NexaBuilder Internal Control Plane
Review high-risk actions, confirm signed policy integrity, issue short-lived execution permits, and investigate tamper-evident receipts from a single operator surface.
Bound approvals tied to exact action fingerprints and current policy hashes.
Single-use execution permits with verify and consume workflows.
Break-glass hard stop and safe-mode escalation with immutable reason history.
Hash-chained receipts linked to policy, approval, and permit events.
Operator Access
MFA-backed operator access is required for review actions, policy governance, audit search, and break-glass controls. Sessions are expected to be issued by the enterprise identity provider and forwarded to the console as a signed bearer token.
Configure NEXT_PUBLIC_SSO_LOGIN_URL with an approved public staging auth-start URL. Localhost, #, and internal-only hosts are rejected.
For local validation and automated tests, seed the signed session cookie expected by the console. Staging and production should rely on the enterprise identity provider.