Incident entry / authorized

Start a real incident or rejoin one.

Use the bundled webhook race for a new controlled run, or enter credentials for an incident you are already authorized to view.

Credentials remain in this browser tab

Access tokens are kept in session storage, never local storage and never bundled into the web build.

Same-origin requests only
New controlled run

Open the bundled webhook race

Starts real isolated victim data and the five-seat analysis path. Opening does not approve a repair.

Explicitly starts the shipped webhook-race reproduction and writes only isolated victim test data. It does not approve a patch or alter a candidate worktree.

Existing authorized room

Join without opening another run

The access token opens the room. CSRF and step-up credentials unlock approval controls only.

The access token opens the room. CSRF and step-up tokens are required only for approval controls. Credentials stay in this browser tab and are never bundled into the web build.