{"service":"platphorm-onboard","domain":"onboard.platphormnews.com","authPolicy":{"enforcementRequired":false,"platformKeyConfigured":true,"acceptedHeaders":["Authorization: Bearer $PLATPHORM_API_KEY","X-PlatPhorm-API-Key: $PLATPHORM_API_KEY"],"publicSafeByDefault":true},"publicSafeAccessDefault":true,"publicReadOnlyAccess":["homepage","localized onboarding pages","application form","local drafts","URL preview","subdomain check","status lookup","network exploration","FAQ","health summaries","discovery files","MCP introspection"],"futureProtectedActions":["application review","approval","registry mutation","sync","test triggering","report generation","admin dashboards","subdomain provisioning"],"localDraftPersistence":"Non-sensitive drafts are stored in browser IndexedDB when backend persistence is unavailable. API keys and secrets are not stored in browser draft state.","trustedDomainPolicy":"The default trusted scope is *.platphormnews.com. Discovery uses the root graph and base sitemap index. Localhost, private IPs, link-local, and metadata services are blocked for preview and discovery operations.","routeStandard":"Phase 1 PlatPhorm route standard","vercelMetadataPolicy":"Safe Vercel headers may be captured. Authorization, X-PlatPhorm-API-Key, cookies, session tokens, and raw IPs are not stored publicly.","tracePropagationPolicy":"Onboarding operations accept traceparent/tracestate and propagate safe X-PlatPhorm trace headers to trusted outbound PlatPhorm calls.","backendModelScaffoldingPolicy":"Server-only provider-neutral model scaffolding exists for public-safe summaries and future protected reviewer assistance. If no provider is configured, deterministic degraded output is returned.","dataExposurePolicy":"Public views never expose private applications, review notes, secrets, or applicant contact details beyond the applicant workflow.","requiredLine":"Public-safe onboarding, public creator application discovery, browser-based application drafting, local non-sensitive draft persistence, URL preview, subdomain checking, read-only MCP introspection, RSS/feed consumption, trusted-domain discovery, standard route compliance, Vercel metadata capture, backend model scaffolding, and trace-linked Onboard operations are intentionally supported for public use. PLATPHORM_API_KEY support is scaffolded for future protected backend services, review, approval, provisioning, sync, test-triggering, reporting, administrative actions, and sensitive operations.","securityContact":"security@platphormnews.com"}