Portal app boundary
Tenant-only carts, journeys, incidents and approved reports
Internal GCCAP operating surface
This page is retained behind the public client website.
GCCAP does not delete operating records, trial packs, hardware activation surfaces or evidence automation layers. They are preserved for authorised client portal, command-centre and internal operating use while the public website stays clean for airline first impressions.
Open portal accessInternal GCCAP surface
Separate client-facing portal access from GCCAP internal command control before production cutover.
P7 creates the production split between tenant-scoped client portal surfaces and internal all-client command centre operations. It blocks production cutover until route, API, deployment and access boundaries are tested.
StatusInternal / restricted surface. Not part of the public client walkthrough.
GCCAP
Sensor
Gateway
Evidence
Watchdog
Journey intelligenceRepresentative demo
PortalTenant-scoped client evidence and reports
CommandInternal all-client GCCAP operations
BoundarySeparation controls, not cutover
Operational layer
Separation controls
P7 prevents the client portal and internal command centre from sharing unsafe data boundaries.
Command app boundary
GCCAP-only all-client operations and founder briefing
Shared UI handoff
Reusable UI with different query scopes
Route separation
Public, portal and command routes stay distinct
Decision clarity
Production blockers
These remain blocked before real client cutover.
Tenant-scoped middlewareMust be enforced and tested
Command isolationInternal routes require admin and deployment controls
Public WatchdogStill governed and blocked from automatic publication
Audit separationPortal, command and Watchdog actions need retained audit trails