This button only triggers simulated setup state. It cannot run production.
Production ForbiddenProduction publishing, payment collection, customer messaging, ad spend, real credentials, and launch execution are structurally blocked.
SandboxActionGuard returns DENIED_REAL_PRODUCTION_EXECUTION_NOT_ENABLED for every intent:"production" request.
What do these terms mean?
Hide
sandbox-readySetup checks pass. BOSS would be allowed to call vendor sandbox surfaces, but only the sandbox ones.
sandboxReady becomes true once Mission C is accepted, the operational declaration is DECLARED_SANDBOX_READY, every vendor is READY_FOR_SANDBOX_DRY_RUN, every required approval is GRANTED_SIMULATED, the setup wizard is COMPLETED_SIMULATED, the dry-run console preflight passes, and the emergency stop is disengaged. Even when sandboxReady is true, every actual call still passes through the SandboxActionGuard, which will only ever issue ALLOWED_SANDBOX_DRY_RUN_ONLY.
production-forbiddenBOSS will refuse to publish live, charge real money, send real customer email, or run real ads — at every layer, every time.
The SandboxActionGuard returns DENIED_REAL_PRODUCTION_EXECUTION_NOT_ENABLED for every intent:"production" request, before any other check runs. The vendor manifest marks productionModeForbidden:true on every record. The operational declaration has no "REAL_PRODUCTION" mode in its state machine. The credential bridge rejects production-key patterns (sk_live_/pk_live_/rk_live_). Unlocking production requires an explicit doctrine update that does not currently exist.
dry-run-onlyBOSS may compose, evaluate, and plan against vendor sandbox surfaces — but the dry-run console only records the plan; it does not actually call the vendor.
When the SandboxActionGuard returns ALLOWED_SANDBOX_DRY_RUN_ONLY, it issues a one-shot dryRunPermission token for a single sandbox-surface call. The activation UI records what would be authorized (realProductionExecuted:false, sandboxSurfaceCalled:false on every plan step). A future doctrine update is required before any real sandbox call is redeemed against a vendor.
secure credential bridgeOwner-only path to submit sandbox markers. Never paste raw credentials into chat or this UI.
The bridge validates sandbox markers locally (it never calls the vendor), rejects production-key patterns and any plaintext-secret-shaped string, and stores only a redacted reference. For vendors that accept it, you can also acknowledge a "draft-only" alternative. The bridge is what advances vendor state from OWNER_SETUP_REQUIRED → SANDBOX_PLACEHOLDER_VALIDATED; the manifest then advances to READY_FOR_SANDBOX_DRY_RUN once you confirm.
simulated-only approvalsApprovals here are governance markers — they record intent without unlocking real execution.
OwnerApprovalPanel approvals reach state GRANTED_SIMULATED. They satisfy the SandboxActionGuard's approval check but they do not, by themselves, authorize anything outside the sandbox-only path. Revoking an approval immediately blocks the dependent guard decision.
emergency stopOwner-only kill switch. When engaged, every guard decision is denied immediately, regardless of other state.
EmergencyStop is checked before any other guard logic. Engaging it overrides every approval, every credential, every gate, every ticket. Disengage is owner-only via the Approval Panel surface.
Disengaged. Owner-only via the Approval Panel. Engaging it blocks every guard decision regardless of credential, gate, or ticket state.
Endpoint: POST /api/revenue/emergency-stop {action:"engage" | "disengage"}
Owner Next Action
Loading…
Approval Checklist
Loading…
Use Close all simulated setup blockers (top of page) to request + approve-simulated any missing kinds in one click. Grants are governance-only and never enable production execution.
Vendor Setup (sandbox-mode only)
Credential discipline: Use the Secure Vault Form / Sandbox Credential Bridge. Do not paste raw production credentials into chat or this UI. The bridge rejects production-key patterns (sk_live_/pk_live_/rk_live_) and plaintext-secret patterns; sandbox markers are stored only as redacted references.