1. Investigate
  2. Integrations
  3. Reports
  4. Logs
  5. Settings
Report

Ops Console readiness report.

A readiness artifact for review. Fixes require approval and human review remains required for final use.

Back to reports

ValidantLab readiness artifact

Executive summary

Ops Console begins at 71/100 readiness. The critical finding: Vercel preview URLs render authenticated ops dashboards without the production identity guard. Internal dashboards include patient account lookups and audit log views. A preview link holder can read patient context outside single sign-on, which is an unauthorised disclosure risk for personal data under GDPR. Evidence support improves after approval of the recommended fix, while human review remains required for final use.

Scope

validant-labs/ops-console on preview. Repository signals, Next.js + Vercel posture, deployment context, identity claims, and generated remediation evidence for the flagged flow.

Critical finding

Preview deployments expose internal dashboards. Preview URLs render internal dashboards using a shared bypass token, so anyone with a preview link can view operational data outside single sign-on.

Remediation

Enforce SSO on preview deployments or gate them behind the VPN, and remove the shared bypass token. Human review required. Fixes require approval before evidence is marked generated.

Current state

Missing or partial

Evidence table

ArtifactStatusReviewer note
No access log for preview deployment URLs.Missing or partialDerived from approved demo flow state.
Environment variable scope is not documented per environment.Missing or partialDerived from approved demo flow state.
Risk register omits preview exposure impact.Human review requiredReviewer must confirm final control language.

Residual risk

After SSO is enforced on every environment, residual risk is Low. Preview access predating the fix is not fully logged, so prior exposure cannot be ruled out without an access review. Human review required.

Reviewer sign-off

Accountable reviewer

Maya Chen

Role

Security Program Lead

Decision

Pending review

Sign-off records the accountable reviewer for this readiness artifact. Fixes require approval, and final readiness decisions still require human review.

This artifact can support readiness review, but control ownership, implementation safety, and final wording still require accountable human review.

This is a demo readiness artifact, not a compliance certification or legal opinion.