Every connector write goes through one chokepoint. Ownership decisions are audited at the point of decision, override is privileged, and reciprocal loops break before a fight escalates.
PR 13b promotes the source-of-truth manifest from advisory to enforced: guardedWrite gates all 29 direct-write callsites + the FlowExecutor unified write path. Three live read endpoints power this dashboard — GET /api/governance/approvals?reason=ownership&status=pending, GET /api/governance/ownership-rejections, and GET /api/governance/loop-detections — each gated behind validateGuestContext + requireApproverRole. This page is live-first: it fetches all three endpoints on load (passing the embeddedContextId session when present) and falls back to representative demo data on any non-OK response (e.g. missing or expired session, insufficient role) or network failure — the badge top-right shows which mode you're in.
3
Pending Ownership Approvals
awaiting operator
5
Ownership Rejections (1h)
reject_with_alert + source_wins
2
Active Loop Hazards (1h)
reciprocal-write blocked
29 / 29
Direct-Write Callsites Gated
CI-enforced
Pending Ownership Approvals
GET /api/governance/approvals?reason=ownership&status=pending
| Time |
Tenant |
Entity |
Declared Owner |
Caller |
Resource |
Recent Ownership Rejections (last 1h)
GET /api/governance/ownership-rejections
| Time |
Entity |
Declared Owner |
Caller |
Policy |
Correlation |
Active Loop Hazards (last 1h)
GET /api/governance/loop-detections
| Time |
Entity |
Caller ↔ Target |
Breaking Condition |
Correlation |