This governance baseline is designed for institutional procurement discussions: who can change what, how releases are gated, how incidents are handled, and how reliability objectives are reviewed.
| Control Domain | Implementation | Status |
|---|---|---|
| Access Governance | Bearer key boundary for `/v1/*` is enforced; unauthenticated requests are rejected. | Active |
| Release Controls | Deployment requires explicit health-gated script execution (`deploy_replaystate.sh`) with local and public checks. | Active |
| Incident Response | Operational restart + watchdog controls and runbook commands are documented for service restoration. | Active |
| SLO Governance | Availability and health probes are continuously checked; baseline cadence exists for pre-demo validation. | Active |
| Production RBAC Expansion | Scoped role model (read/simulate/admin/export), key rotation policy, and approval workflow. | Scheduled for production hardening |
./scripts/deploy_replaystate.sh --restart --tries 20 --sleep 1 systemctl status blockenv-demo.service --no-pager systemctl list-timers replaystate-watchdog.timer --all curl -sS https://replaystate.com/api/health