Technical evaluator previewPreview data
API surface, security controls, integration dependencies, and the evaluation checklist — drawn from the same code-backed catalogs the live panels use. Private traces and saved notes are not fabricated; they appear below only when the evaluator has real workspace data.
API endpoints
77
documented + auditable
Security controls
6/ 9 enforced
2 documented · 1 scope note
Integrations
6
2 hard deps, 4 soft
Eval criteria
8
weighted, category-grouped
API surface — sample of 6 routespreview
Service health, version, revision, environment, payment readiness, and support-contact configuration.
Signed-in account billing portal entrypoint and readiness check.
Signed-in account subscription state for account settings and billing views.
Owner-only funnel diagnostics guarded by signed-in admin email allowlist.
Owner-only revenue and webhook health rollups for operations review.
Owner-only operational status surface for internal checks.
71 more routes in the API Surface panel. The full catalog is derived from shipped BSS route files.
Security posturefactual
- enforced
Supabase RLS for tenant data
All write paths go through createSupabaseServerClient with the authed user JWT; service_role is server-only and never bundled.
- enforced
Cookie-based session, httpOnly
Supabase sets httpOnly + SameSite cookies; useAuth/useSubscription read from session, not localStorage.
- enforced
Rate limiting on public endpoints
Durable token-bucket rate limiting wraps public tool surfaces and returns standard 429 headers.
- enforced
Stripe webhook signature verification
Webhook handler validates Stripe signatures before processing; readiness is included in live build health.
- enforced
Secret material never logged or echoed
Live health redacts sentinel config values; API keys are shown once at creation and not returned again.
- enforced
Persona-OS workspace surfaces unlisted from sitemap
Persona workspaces are unlisted from the sitemap and marked noindex — they're workspaces, not marketing pages.
3 more controls in the live Security Posture panel.
Integration dependenciesall 6
Supabase
hard depAuth (email+password / OAuth), Postgres, RLS, storage.
failure: Hard dep — outage = no auth, no DB reads/writes. Fail-closed at request boundary.
Stripe
soft depSubscription billing, checkout, webhook-driven entitlement sync.
failure: Soft dep — workspace remains readable; new subscriptions block until Stripe restored. Existing entitlements unaffected.
Resend / SES (provider-flagged)
soft depTransactional + notification email.
failure: Soft dep — UI flows succeed; email retry queue picks up later and readiness appears in build health.
Vercel platform
hard depEdge runtime, deploy infra, env var management.
failure: Hard dep — platform outage = full app down. Mitigated by Vercel SLA + DNS-level fallback.
OpenAI / Anthropic (provider-agnostic)
soft depLLM completions for content-factory + AI-assisted tool runs (where enabled).
failure: Soft dep — non-AI tools fully functional; AI tools fail-closed with provider error.
Cloudflare (CDN + DNS)
soft depAsset CDN + DNS + DDoS shield.
failure: Soft dep — origin serves on Cloudflare bypass. Static assets degrade gracefully.
Evaluation checklist — sample criteriapreview
Tenant isolation enforced server-side (RLS, not UI-only)
Foundational; UI-only isolation is a P0 finding in any audit.
Secret material never returned to client or logged
API key disclosure is a P0; one-time-show pattern is the bar.
Deterministic health endpoint with version + revision
Required for safe rollouts and incident triage.
Public endpoints rate-limited with standard 429 headers
Protects vendor from abuse + protects your bill.
4 more criteria in the live Evaluation Checklist panel. Sign in to save the verdict across devices; anonymous changes use the local fallback.
Security posture entries are factual and verifiable in the codebase — not marketing claims. Live panels below render build identity, saved notes, and your own traces when real data exists.
Loading evaluator evidence...
Scanned from route handlers at request time. It lists methods and source-level access signals; it does not infer schemas, latency, or SLA.
Showing 77 of 77 curated endpoint explanations.
| Method | Path | Auth | Description |
|---|---|---|---|
GET | Live build identity /api/health | Public | Service health, version, revision, environment, payment readiness, and support-contact configuration. |
POSTGET | Account billing portal /api/account/billing-portal | Signed-in | Signed-in account billing portal entrypoint and readiness check. |
GET | Account subscription /api/account/subscription | Signed-in | Signed-in account subscription state for account settings and billing views. |
GET | Admin funnel report /api/admin/funnel-report | Owner-only | Owner-only funnel diagnostics guarded by signed-in admin email allowlist. |
GET | Admin revenue metrics /api/admin/revenue-metrics | Owner-only | Owner-only revenue and webhook health rollups for operations review. |
GET | Admin status /api/admin/status | Owner-only | Owner-only operational status surface for internal checks. |
POST | AI result enhancement /api/ai/enhance | Mixed | Signed-in or API-key enhancement path; tier gated and quota/rate limited. |
POST | Claim guest tool result /api/auth/claim-guest-tool-result | Signed-in | Claims a guest-generated tool result into a signed-in workspace. |
GETPOST | Capability explorer /api/capability | Public | Deterministic explorer metadata and rate-limited capability matching. |
GETPOST | Capability explorer alias /api/capability/explorer | Public | Compatibility route that delegates to the capability explorer contract. |
POST | Checkout creation /api/checkout | Mixed | Rate-limited checkout session creation for signed-in or guest checkout flows. |
POST | Content Factory generation /api/content-factory/generate | Signed-in | Signed-in content generation endpoint with quota and provider fallback behavior. |
GET | Content provider status /api/content-factory/providers | Public | Provider availability metadata for Content Factory UI. |
GET | Conversion nudge cron /api/cron/conversion-nudge | System | Scheduled conversion-nudge job endpoint; intended for platform cron execution. |
GET | Stripe provisioning cron /api/cron/reconcile-stripe-provisioning | System | Scheduled reconciliation job for Stripe provisioning state. |
GET | Trial nurture cron /api/cron/trial-nurture | System | Scheduled trial nurture job endpoint; intended for platform cron execution. |
GETPOSTDELETE | Explorer sessions /api/dashboard/sessions | Signed-in | Signed-in Explorer session list, save, and cleanup operations. |
DELETE | Explorer session delete /api/dashboard/sessions/[id] | Signed-in | Signed-in deletion for one saved Explorer session. |
GETPOST | Subscription management /api/subscriptions/manage | Signed-in | Signed-in user subscription read/update: status, tier, period end, payment-backed flag, and trial classification. |
POST | No-card trial start /api/subscriptions/start-trial | Signed-in | Internal no-card trial start — fail-closed; respects single-trial-per-user contract. |
GET | Tool catalog /api/tools | Public | Public tool registry with category and featured filters. Rate-limited. |
GET | Tool detail /api/tools/[id] | Public | Tool detail by id — schema-first, validated inputs, deterministic outputs. |
POST | Tool execution /api/tools/[id]/execute | Mixed | Executes one registry tool with validated inputs; supports session/API-key identity, quotas, and 429 responses. |
POST | Tool result export /api/tools/[id]/export | Mixed | Exports a tool result artifact after validating the requested tool and payload. |
GET | Tool quota check /api/tools/[id]/quota | Mixed | Returns the current user or visitor quota state for a tool before execution. |
GET | Shared tool result read /api/tools/share/[token] | Public | Reads a public share token for a tool result without exposing private workspace state. |
POST | Shared tool result create /api/tools/share | Signed-in | Creates a share token for a signed-in user-owned tool result. |
GET | Workspace usage /api/dashboard/usage | Signed-in | Per-user usage analytics: 14-day daily series + totals + top tools. |
GET | Saved tool sessions /api/dashboard/tool-sessions | Signed-in | Authed user saved tool sessions — supports trace replay use cases. |
GETPATCHDELETE | Saved tool session detail /api/dashboard/tool-sessions/[id] | Signed-in | Signed-in read, patch, or delete for one saved tool execution trace. |
GETPOST | API key management /api/dashboard/api-keys | Signed-in | Signed-in API key list/create endpoint; plaintext key material is not echoed after creation. |
DELETE | API key revoke /api/dashboard/api-keys/[id] | Signed-in | Signed-in API key revocation for one user-owned key. |
GETPOST | Email unsubscribe /api/email/unsubscribe | Public | Public unsubscribe landing/action endpoint for email preferences. |
GET | Explorer quota /api/explorer/quota | Mixed | Quota state for Explorer usage, based on current visitor or signed-in tier. |
GETPUT | Founder workspace preferences /api/founder-os/preferences | Signed-in | Signed-in founder workspace preference read/update path. |
GETPOST | App prototype generator /api/generator | Signed-in | Template list and signed-in Pro-gated app prototype generation. |
GETPOST | Business system blueprint /api/generator/blueprint | Mixed | Blueprint metadata and Pro-gated generation via session or API key. |
POST | QuickBooks import preview /api/integrations/quickbooks/import-preview | Signed-in | Signed-in QuickBooks import preview path for connected accounting data. |
GET | QuickBooks OAuth callback /api/integrations/quickbooks/oauth/callback | Mixed | OAuth callback endpoint for QuickBooks connection completion. |
GET | QuickBooks OAuth start /api/integrations/quickbooks/oauth/start | Signed-in | Signed-in OAuth start endpoint for a QuickBooks connection. |
GET | QuickBooks connection status /api/integrations/quickbooks/status | Signed-in | Signed-in connection status check for QuickBooks integration. |
POST | Lead capture /api/lead | Public | Rate-limited lead capture endpoint with validation and delivery fallback. |
POST | Newsletter signup /api/newsletter | Public | Rate-limited newsletter signup endpoint with email validation. |
GETPOST | Onboarding state /api/onboarding | Mixed | Onboarding read/write route for user setup flows. |
GET | Ops automation readiness /api/ops/automation-readiness | Owner-only | Internal operations readiness check for automation surfaces. |
GET | Ops checkout recovery /api/ops/checkout-recovery | Owner-only | Internal checkout recovery status for owner/operator review. |
GET | Ops commercial truth /api/ops/commercial-truth | Owner-only | Internal commercial truth reconciliation endpoint for owner/operator review. |
GET | Ops distribution readiness /api/ops/distribution-readiness | Owner-only | Internal distribution readiness status for owner/operator review. |
GET | Ops first-dollar action ladder /api/ops/first-dollar-action-ladder | Owner-only | Internal first-dollar action ladder endpoint for operations review. |
GET | Ops first-dollar readiness /api/ops/first-dollar-readiness | Owner-only | Internal first-dollar readiness check for owner/operator review. |
GET | Ops first-dollar tracking /api/ops/first-dollar-tracking | Owner-only | Internal first-dollar tracking endpoint for owner/operator review. |
GET | Ops first-value paths /api/ops/first-value-paths | Owner-only | Internal first-value path diagnostics for owner/operator review. |
POST | Persona workspace share create /api/persona-os/[persona]/share | Signed-in | Creates a share token for a signed-in persona workspace artifact. |
GETPUT | Persona workspace storage /api/persona-os/[persona]/workspace | Signed-in | Tenant-scoped JSON workspace read/update for persona OS panels. |
GET | Persona workspace share read /api/persona-os/share/[token] | Public | Reads a public persona workspace share token without requiring a session. |
GET | Pricing metadata /api/pricing | Public | Public pricing metadata used by pricing and checkout surfaces. |
POST | Stripe checkout alias /api/stripe/checkout | Mixed | Stripe checkout creation path used by payment flows. |
GET | Stripe publishable config /api/stripe/config | Public | Public Stripe client configuration needed by checkout UI. |
POST | Stripe customer portal /api/stripe/portal | Signed-in | Signed-in customer portal session creation. |
GET | Stripe price metadata /api/stripe/prices | Public | Public price metadata read from configured Stripe price IDs. |
GET | Stripe checkout session read /api/stripe/session/[sessionId] | Mixed | Checkout session status lookup for post-checkout flows. |
GET | Stripe webhook runtime probe /api/stripe/webhook-runtime-probe | Owner-only | Owner/operator probe for webhook runtime readiness. |
POST | Stripe webhook receiver /api/stripe/webhook | Signed webhook | Stripe-signed webhook receiver; rejects unsigned or invalid-signature events. |
POST | Support request /api/support | Mixed | Support-ticket intake for signed-in or contactable users with validation. |
GETPOST | Generated systems collection /api/systems | Signed-in | Signed-in system workspace list/create route. |
GETPATCHDELETE | Generated system detail /api/systems/[id] | Signed-in | Signed-in system workspace read/update/delete route. |
GETPOST | System modules /api/systems/[id]/modules | Signed-in | Signed-in module list/create for a generated system. |
PATCHDELETE | System module detail /api/systems/[id]/modules/[moduleId] | Signed-in | Signed-in module update/delete for a generated system. |
GETPOST | System runbooks /api/systems/[id]/runbooks | Signed-in | Signed-in runbook list/create for a generated system. |
PATCHDELETE | System runbook detail /api/systems/[id]/runbooks/[runbookId] | Signed-in | Signed-in runbook update/delete for a generated system. |
GETPOST | System workflows /api/systems/[id]/workflows | Signed-in | Signed-in workflow list/create for a generated system. |
PATCHDELETE | System workflow detail /api/systems/[id]/workflows/[workflowId] | Signed-in | Signed-in workflow update/delete for a generated system. |
POST | System approvals /api/systems/[id]/approvals | Signed-in | Signed-in approval creation for a generated system. |
PATCHDELETE | System approval detail /api/systems/[id]/approvals/[approvalId] | Signed-in | Signed-in approval update/delete for a generated system. |
POST | Telemetry event /api/telemetry | Public | Rate-limited client telemetry ingestion with required payload validation. |
POST | Visitor telemetry ping /api/telemetry/visitor-ping | Public | Rate-limited visitor activity ping for anonymous funnel analytics. |
POST | Workspace session attach /api/workspace/sessions | Signed-in | Signed-in workspace session attachment route for generated systems. |
Curated rows explain buyer-visible capability. The live inventory above is generated from route handlers.
Tenant isolation enforced server-side (RLS, not UI-only)
security · weight 5
Foundational; UI-only isolation is a P0 finding in any audit.
Secret material never returned to client or logged
security · weight 5
API key disclosure is a P0; one-time-show pattern is the bar.
Deterministic health endpoint with version + revision
reliability · weight 4
Required for safe rollouts and incident triage.
Public endpoints rate-limited with standard 429 headers
reliability · weight 4
Protects vendor from abuse + protects your bill.
Pricing tiers documented with per-tier limits, not "contact sales"
cost · weight 3
Self-serve evaluability — a hard requirement for pilot decisions.
Stripe (or equivalent) webhook signature verification
integration · weight 4
Webhooks without signature checks are an exploit primitive.
LLM provider abstraction (not single-vendor lock-in)
integration · weight 3
Risk mitigation — provider pricing/availability changes.
Per-persona usage docs + sample evaluations exist
support · weight 2
Faster onboarding for the evaluator and the eventual buyer.
Local only — sign in to save across devices.
- enforced
Supabase RLS for tenant data
evidence: All write paths go through createSupabaseServerClient with the authed user JWT; service_role is server-only and never bundled.
- enforced
Cookie-based session, httpOnly
evidence: Supabase sets httpOnly + SameSite cookies; useAuth/useSubscription read from session, not localStorage.
- enforced
Rate limiting on public endpoints
evidence: Durable token-bucket rate limiting wraps public tool surfaces and returns standard 429 headers.
- enforced
Stripe webhook signature verification
evidence: Webhook handler validates Stripe signatures before processing; readiness is included in live build health.
- enforced
Secret material never logged or echoed
evidence: Live health redacts sentinel config values; API keys are shown once at creation and not returned again.
- enforced
Persona-OS workspace surfaces unlisted from sitemap
evidence: Persona workspaces are unlisted from the sitemap and marked noindex — they're workspaces, not marketing pages.
- documented
CSRF: cookie SameSite=Lax + state-changing routes POST only
evidence: Supabase default SameSite cookies; tool execution routes accept POST with JSON body and validate origin via Next.js framework.
- documented
Per-user usage caps surface on dashboard
evidence: Per-user usage events are shown in the dashboard; tier gates are enforced server-side, not just UI-hidden.
- scope note
Audit trail for write actions
evidence: Usage events record product activity today. A dedicated admin-grade audit log is outside the current self-serve workspace scope.
For an external attestation, request the latest security-audit memo from the BSS owner — independent of the surface here. Notes are stored locally until sign-in.
- hard dep
Supabase
auth
Auth (email+password / OAuth), Postgres, RLS, storage.
Failure mode
Hard dep — outage = no auth, no DB reads/writes. Fail-closed at request boundary.
- soft dep
Stripe
payments
Subscription billing, checkout, webhook-driven entitlement sync.
Failure mode
Soft dep — workspace remains readable; new subscriptions block until Stripe restored. Existing entitlements unaffected.
- soft dep
Resend / SES (provider-flagged)
email
Transactional + notification email.
Failure mode
Soft dep — UI flows succeed; email retry queue picks up later and readiness appears in build health.
- hard dep
Vercel platform
observability
Edge runtime, deploy infra, env var management.
Failure mode
Hard dep — platform outage = full app down. Mitigated by Vercel SLA + DNS-level fallback.
- soft dep
OpenAI / Anthropic (provider-agnostic)
ai
LLM completions for content-factory + AI-assisted tool runs (where enabled).
Failure mode
Soft dep — non-AI tools fully functional; AI tools fail-closed with provider error.
- soft dep
Cloudflare (CDN + DNS)
storage
Asset CDN + DNS + DDoS shield.
Failure mode
Soft dep — origin serves on Cloudflare bypass. Static assets degrade gracefully.
We keep the integration surface deliberately small; fewer dependencies mean a smaller security blast radius. Notes are stored locally until sign-in.
Run a reference call — prove determinism
Executes the real roi-calculator tool (pure arithmetic, no network, no LLM) twice with fixed inputs, hashes each normalized result (SHA-256), and asserts they are byte-identical. See reproducibility instead of reading a claim.
Canned inputs
{
"currentAnnualCost": 120000,
"estimatedAnnualSavings": 48000,
"implementationCost": 25000,
"timeToImplement": 3,
"discountRate": 10
}Run the reference call to capture the verdict, both run hashes, and timing.
Prove it across the product — full reference suite
Runs a curated set of six pure-arithmetic tools (spanning financial modeling, scoring, and planning) twice each, hashes every result, and reports a per-tool and aggregate verdict. This is a reproducibility check, not a load, latency, or stress test.
Run the suite to capture per-tool verdicts, the aggregate fingerprint, and the downloadable signed report.
Loading sessions…
Tier positioning
Free: validate fit with rate-limited runs and public surfaces.
Starter: smallest paid pilot with saved sessions for one evaluator.
Pro: team evaluation with higher budgets and API-key analytics.
Linear projection only — does not assume volume discount.
free
$0/mo
$0/yr (monthly × 12, no fabricated discount)
seats: 1 evaluator
tool budget: Limited per-tool runs; rate-limited for fairness
api budget: Public endpoints only; no API keys
Pilot cost (3mo × 1 seat)
$0
Best for: validating tool quality, schema review, security posture audit. Not a long-term workspace.
starter
$29/mo
$348/yr (monthly × 12, no fabricated discount)
seats: 1 paid seat
tool budget: Generous monthly tool runs; saved tool sessions
api budget: Personal API key, standard rate limit
Pilot cost (3mo × 1 seat)
$87
Best for: a single technical evaluator running pilots; the smallest paid commitment that includes saved artifacts.
pro
$99/mo
$1188/yr (monthly × 12, no fabricated discount)
seats: Up to small team
tool budget: Highest per-month tool runs + advanced tools
api budget: Pro API tier, higher rate limit, per-key analytics
Pilot cost (3mo × 1 seat)
$297
Best for: a team scoping a department-wide rollout; full saved-session history + advanced analytics.
Honesty: published rates only. For multi-seat or annual prepay quotes, the evaluator should request a written quote from the BSS owner — those terms are not surfaced here.
- Browser (Next.js client) — React + Tailwind; hydrates SSR HTML; reads session cookie.
- Vercel edge runtime — Routes requests to nearest region; runs middleware.
- Next.js server (nodejs runtime) — App router handlers; force-dynamic where needed; SSR.
- Supabase (Postgres + Auth) — RLS-enforced data, JWT session, Storage buckets.
- Stripe — Checkout, subscriptions, webhook-driven entitlement sync.
- LLM providers — Anthropic / OpenAI; provider-agnostic content-factory.
- Rate limit store (durable) — Per-IP and per-user durable token bucket.
Edge style: solid = direct call; dashed = webhook (inbound to next-server).