IP

Server-derived brand

innovate PCI shell

Corpus versions

Version pointers and cycle pinning metadata without restricted text.

Organization
Innovate Lab Tenant
Entity
ent_innovate_platform_lab
Scope
server-derived registry scope
Role
pci_operator
Stage
lab
Active theme
Pay Theory
Technical details
brand_pointer
partner://innovate/brand/lab/v2026-05-01
asset_pointer
https://assets.innovate.test/pci/
brand_reasons
none

Partner brand service

Loading partner-owned brand manifest from /api/session/brand.

Brand API
/api/session/brand
Boundary
No browser tenant authority, brand override authority, theme mutation, asset upload, endpoint value, account identifier, physical id, secret, live-data path, or fallback browser storage.

Trusted tenant context

Tenant authority: trusted API session

Tenant: pci_tnt_innovate_lab; partner: innovate; stage: lab; registry version: 3.

No viewer authority inputs were used.

PRD-384 permission matrix

Server-derived navigation and actions

hidden-not-disabled

Role-specific navigation and actions are projected from /api/permissions/matrix. The browser cannot supply tenant, entity, role, signer, or forwarded-header authority; never-allowed actions are omitted from the shell instead of rendered disabled.

Matrix source
api_server_derived_from_session_registry_context
Primary role lane
pci_operator from server matrix metadata
Visible actions
8
Suppressed actions
1 action(s) withheld without client-side disabled controls.
Viewer role accepted
false
Signer input accepted
false

Step-up reauthentication handoff

When the server-derived permission matrix marks an action as requiring step-up, this shell sends the operator to the same-origin PCI API/BFF step-up route. The browser never constructs Autheory authorize URLs and never supplies tenant, role, principal, subject, MFA, freshness, or permission authority.

  • Override inherited answer Reauthenticate Only sensitive_action=answer.override is sent as a non-authoritative retry hint.
  • Queue audit export Reauthenticate Only sensitive_action=operator.audit_export is sent as a non-authoritative retry hint.
Step-up initiate
/api/session/step-up
Callback boundary
/api/session/callback is API/BFF-owned after provider reauthentication.
Allowed browser hint
sensitive_action / action only; the API must re-check session, CSRF policy for unsafe service retries, tenant registry, permissions, and freshness.
Visible server-allowed actions
ActionCategoryStep-upReason
Review tenant tenant server authorized role_allows_tenant_review
Review evidence package evidence server authorized role_allows_evidence_review
Create evidence metadata intake evidence server authorized role_allows_evidence_upload_metadata
Answer questionnaire assessment server authorized role_allows_answer
Override inherited answer assessment server step-up required operator_step_up_required
Invite submerchant onboarding server authorized operator_scope_review_required
Save workflow state workflow server authorized role_allows_workflow_metadata_save
Queue audit export audit server step-up required role_allows_operator_audit_export_metadata
  • auth.session_refreshed

Module status

  • Data Collection enabled / primary Data Collection is enabled by trusted session context.
  • Monitoring enabled / integrated Monitoring is enabled by trusted session context.
Corpus packageServer-owned review

Corpus package review workspace

Review active corpus package state, cycle pins, rebase warnings, impacted outputs, and corpus-owned workflow routing before server-owned services regenerate reports or export packages.

Ready for review
AcceptedCurrent

Active package state

1

Corpus pointer rows

1

Pinned cycle links

3/2

Affected refs / impacted outputs

0%

No browser corpus selection, report regeneration, export generation, download URL, signed URL, queue send, notification send, endpoint, account, physical id, restricted standards text, or live-data authority.

Corpus workspace refs
cycle_ref
cycle_lab_2026_readiness
corpus_package_ref
corpus-package://pci/saq-a/v2026-05-01
corpus_package_state
current
render_state
degraded
Corpus serviceRead-only GET

Corpus rebase warning service

Loading corpus rebase warning state from /api/corpus/rebase-warnings.

Ready for review
Rebase API
/api/corpus/rebase-warnings
Request policy
trusted-session-no-query-no-body-no-viewer-corpus-or-report-authority
Boundary
No browser corpus package, report, export, requirement, queue, notification, endpoint, account, physical id, restricted text, or live-data authority; no request body and no browser storage fallback.
Corpus rebase warnings from service
WarningStateFail closedAffected refs
    Corpus version serviceRead-only GET

    Corpus package service

    Accepted

    Loading corpus pointer metadata from /api/corpus/versions. Restricted standards text is not retrieved by this screen.

    Corpus API
    /api/corpus/versions
    Request policy
    trusted-session-no-query-no-body-no-viewer-authority-no-browser-corpus-selection
    Boundary
    No browser corpus selection, tenant authority, restricted guidance text, evidence body, document body, endpoint value, live-data path, or fallback browser storage.
    Corpus versions from service
    PointerVersionStatusPolicy
      Cycle pins1 pointer row(s)

      Corpus pointer rows

      Pointer rows identify active package labels and cycle-pin counts only; restricted guidance text is not rendered or fetched by this route.

      Accepted
      Package labelPinned cyclesPolicy state
      PCI corpus pointer v2026-05-01
      Corpus pointer refs
      corpus_pointer_id
      corpus_pointer_2026_05_01
      source_pointer
      corpus://pci-platform-corpus/v2026-05-01/catalog-metadata
      restricted_text_policy
      pointers-and-record-only
      		1 cycle pin(s)
      Pinned cycle refs
      cycle_ref_1
      cycle_lab_2026_readiness
      		Accepted
      Rebase review1 warning row(s)

      Corpus rebase review queue

      Review rebase warnings before report manifests or export packages are refreshed by server-owned services. This route links to owning workspaces and does not regenerate output from the browser.

      Ready for review
      GuidanceStateAffected refsSafe messageWorkspaces
      Corpus update
      Rebase refs
      rebase_warning_ref
      rebase-warning://cycle_lab_2026_readiness/corpus-v2026-05-01
      source_package_ref
      corpus-package://pci/saq-a/v2026-05-01
      target_package_ref
      corpus-package://pci/saq-a/v2026-06-preview
      		Ready for reviewPreview Required3 affected ref(s)
      Affected requirement refs
      requirement_ref_1
      requirement-ref://saq-a/record-only/script-integrity
      requirement_ref_2
      requirement-ref://saq-a/record-only/tpsp-aoc
      requirement_ref_3
      requirement-ref://saq-a/record-only/asv
      		Corpus rebase preview requires operator review before reports are regenerated; only refs and counts render.
      Rebase reason codes
      reason_code_1
      corpus_rebase_preview_required
      		Open complianceOpen reports & exports
      Downstream impact2 impacted output(s)

      Report and export impact

      Impacted output rows show states, manifest hashes, source counts, and reason codes only. Report bodies, export bodies, downloads, signed URLs, and evidence contents stay server-owned.

      Ready for review
      Reports waiting on corpus review
      Report manifestStateReasons
      Operator Status
      Report manifest details
      report_ref
      compliance-report://cycle_lab_2026_readiness/operator-status
      manifest_sha256
      sha256:bcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbc
      display_policy
      record-only-no-standards-text
      Report source refs
      source_ref_1
      assessment-workspace://cycle_lab_2026_readiness/submerchant-a
      source_ref_2
      evidence-library://cycle_lab_2026_readiness/submerchant-a
      source_ref_3
      audit-timeline://cycle_lab_2026_readiness/compliance
      		Ready for reviewStale
      Report reason codes
      reason_code_1
      corpus_rebase_preview_required
      Exports waiting on corpus review
      Export packageStateReasons
      Report Bundle
      Export package details
      export_ref
      report-export://cycle_lab_2026_readiness/operator-status/bundle
      manifest_sha256
      sha256:dededededededededededededededededededededededededededededededede
      export_policy
      server-owned-export-only
      		Blocked — action neededBlocked
      Export reason codes
      reason_code_1
      report_stale_until_rebase_reviewed
      Task routing1 corpus-owned task(s)

      Corpus workflow task

      Corpus-owned workflow rows point operators to the task board. Task mutation remains CSRF-bound to the workflow service.

      In progress
      TaskStateWorkspace
      Verify corpus pointer for active cycle
      Task refs
      task_ref
      task_pin_corpus_pointer
      tenant_scoped
      true
      		In progressOpenOpen workflow tasks
      Corpus workspace reason codes
      reason_code_1
      corpus_rebase_preview_required
      reason_code_2
      asv_scan_window_missing_metadata
      reason_code_3
      new_tpsp_requires_aoc_metadata
      reason_code_4
      ssf_guidance_text_blocked_until_extractor_validated
      reason_code_5
      report_stale_until_rebase_reviewed
      reason_code_6
      rebase_preview_required
      reason_code_7
      report_stale
      reason_code_8
      export_blocked
      Supporting cycle metadata
      Cycle workspace

      Cycle working slice

      Scope, corpus, inheritance, and evidence-required metadata refs only; no evidence contents render.

      Ready for reviewoperator_review
      18

      Inherited answers

      1

      Stale inherited answer(s)

      2

      Override(s)

      1

      Child re-attestation required

      Cycle status
      Ready for reviewoperator_review
      Corpus package status
      In progresscurrent
      Badges
      AcceptedinheritedBlocked — action neededstaleCorrection requiredoverrideNeeds attentionevidence_required
      Cycle refs
      cycle_ref
      cycle_lab_2026_readiness
      corpus_package_ref
      corpus-package://pci/saq-a/v2026-05-01
      Evidence-required metadata
      Status and refsRequirement summary
      Missingrequired
      Evidence refs
      evidence_ref
      evidence-required://cycle_lab_2026_readiness/aoc-ref
      requirement_ref
      requirement-ref://saq-a/record-only/aoc
      		aoc
      Acceptedreceived_recorded
      Evidence refs
      evidence_ref
      evidence-required://cycle_lab_2026_readiness/monitoring-status
      requirement_ref
      requirement-ref://saq-a/record-only/monitoring
      		monitoring

      PCI application shell with reviewed same-origin service-backed metadata GETs and CSRF-bound workflow actions for onboarding, scope, assessment, evidence, AOC, reporting, and acceptance review. Tenant authority remains server-derived. No deploy behavior: this screen does not run deploys, payment traffic, partner-edge changes, external queues, notifications, or sandbox/live operations.