Wave A read-only evidence

Operator evidence overview

Fixture-backed read models show what the future console may inspect without claiming live backend authority or protected action execution.

Read-only route
Fixture-backed

Safe contract preview

This route renders support-safe labels, IDs, timestamps, request/correlation identifiers, and summaries. It does not fetch live data, collect credentials, show secrets, or execute operations.

Current posture

What this route proves

  • Fixture-backed

    Evidence source

    Local records mirror backend-safe read-model fields only.

  • Read-only

    Backend authority

    No auth, RBAC, approval, execution, shell, or live adapter is claimed.

  • Unavailable

    Protected actions

    Deploy, rollback, restore, restart, route, backup, and maintenance operations are blocked.

  • Safe summaries

    No-leak posture

    The overview renders labels, IDs, timestamps, and summaries instead of raw internals.

Contract-safe records

Read-model evidence

Services

svc-derbent-api

Derbent app API

Environment
operator
Lifecycle
runtime foundation
State
available
Source
static fixture

Read-only status and inventory contracts are represented through support-safe labels.

svc-control-plane

Control-plane evidence

Environment
operator
Lifecycle
Wave A read model
State
degraded
Source
static fixture

Fixture-backed evidence is available; live adapters and protected execution remain absent.

Routes

route-status-readiness

Status and readiness routes

Service ID
svc-derbent-api
Exposure
operator API
Route state
available
Certificate
unavailable
Source
static fixture

Health/readiness posture uses bounded labels and does not expose backend origins.

route-evidence-inventory

Read-model inventory routes

Service ID
svc-control-plane
Exposure
operator API
Route state
available
Certificate
planned
Source
static fixture

Service, route, deployment, backup, and audit evidence routes are read-only.

Deployments

dep-read-model-foundation

Read-model foundation

Service ID
svc-derbent-api
Environment
operator
State
available
Outcome
succeeded
Rollback
blocked
Failure class
external checks absent
Checked
2026-06-04T12:00:00Z
Source
static fixture

Read-only contract evidence exists; rollback execution is not available from this surface.

Backups

backup-evidence-fixture

Backup evidence placeholder

Service ID
svc-derbent-api
Environment
operator
State
stale
Restore proof
planned
Retention
planned
Checked
2026-06-04T12:00:00Z
Source
static fixture

Restore proof and retention posture are labelled as planned, not live backup proof.

Audit

audit-read-model-fixture

Read-model verification event

Actor
operator verified
Intent
read model verification
Permission
read only
Action state
observed
Outcome
succeeded
Correlation ID
corr-derbent-overview-fixture
Request ID
req-derbent-overview-fixture
Checked
2026-06-04T12:00:00Z
Source
static fixture

Synthetic fixture event proves display shape only; audit persistence remains backend-owned.

Required states

Visible state coverage

  • Loading

    Future read clients should preserve layout with skeleton or progress text while evidence resolves.

  • Empty

    No records yet is distinct from unavailable authority or failed loading.

  • Partial data

    Missing read-model families are labelled so operators do not infer complete evidence.

  • Stale

    Checked timestamps remain visible when fixture or backend evidence may be old.

  • Auth required

    Production sign-in is required before this can become an operator console.

  • Permission denied

    Denied states show safe recovery language without token contents or claims payloads.

  • Recoverable error

    Safe retry copy can use a request ID, but not stack traces or raw backend payloads.

  • Unrecoverable error

    Escalation copy should use support-safe identifiers and state that no action changed.

  • Unavailable authority

    Protected operations stay explanatory and non-interactive until backend contracts exist.

Honest authority

Protected actions are not executable

  • DeployUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

  • RollbackUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

  • RestoreUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

  • RestartUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

  • Route changeUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

  • BackupUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

  • MaintenanceUnavailable authority

    Requires backend preflight, permission, approval, execution result, failure handling, and audit contracts.

Fixture-backed fields map to documented backend read models: service, route, deployment, backup, and audit summaries.

Synthetic overview copy is limited to safe labels and display posture; it is not live operational proof.

No backend route, payload, auth/session, permission, protected-action, or OpenAPI contract is changed here.