Technical details
brand_pointerNeutral PCI brand shell activeasset_pointernot availablebrand_reasonstrusted session context unavailable
Partner brand service
Loading partner-owned brand manifest from /api/session/brand.
- Brand API
/api/session/brand- Boundary
- No browser tenant authority, brand override authority, theme mutation, asset upload, endpoint value, account identifier, physical id, secret, live-data path, or fallback browser storage.
PCI API auth boundary
Sign in required
Continue through the PCI API login-initiate route. The PCI API/BFF creates state, nonce, and PKCE material and owns the Autheory redirect; this shell does not construct provider authorize URLs and never receives ID, access, or refresh tokens.
Ready to start the same-origin PCI API sign-in handoff.
- Login initiate
/api/session/login-initiate- Login method
POSTwith JSON provider hintautheory; no browser tenant, role, principal, subject, auth time, MFA, token, state, nonce, or PKCE authority is sent.- Browser auth authority
none- Token handling
- No Autheory ID, access, or refresh tokens are accepted, stored, or replayed by the app shell.
- Session context
- Tenant and principal context remain closed until
/api/session/contextreturns server-derived state.
missing_session
Dashboard unavailable
Unsafe state rendered closed. The shell requires a trusted API/session context before tenant-scoped Data Collection, corpus, workflow, or Monitoring details render.
missing_session
Runtime and tenant context
Trusted tenant context
Session state: unauthorized; HTTP status: 401.
Tenant authority: closed: no session. Tenant-scoped UI is rendered closed until API/session context is trusted.
Closed reason: missing_session.
No viewer authority inputs were used.
auth.session_rejected
Module status
Module status is withheld because there is no trusted session context.
API runtime binding readiness
The dashboard exposes the same-origin API readiness route for record-only Factory smoke. The application dashboard uses its service-backed bootstrap API; this readiness probe remains declarative and does not supply tenant, namespace, SSM, account, or service authority.
- Readiness path
/api/runtime-config/binding-status- Probe mode
- same-origin-record-only
- Initial state
- pending_same_origin_probe
- Browser authority
- none