Stored-rescore proof
The controlled production smoke returned refresh_upserted=2, source_data_refreshed=false, provider_calls_triggered=0, and credits_charged=0. This proves stored opportunity recomputation without external source refresh.
Agent Hub evidence
Production proof for governed MCP and agent workflows.
Production verification date: May 28, 2026. AuraCite Agent Hub and MCP access are positioned as authenticated, scoped workflows. This page records secret-safe proof of read-only access, exact-confirmation write gates, OAuth lifecycle checks, idempotency replay, and spend caps.
Verified scope
What was verified in production
| Check | Result | Boundary |
|---|---|---|
| Product-browser route on desktop and mobile | Passed | Authenticated `/agent-hub` route, no runtime or layout errors in the smoke. |
| Temporary mcp:read key lifecycle | Passed | Temporary read key created, used for safe-mode scenarios, revoked, and rejected after revoke. |
| mcp:write exact-confirmation deny gate | Passed | Write tools required exact confirmation; the deny smoke performed no mutation. |
| stored_rescore confirmed write and replay | Passed | Controlled stored rescore confirmed a write and replay through idempotency. |
| MCP OAuth token lifecycle | Passed | Dynamic registration, token issue, tools/list, revoke, and revoked-token rejection were exercised. |
| mcp:spend cap gates | Passed | Missing approval, credit cap, and USD cap blocked before provider spend. |
No public unauthenticated customer data
Directory V1 is authenticated and read-only. Tenant, project, and actor context come from verified server-side credentials, not from public page parameters.
Write and spend boundaries
Write, spend, admin, billing, social, bulk, GSC, DataForSEO, and LLM-provider actions are gated outside public directory access.
Current data boundary
The current Intelligence state is a partial Intelligence state with remaining refresh candidates. Public screenshots should either refresh the data first or label it as partial/demo evidence.
What this page does not claim
It does not claim general autonomous execution, public no-key data access, customer outcomes, or guaranteed AI visibility improvement. It records the production-smoked governance boundary that makes AuraCite safer to evaluate as an agent-accessible AI visibility platform.