Mission approval issuer
OS9 can now issue signed, contract-scoped approval tokens after validating the Mission Contract, gate, capability scope, and live blocked Maestro run context.
This shell exposes approval pressure honestly. It does not fake action buttons, optimistic mutations, or hidden operator exceptions.
This shell inherits authenticated page-route posture and is not exposed as a public marketing surface.
Runner registration and connector mutation stay blocked; signed Mission approval issuing, sandbox eval summaries, cost visibility, and operator sandbox interrupts are live.
Published /api/v2/os9 fleets, runners, approvals, and mission contracts use route-level auth and explicit OpenAPI registration; broader OS9 APIs remain closed.
3 curated, 0 live.
Durable Maestro runs currently stopped on approval gates.
Waiting review instead of slipping into silent wideners.
Approved scope still stays bounded to read-only outcomes here.
Session UI and v2 API clients issue signed Mission approval evidence.
OS9 can now issue signed, contract-scoped approval tokens after validating the Mission Contract, gate, capability scope, and live blocked Maestro run context.
Keep /api/v2/os9 publication bounded to read-only fleets, runners, and mission contracts
Admit BYOC write-capable connector reach for Platform Control
Expose read-only mission mirror summaries inside the private shell