by trusted API state. Validation refs `source_ref` `validation://cycle_lab_2026_readiness/payment-flow/override-review`
Monitoring readiness questionnaire Response group refs `response_group_ref` `response-group://cycle_lab_2026_readiness/submerchant-a/monitoring-readiness`	Blocked — action neededblocked	10/12 83%	Inherited 10 Stale 1 Overrides 1	Acceptedinherited Blocked — action neededstale Ready for reviewoverride Missingevidence required Blocked — action neededblocked	Needs attentionwarning`response.inherited_answer_stale`Inherited answer is stale; accept or override from trusted API state before readiness. Validation refs `source_ref` `validation://cycle_lab_2026_readiness/monitoring-readiness/stale-inheritance` Blocked — action neededblocked`response.evidence_metadata_missing`Evidence metadata ref is missing; content is not rendered in the app shell. Validation refs `source_ref` `validation://cycle_lab_2026_readiness/monitoring-readiness/evidence-metadata`

Evidence metadataRefs only

Evidence requirements and status

Evidence requirements show status, receipt, and verification signals. Evidence contents are not rendered in this workspace.

Accepted

Evidence request metadata and status refs
Requirement	Status	Received	Expires	Refs / hashes
AOC package evidence Evidence/request refs `evidence_ref` `evidence-ref://cycle_lab_2026_readiness/aoc-metadata` `request_ref` `evidence-request://cycle_lab_2026_readiness/aoc-metadata` `requirement_ref` `requirement-ref://saq-a/record-only/aoc`	Acceptedaccepted ref only	Lab sample timestamp: 2026-05-04T12:00Z	Lab sample expiry: 2027-05-04	Bundle and hash refs `bundle_ref` `evidence-bundle://cycle_lab_2026_readiness/submerchant-a/metadata` `object_hash_ref` `sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb` `manifest_sha256` `sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
Monitoring readiness evidence Evidence/request refs `evidence_ref` `evidence-ref://cycle_lab_2026_readiness/monitoring-status-metadata` `request_ref` `evidence-request://cycle_lab_2026_readiness/monitoring-status-metadata` `requirement_ref` `requirement-ref://saq-a/record-only/monitoring`	Missingmissing	not_received	pending	Bundle and hash refs `bundle_ref` `pending` `object_hash_ref` `pending` `manifest_sha256` `pending`

Review findingsRemediation

Review findings and remediation plans

Finding summaries are service-provided review notes; restricted corpus text and evidence contents do not render.

Blocked — action needed

Review findings and readiness blockers
Finding	Severity	Status	Remediation plan
Review cannot complete until the trusted evidence metadata ref is present. Finding refs `finding_ref` `review-finding://cycle_lab_2026_readiness/monitoring-metadata-gap` `requirement_ref` `requirement-ref://saq-a/record-only/monitoring` `evidence_ref` `evidence-ref://cycle_lab_2026_readiness/monitoring-status-metadata`	Needs attentionmedium	Blocked — action neededunresolved blocker	In progressplanned Remediation refs `remediation_ref` `remediation-plan://cycle_lab_2026_readiness/monitoring-metadata-gap` `owner_role` `pci_operator` `due_label` `Lab sample due date: 2026-05-15` `evidence_ref` `evidence-ref://cycle_lab_2026_readiness/monitoring-status-metadata`

Review actionsCSRF-bound

Resolve findings and move remediation

Ready for review

Operators can acknowledge the current review finding and queue the next remediation step through the same-origin API. The client submits action intent only; finding, plan, task, evidence, tenant, and cycle refs are server-derived.

Review action refs

finding_action_api: /api/review/findings/acknowledge
remediation_action_api: /api/remediation/plan/actions
csrf_cookie: __Host-pt_pci_csrf

Last review API result

Waiting for operator action.

ReadinessUnsigned export

Readiness and unsigned attestation export

Blocked — action needed

State: Blocked — action neededblocked
Blockers: missing_evidence_metadata
unresolved_review_finding
stale_inherited_answer
Ready reasons: No ready reasons are asserted by the current workspace metadata.
Export status: Blocked — action neededblocked

Readiness refs and hashes

readiness_ref: assessment-readiness://cycle_lab_2026_readiness/app-view
attestation_ref: attestation-review item://cycle_lab_2026_readiness/unsigned-summary
export_ref: export-review item://cycle_lab_2026_readiness/record-only
export_status: blocked
manifest_sha256: sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
unsigned_document_sha256: not_signed
signed_document_ref: not_rendered

Assessment workspace

Trusted tenant context

Server-derived navigation and actions

Step-up reauthentication handoff

Module status

Assessment follow-up needed

Live assessment workspace

Assessment workspace

Work the assessment

Save questionnaire answer

Control answer workbench

Questionnaire response workspace

Evidence requirements and status

Review findings and remediation plans

Resolve findings and move remediation

Finding / remediation action

Readiness and unsigned attestation export