Decision guide
Compare the base subscription with optional add-ons.
Security copy on this route is restricted to controls already present in the platform setup or code paths.
Security posture
Shipped controls only
Security posture grounded in shipped controls, not certification theater.
The public security route describes the platform controls that are actually visible in the code and setups: tenant isolation boundaries, browse-only public mutation rules, protected operations, and auditable lifecycle control.
Logged-out discovery is browse-only.
Subscriptions flow from billing state.
Protected-resource rules remain enforced.
Security copy on this route is restricted to controls already present in the platform setup or code paths.
0
Public mutation routes while logged out
Pages + Menus
Permanent base structures
Disallowed
Destructive public automation
Security controls
This route is limited to implemented control boundaries and public-safe disclosures.
Contract truth
Shipped now
Tenant isolation by design
Runtime enforcement and dashboard visibility remain derived from control-plane truth, not tenant self-authorization.
- Authority Control plane
- Public mutation Browse-only
- Runtime self-authorization Not allowed
- Why it matters Subscriptions are authoritative and deterministic across public, control-plane, and site surfaces.
Shipped now
Protected operations stay explicit
Destructive or risky operational actions are not delegated to public routes and remain guarded behind explicit approval boundaries.
- Protected domains Out-of-bounds rule
- Public destructive actions None
- AI destructive autonomy Disallowed
- Why it matters The public surface can explain the rule without being allowed to violate it.
Shipped now
Audit trail is part of the control story
AI-triggered actions, lifecycle events, and operator changes are expected to leave an audit trail.
- AI destructive actions Approval required
- Billing execution Explicit confirmation
- Audit requirement Mandatory
- Why it matters The route highlights the boundary between explanation and execution.
Implemented controls
Setup truth
What this route can safely disclose
These are platform controls already present in the run setup or implemented route behavior.
- Browse-only public discovery Logged-out routes do not mutate basket, billing, or included features.
- Billing-driven included features Site and dashboard gates follow control-plane authority only.
- Protected-resource rule Resources tied to protected external domains are out of bounds.
- Audit and approval boundaries Destructive automation and billing execution require explicit approval paths.
Needs attention
Status route
Publishes public-safe aggregate state without leaking tenant or domain data.
- Route /status
- Purpose Aggregate service state
- Open route Review current public-safe status.
Setup truth
Compare route
Reinforces that commercial states apply to add-ons, not to security boundaries.
- Route /compare
- Purpose Commercial clarity
- Open route See the locked vocabulary.
Security disclosure: this route does not claim third-party certifications or pentest results that are not evidenced elsewhere.
Take operational guide back into the core public path
Security and compliance guide should still route back into compare, launch-path, and protected entry points.