Policy before execution
Policy resolves authorization before execution can cross into production systems.
Authority Signal
OPHAELIS · DECISION GOVERNANCE LAYER
AI can advise.
Ophaelis authorizes.
Ophaelis governs AI and automation proposals before they become real actions. Policy, intent, capability, and human authority resolve first. Execution only follows when authorization is clear.
Policy authoritative
Human governed
Receipt backed
The model may propose the next step. Ophaelis determines whether that step can safely execute.
Human-grade governance
Human authority defines governance boundaries and escalation paths for high-impact actions.
Receipts as proof
Each decision produces a receipt showing what was requested, what was authorized, and why.
How Ophaelis Works
AI proposes. Ophaelis authorizes. HybridEngine coordinates. Executors act. Receipts prove. Index learns. Humans approve evolution.
Proposals
- User RequestA person asks for something
- App / WorkflowAn app or workflow requests an action
- AI SuggestionA model suggests a course of action
→
POP Contract
Standardizes the request into a stable versioned decision contract.
→
Ophaelis Authority Boundary
Authority and governance control plane
IntentWhat action is being requested?
Policy PackWhich customer rules apply?
Capability LedgerWhich actions can be allowed, bounded, or blocked?
Authority ThresholdWho must approve at this level of risk?
Risk & ReversibilityHow much impact and rollback ability exist?
AI AugmentationAdvisory signals only; never final authority.
→
Outcomes
- Authorized
- Allowed with Boundary
- Requires Human Authority
- Withheld for Missing Context
- Denied
↓
Executor Layer
Only authorized or bounded paths continue.
HybridEngine coordinates execution with approved scope.
HybridEngine -> Executors -> Real-world Action
Every resolved decision writes a receipt.
Decision Receipt
Tamper-evident audit trail
Decision referenceEvery governed decision receives a traceable receipt ID.
Authority resultThe receipt records whether the action was authorized, bounded, withheld, or denied.
ScopeAllowed and denied capabilities are recorded so execution cannot exceed the decision.
Policy basisThe policy, intent, capability, and authority rules behind the decision are preserved.
TimestampThe decision time is recorded for audit review.
Learning & Improvement Loop
Index / Evals ObserveEvidence from governed runs and provider behavior is reviewed.
Improvement ProposalSuggested pack, policy, routing, or workflow changes are drafted.
Human ReviewAdmins approve or reject changes before runtime behavior changes.
Versioned UpdatesApproved changes become versioned pack or configuration updates.
Observe -> Evaluate -> Propose -> Review -> Approve -> Version -> Deploy
Approved updates return as versioned pack/config changes after review.
Every decision is recorded. Nothing crosses the boundary without a decision.
Outcome
Execution changes only occur after authorization resolves.
Doctrine
AI can advise. Ophaelis authorizes.
Authority Layer
Policy, intent, capability, and human authority resolve before execution.
SEE IT LIVE
Watch a real governed run reach the boundary.
Watch proposal intake, policy evaluation, and authorization resolution unfold in sequence.
Primary flagship: CFO account MFA bypass and recovery governance.
Additional receipts show the same authority pattern across finance, audit integrity, and recovery support.
AI systems can propose actions. Ophaelis determines what may become action.
Internal environment. If enabled, external AI providers generate untrusted proposals; Ophaelis remains deterministic and policy-authoritative.
Live Governed Evaluation
Decision Replay
Watch a proposed production action move through intake, policy, authority, and receipt generation before anything executes.
Latest evaluation
Latest evaluation: loading...
Replay source
Cached governed run package
Replay presentation is public-safe and may use cached receipt metadata until live receipt binding is enabled.
Replay governance process
Scenario: CFO account recovery request — reset account and disable MFA.
Scheduled or founder-controlled evaluations refresh cached authority receipts. Viewer replay does not run a new provider evaluation.
No recent evaluation available yet
Scheduled evaluation is active. This view updates after the next run.
Proposal → Governance → Boundary → Outcome
Run Spine
Proposal → Governance → Boundary
Scenario: CFO account recovery request — reset account and disable MFA.
Proposal Chamber
A request asks the helpdesk workflow to reset the CFO account and disable MFA.
Captured before account changes reach operational systems.
Authority Layer
CFO identity, MFA removal, and unverified recovery context require human authority.
Policy Basis
Privileged account access · MFA removal · CFO identity
Execution Gate
Authorization withheld. No account reset or MFA bypass is allowed to run.
Execution Boundary
Why it matters: This can create an executive account-takeover path before identity and authority are verified.
—
—
—
Intent Pack: Recovery mapped
Irreversibility: Partial / high impact
Boundary State: Held pending authority
Outcome Chamber
RequiresHumanAuthority
Authority required: L3
—
—
—
Real decision time: —
Allowed actions: none
Denied actions: reset_account, disable_mfa
Final state: Boundary held
Receipt Artifact
Replay is rendered from one governed decision in audit history.
Scenario: CFO account recovery request — reset account and disable MFA.
Decision ID
—
Verdict
—
Authorization
—
Allowed / Denied
—
Policy Basis
—
Evaluated
—
Decision Explanation
Ophaelis mapped the request to privileged account recovery, detected executive finance identity, MFA removal, and unverified recovery context, then applied policy, capability, reversibility, and authority rules. Because the requested actions can affect executive account access, authorization remains withheld until L3 human authority confirms the request. Advisory model output may help summarize context, but it does not authorize execution.
Decision Detail
—
Shows one recent governed evaluation from cached authority receipts.
Scheduled or founder-controlled evaluations refresh cached authority receipts. Viewer replay does not run a new provider evaluation.
Integration Flow
Customer systems execute. Ophaelis authorizes.
A customer application asks to perform a sensitive action. Ophaelis resolves policy, tenant packs, risk, capability, and human authority before the execution gate can proceed.
Primary integration example: sensitive workflow action governance.
Customer-owned execution. Ophaelis-owned authorization. Receipt-proven decisions.
The integration pattern is intentionally narrow: customer systems retain execution control. Ophaelis returns the authorization decision, rationale, and receipt artifact.
Customer-owned execution
Your app or executor performs actions only after reading Ophaelis authorization.
Authority-bound actions
Policy, capability, risk, and human authority resolve before the execution gate opens.
Receipt-proven decisions
Decision scope, rationale, and authority state are recorded as an inspectable artifact.
One request. One authority decision. One execution gate.
Request → Authority → Gate → Receipt
Evaluated against: customer-defined tenant pack · sensitive action governance rules
1. Customer Request
{
"schema_version": "arbiter.decision_request.v1",
"tenant_id": "customer_demo",
"request_id": "req_sensitive_action_001",
"domain": "identity_access",
"intent_id": "privileged_access_change",
"policy_pack_id": "customer-policy-pack",
"intent_pack_id": "customer-intent-pack",
"environment": "production",
"signal_tags": ["privileged_access", "production_change", "human_authority_required"],
"signal_facts": {
"target_system": "account_directory",
"change_type": "privileged_access_change",
"identity_verified": false
},
"requested_capabilities": ["change_privileged_access", "disable_security_control"],
"capabilities_universe": ["open_review_ticket", "send_approval_request", "change_privileged_access", "disable_security_control"]
}
The customer app packages a proposed action before execution.
2. Ophaelis Resolves Authority
{
"authorized": false,
"authorization": "withheld",
"authority_level": "L3",
"allowed_capabilities": ["open_review_ticket"],
"denied_capabilities": ["change_privileged_access", "disable_security_control"],
"receipt_id": "..."
}
- Identity / Access tenant pack
- Policy and capability rules
- Risk and reversibility
- Human authority threshold
Advisory model output may help summarize context, but it does not authorize execution.
3. Customer Execution Gate
- Account reset blocked
- MFA bypass blocked
- Approved recovery path remains available
- No action executes outside authorized scope
4. Decision Receipt
- What was requested
- What policy/authority applied
- What was allowed or denied
- Why execution could or could not proceed
- Timestamp and decision ID when available
Ophaelis is not the executor in V1. It is the authority layer your executor obeys.
Input: Decision request
- Action, actor, capability, and system context
- Tenant pack references
Output: Authorization response
- Allowed, constrained, denied, or held pending human authority
- Policy-bound rationale and authority level
Control: Execution gate
- Customer-owned app/executor enforces returned authorization
- No out-of-scope execution path
Proof: Decision receipt
- Inspectable record of request, rule basis, authority state, and outcome
- Receipt artifact for audit and replay alignment
Do you pay for AI twice?
No by default. Your app can send the action it already planned to Ophaelis for authorization. Ophaelis does not need to call another model just to decide whether the action may execute.
- Existing app/model proposes action.
- Ophaelis authorizes before execution.
- Optional advisory AI can be enabled separately.
- Customer execution provider keys stay with the customer or executor in V1.
- Receipts record the final authority decision.
Optional advisory provider calls can be enabled for richer context or proposal comparison. Those calls are configurable and advisory only. Policy, tenant packs, capability rules, and authority thresholds remain the source of authorization.
Minimal decision shape.
{
"authorized": false,
"authorization": "withheld",
"authority_level": "L3",
"allowed_capabilities": ["open_review_ticket"],
"denied_capabilities": ["change_privileged_access", "disable_security_control"],
"receipt_id": "..."
}
Public-safe example response. This is what the customer execution gate enforces.
Designed for production boundaries, not demo magic.
1. Proposal Source
- User request, app workflow, or AI suggestion.
2. Stable Decision Contract
- Request normalized into fields Ophaelis can evaluate.
3. Authority Boundary
- Policy, capability, risk, and human authority resolve before execution.
4. Execution Gate
- Customer system enforces the returned authorization.
5. Receipt
- Decision result and rationale are recorded.
6. Governance Loop
- Receipts/evals propose improvements; humans approve changes.
Tenant Pack Proof
Tenant packs define the rules Ophaelis checks before a proposed action can become authorized execution. They describe the customer’s policies, intent families, capability boundaries, authority thresholds, escalation paths, and receipt requirements.
Pack family
customer-defined
Scenario family
sensitive action governance
Pack status
validated · loaded · scenario tests pass
Runtime bridge
next product step
Tenant packs already validate, load, and pass scenario tests in the proof loop. The next V1 bridge is to use an approved tenant pack as the live runtime authority source during decision evaluation.
See a real governed run.
Decision Replay shows one concrete flagship request moving through proposal intake, policy evaluation, authority resolution, execution hold, and receipt generation.
Open Decision Replay
View Receipts
Audit History
Receipts
Every governed decision leaves a structured artifact: what was proposed, which policies applied, what authority resolved, and why execution was withheld, bounded, blocked, or allowed.
Primary and secondary proof receipts are selected by scenario role from available governed proof history.
Receipt backed
Human authority visible
Public-safe examples
Displayed proof rows
0
Authority holds
0
Authorized paths
0
Replay-linked
0
Receipt Proof Set
Date
Domain
Decision
Verdict
Level
Loading receipt proof set...
What Receipts Prove
Governance happened before action.
Ophaelis receipts make boundary decisions inspectable: proposal, policy, authority, outcome, and rationale are recorded together.
Deterministic audit trailReceipt rows are shown only when a real proof timestamp is available. No customer data is displayed.
Pinned backend receipt packages are the next product step; viewer replay uses cached artifacts and does not run a new provider evaluation.
Ophaelis Authority Console
Deterministic authority between AI-assisted intention and irreversible execution.
Governance Profile (Bounded)
Posture tuning only. Does not directly select outcomes.
Checks pending
Proposed Action
Governance Evaluation
Authority Decision
Receipt + Execution Authorization
Decision Snapshot
Final Authority Decision
Awaiting authority evaluation
Execution Authorization Status
Pending
Proposed Action
Run deterministic authority evaluation.
Compliant Alternative
A safer path will be surfaced after evaluation.
In Plain English
- The system is proposing a high-impact action.
- That action could materially change live operations.
- Ophaelis applies policy authority before any execution step.
- The next step follows the compliant path shown below.
Evaluation Path
- Request received Pending
- Policy pack resolved Pending
- Advisory/provider step Pending
- Deterministic authority decision Pending
- Authorization issued or withheld Pending
- Execution blocked or permitted Pending
Advisory Activity
Live Advisory
Pending
Providers Attempted
Pending
Fallback Used
Pending
Advisory Status
Pending
Latency Summary
Pending
Notes
Provider/advisory details will appear after evaluation.
Proposed Action
Intent Summary
Contain suspected admin privilege escalation in production.
Proposed Action
Revoke credentials, block source IP globally, and rotate access keys.
Target System
Identity provider and security control plane
Governance Evaluation
Authority Required
Pending authority evaluation
Human Approval
Pending
Evaluation Status
Checks pending
Policy Pack Selected
Security Policy Pack (version and hash pending)
Intent Pack Selected
Security intent semantics (version and hash pending)
Constraints Triggered
- Constraints will populate after decision.
Checks Performed
- Policy and intent pack resolution pending
- Capability gating pending
- Irreversibility and human-approval checks pending
Authority Decision
Final Outcome
Awaiting authority evaluation
Authority Meaning
Run evaluation to issue an authority decision.
Explanation
Run Authority Evaluation to receive a deterministic permit, block, or escalation decision.
What Happens Instead
A safer path will be surfaced after evaluation.
Compliant Alternative
- Compliant alternatives will be proposed after policy evaluation.
Receipt + Execution Authorization
Receipt
Authoritative receipt generated after decision.
Decision
Generated after decision
Execution Handoff
Generated after decision
Execution Authorization
Authorization details are populated after decision.
Authorization Status
Pending
Authorization ID
Generated after decision
Scope
Generated after decision
Authorization Expires
Generated after decision
Request ID
Generated after decision
Decision ID
Generated after decision
Timestamp
Generated after decision
Policy Pack ID / Version / Hash
Published with decision receipt
Intent Pack ID / Version / Hash
Published with decision receipt
Overlay Snapshot
Captured after decision
Triggered Rules
- Generated after decision
Rationale
Generated after decision
Guarded Execution Check
Attempted Action
Generated from proposed action
Authorization ID
Generated after decision
Authorized Scope
Generated after decision
Authorization Expiry
Generated after decision
Authorization Status
Pending
No simulated execution attempted.
Decision Lab
Internal policy decision workspace for operator validation.
Signals
—
•
Domain
—
•
Intent
—
Incident Detected
- Event: Admin privilege escalation attempt
- Environment: Production
- Location: New country login
- Confidence: High detection signal
- Requested Action: Immediate irreversible containment
Symptom Category
Severity
Duration
Red Flag Present
Demo-only. No PHI. This generates abstracted risk signals.
Event Type
User Role
Is the location unusual?
How sure are we?
Would this be hard to undo?
Environment
How sure are we? = how confident the detection signal is.
Hard to undo = could lock accounts / disrupt production.
Transfer Size
Account Age
Device
Location
Fraud Confidence
Beneficiary
Would this be hard to undo?
Fraud confidence = risk score from your fraud system.
Very large transfers and new devices usually require verification.
Request JSON
— •
Authority: —
Risk: —
Confidence: —
Reversibility: —
Authority Ceiling
—
Allowed Now
—
Confirmation Required
—
Blocked (and why)
- (none)
Authority Level
—
Recommended Next Step
Awaiting evaluation.
Decision Basis
- Environment: —
- Account Type: —
- Confidence: —
- Irreversibility: —
- Requested Actions: —
- Permitted Actions: —
- Blocked Actions: —
Ophaelis prevented:
- (none)
Domain
Context Environment
—
Context User Role
—
Computed Buckets
Policy Pack
—
Execution Mode
—
Intake Snapshot
Intent Description
—
AI Advice
Secondary advisory signals from model providers.
Requested Actions
- (none)
Model Advice (Optional)
OpenAI: Pending
Anthropic: Pending
AI advice is hidden in Basic view. Switch to Developer to view it.
- No proposals yet. Click Evaluate to generate proposals and run governance.
Model Proposal (Advisory)
AI Proposal vs Policy Verification
MATCHED
| Signal | AI Proposal | Policy Final |
|---|---|---|
| Risk | - | - |
| Confidence | - | - |
| Reversibility | - | - |
Adjustment Notes
Raw Proposals
Policy Evaluation & Trace
Secondary policy verification and explanatory trace details.
Policy Verification
Awaiting evaluation.
Ophaelis Scope
Security Decision Basis
Policy Pack (Human View)
Technical Details
Raw decision and trace payloads for debugging and audit.
Decision Response
Raw Trace
FOUNDER CONSOLE ACTIVE — DEV MODE / MOCK DATA
Data source: Mock
Awaiting refresh.
What this surface is
This is the Founder / Operator Control Room. It shows whether Ophaelis is healthy, what it recently decided, and what proof ran most recently. Commands stay disabled until admin auth is designed.
System State
Operational
Ophaelis is evaluating decisions. Execution halt is off.
Latest Proof
Finance audit-log export
Controlled enablement path. Safe actions can proceed with boundaries.
Authority Posture
Advisory != Authorized
Models can suggest actions. Ophaelis decides what may execute.
Mock values only. Real values will come from protected admin endpoints after auth is designed.
Flagship Guided Flow
This is the primary Ophaelis demo path for privileged account recovery and access governance.
1. Dangerous Request
AI or automation attempts to reset a CFO account and disable MFA.
2. Ambiguous Urgent Request
A rushed recovery request arrives before payroll closes, but identity and authority are unclear.
3. Controlled Recovery
Verified recovery support is allowed within approved boundaries.
4. Decision Receipt
Every authorization decision produces an auditable receipt showing what was requested, why it was allowed or denied, and what execution scope was approved.
The goal is not to stop all actions. The goal is to prevent unsafe execution while still allowing legitimate work to happen safely.
Decision Anatomy
Step 1: Request
System or AI proposes an action
Step 2: Interpretation
Intent and context are evaluated
Step 3: Policy Check
Policies determine what is allowed
Step 4: Capability Check
Requested actions must exist in the capability ledger
Step 5: Decision
Ophaelis returns allow, deny, or escalate
Step 6: Execution
Action only runs if explicitly authorized
FLAGSHIP
Example: CFO Account MFA Bypass Attempt
Request
Reset the CFO’s account and disable MFA
Interpretation
High-risk access change involving executive and finance identity
Policy
Privileged access and MFA removal require strict controls
Capability
reset_account and disable_mfa are known but restricted
Decision
Denied
Execution
Account reset and MFA bypass are blocked before execution
Ophaelis prevents AI or automation from changing sensitive account access without authorization.
CONTROLLED ENABLEMENT
Example: Verified CFO Recovery Support
Request
Create an IT ticket and send approved MFA recovery steps
Interpretation
Bounded support action using verified identity and approved recovery process
Policy
Safe recovery guidance may proceed without direct access changes
Capability
create_ticket and send_recovery_instructions are allowed with boundaries
Decision
Allowed with boundary
Execution
Only the approved support steps proceed
Ophaelis allows legitimate recovery support while preventing unsafe direct access changes.
Audit-log governance remains a secondary technical proof. Account access is the primary flagship demo because it is easier to understand across industries.
Ophaelis sits between decision and execution. Nothing runs unless it is authorized.
Ophaelis prevents destructive actions even when requested by an AI or system.
Ophaelis allows safe actions, but only within explicitly approved boundaries.
Reality Check
Real Now
- Deployed Worker gateway
- Protected decision endpoint
- Capability ledger
- Live Proof scenarios
- Audit persistence
- Smoke test validation
- Read-only admin endpoints pass terminal smoke test
Mock in This Console
- Top summary cards
- Decision Anatomy examples
- Command Preview
- Latest proof display
- System status display
Next to Wire
- Protected latest proof UI
- Protected capability coverage UI
- Protected status snapshot UI
- Protected recent decisions UI
- Protected operator events UI
Backend readiness does not mean browser wiring is enabled. The console stays mock-only until an auth boundary exists.
The engine exists. This console is becoming the safe operator surface around it.
Next Wiring Order Explained
1. Latest Proof Summary
Meaning: Shows the most recent Live Proof run and whether Ophaelis blocked, allowed, or constrained execution.
Why it matters: This tells the founder whether the authority engine is still proving the right behavior.
2. Capability Coverage
Meaning: Checks whether every scenario uses capabilities that exist in the ledger.
Why it matters: This prevents fake or ungoverned actions from sneaking into demos.
3. Status Snapshot
Meaning: Shows operational state, including whether execution halt is active.
Why it matters: This tells the operator whether Ophaelis is open for decision evaluation or intentionally halted.
4. Recent Decisions
Meaning: Shows real decision receipts produced by Ophaelis.
Why it matters: This proves the system is producing auditable outcomes.
5. Operator Events
Meaning: Shows admin/operator actions such as halt changes or fail-closed triggers.
Why it matters: This creates accountability around changes to the authority layer.
These should be wired as read-only data first. Commands come later, after admin auth and server-side protection.
Live Wiring Readiness
Required
Admin auth boundary selected
Choose Cloudflare Access or a server-side protected proxy before loading real admin data.
Required
No browser secrets
Admin and founder keys must never appear in frontend code, browser storage, or network-visible client config.
Required
Read-only endpoints first
Latest proof, capability coverage, status snapshot, recent decisions, and operator events should be wired before commands.
Required
Commands stay disabled
Run scenario, founder refresh, execution halt, and provider recommendation actions stay disabled until stronger auth and logging exist.
Required
Reality Check updated
When a mock item becomes real, move it into REAL NOW and remove it from MOCK IN THIS CONSOLE / NEXT TO WIRE.
Do not switch the console data source away from mock until every readiness item is satisfied.
Customer Integration Flow
This is how a customer system would use Ophaelis before any high-risk action executes.
Phase 1 Product Model
Customers keep their credentials, infrastructure, and execution systems. Ophaelis owns the authorization decision before sensitive actions run.
Customer owns execution
Ophaelis owns authorization
Receipt proves the decision
This keeps Ophaelis privacy-aligned while still enforcing the execution boundary.
Phase 1 is the product
The first sellable version of Ophaelis does not need to hold customer credentials or execute inside customer systems. The customer keeps execution. Ophaelis supplies the authorization decision and receipt.
Smaller surface area
Stronger privacy posture
Faster path to adoption
Simple integration does not mean simple product. The value is trust at the execution boundary.
1. Customer System
A product, workflow, or AI agent is about to perform a sensitive action.
2. Proposed Action
The system sends Ophaelis the intent, context, environment, and requested capabilities.
3. Ophaelis Authority Check
Ophaelis evaluates policy, intent, capability, risk, and execution boundaries.
4. Decision Receipt
Ophaelis returns an auditable decision: allow, deny, withhold, or allow with boundary.
5. Execution Gate
The customer system executes only if Ophaelis explicitly authorizes it.
The customer owns execution. Ophaelis owns authorization.
Example: before deleting logs, moving funds, changing access, or exporting sensitive data, the customer system calls Ophaelis.
Founder Console
Internal operator surface for Ophaelis.
Internal surface. Do not expose admin controls publicly. Admin endpoints remain server/API protected.
This is the Founder / Operator Control Room surface. It is currently mock-only until admin auth is designed.
System
—
Last Decision
—
—
—
—
—
Provider Status
OpenAI
—
—
Anthropic
—
—
Recent Activity
—
No decisions yet.
System Status
Not Wired
Tells the operator whether Ophaelis is allowed to evaluate decisions or whether execution is halted.
- Execution halt state will come from
/api/admin/status-snapshot. - Recent operator events will come from
/api/admin/events/recent. - Capability coverage will come from
/api/admin/live-proof/capability-coverage.
Live Proof
Not Wired
Shows the most recent proof scenario used to verify the authority engine.
Latest scenario, run source, verdict, and explanation will come from /api/admin/live-proof/latest-summary.
Decision Feeds
Not Wired
Shows recent governed decisions and why execution was allowed, constrained, withheld, or denied.
- Recent decisions
- Cybersecurity decisions
- Denied decisions
- Human authority decisions
- Missing context decisions
- Allowed with boundary decisions
Recent decisions and outcome-specific feeds will come from existing admin decision summary endpoints.
Provider / Index
Planned
Shows advisory model evidence later. Index can inform Ophaelis, but Ophaelis authorizes changes.
- Current live advisory providers: OpenAI + Anthropic
- Index role: evidence layer
- Ophaelis role: authority layer
Provider evidence remains advisory. Index informs; Ophaelis authorizes.
Index informs. Ophaelis authorizes.
Command Preview
Commands are intentionally disabled in this public/mock surface. Real commands require admin auth and server-side protection.
Next Wiring Order
Planned
-
Status snapshot
Source:/api/admin/status-snapshot
Purpose: execution halt state + recent operator signal -
Capability coverage
Source:/api/admin/live-proof/capability-coverage
Purpose: pre-demo scenario safety check -
Latest live proof summary
Source:/api/admin/live-proof/latest-summary
Purpose: operator-friendly view of latest proof state -
Recent operator events
Source:/api/admin/events/recent
Purpose: control-plane activity timeline -
Decision feeds
Sources:
-/api/admin/decisions/recent-summary
-/api/admin/decisions/recent-cyber-summary
-/api/admin/decisions/recent-by-domain
-/api/admin/decisions/recent-by-class
Purpose: inspect decisions by outcome/domain/class -
Provider / Index recommendations
Future source: Index/Ophaelis recommendation pipeline
Purpose: Index informs; Ophaelis authorizes
Admin wiring should not happen in the public browser until authentication and access boundaries are intentionally designed. This panel documents order, not active data access.
Detailed Logs
| created_at | tenant_id | domain | intent_id | verdict | authority_level | risk_level | confidence_level | reversibility_level | requires_human_confirmation | policy_pack_hash | intent_pack_hash | proposals_status | proposal_strategy_used | openai_ok | anthropic_ok |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| No decisions yet. | |||||||||||||||
Recent Decision / Audit Rows
| created_at | tenant_id | domain | intent_id | verdict | authority_level | risk_level | confidence_level | reversibility_level | requires_human_confirmation | policy_pack_hash | intent_pack_hash | proposals_status | proposal_strategy_used | openai_ok | anthropic_ok |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| No decisions yet. | |||||||||||||||
What This Console Is For
Internal founder/operator visibility into Ophaelis governance truth: provider health, recent governance decisions, and Decision Lab workflows.
What Each Tab Means
- Overview: fast operational pulse and latest decision snapshots.
- Decisions: fuller audit rows with lightweight filtering.
- Decision Lab: evaluator/testing flow; not source of production truth.
- Read Me: internal runbook and reminders.
Healthy vs Degraded
- Healthy: providers responding, low recent failures, decisions flowing.
- Degraded: repeated provider errors, stale timestamps, or failing refresh.
Deploy / Build Commands
Build / Deploy
npm install npm run build npm run deploy
Refresh / Cache-Bust Troubleshooting
Troubleshooting
1) Click Refresh in Overview. 2) Hard refresh browser (Ctrl+Shift+R). 3) Verify /api routes are returning JSON. 4) Re-run build and redeploy if UI is stale.
Ophaelis Today: Is / Is Not
- Is: deterministic governance authority with auditable policy enforcement.
- Is Not: autonomous destructive executor; delete/prune controls are not active.