{
  "admin_dsn_required": true,
  "api_access_audit_log_table": false,
  "api_key_store_ready": false,
  "api_keys_table": false,
  "available": true,
  "checks": [
    {
      "id": "api_keys_table",
      "label": "API-Key-Tabelle",
      "operator_action": "infra/postgres/migrations/api-access.sql mit kurzlebigem Admin-DSN aus sicherer Shell anwenden.",
      "purpose": "Speichert nur Prefix, Hash, Scopes, Status, Ablauf und Revocation-Metadaten.",
      "ready": false,
      "required_for_key_store": true,
      "status": "missing"
    },
    {
      "id": "api_access_audit_log_table",
      "label": "API-Access-Auditlog",
      "operator_action": "infra/postgres/migrations/api-access.sql mit kurzlebigem Admin-DSN aus sicherer Shell anwenden.",
      "purpose": "Append-only Auditlog fuer Key-Prefix, Scope, Route, Entscheidung, Status und Hash-Evidence.",
      "ready": false,
      "required_for_key_store": true,
      "status": "missing"
    },
    {
      "id": "scan_results_table",
      "label": "Scan-Results-Basistabelle",
      "operator_action": "Weiter beobachten.",
      "purpose": "Vorhandene Reportbasis fuer Public- und Operator-Read-Flows.",
      "ready": true,
      "required_for_key_store": false,
      "status": "ready"
    }
  ],
  "database_name": "saferpage",
  "database_reachable": true,
  "db_user_redacted": "63a9f0ea7bb98050796b649e85481845",
  "generated_at": "2026-06-09T20:57:59.774068Z",
  "migration_path": "infra/postgres/migrations/api-access.sql",
  "migration_required": true,
  "migration_sha256": "27d802d48887d084e9132c841b943681c70638bd432746a92cab7809be621213",
  "missing_artifact_count": 2,
  "missing_required_artifacts": [
    "api_keys_table",
    "api_access_audit_log_table"
  ],
  "operator_runbook": [
    "Kurzlebigen Admin-DSN nur in einer sicheren Shell setzen; nicht in History, Projektdateien, systemd-Units oder Public-State speichern.",
    "scripts/run-api-access-migration-preflight.sh ausfuehren und missing_required_artifacts pruefen.",
    "scripts/run-api-access-migration.sh mit Admin-DSN ausfuehren.",
    "Preflight erneut ausfuehren, danach API-Key-Pepper, Domain-Claim, Write-HMAC und Deny/Allow-Smokes aktivieren."
  ],
  "public_schema_create_privilege": false,
  "ready_artifact_count": 0,
  "required_artifact_count": 2,
  "safe_apply_command": "SAFERPAGE_MIGRATION_DATABASE_URL='postgresql://admin@localhost/saferpage' scripts/run-api-access-migration.sh",
  "safe_combined_apply_command": "SAFERPAGE_MIGRATION_DATABASE_URL='postgresql://admin@localhost/saferpage' scripts/run-storage-migrations.sh",
  "safe_next_action": "Run the migration from a secure shell with a short-lived admin DSN; do not store or publish the DSN.",
  "safe_preflight_command": "scripts/run-api-access-migration-preflight.sh",
  "scan_results_table": true,
  "schema": "https://saferpage.de/schemas/operator-api-access-migration-preflight.v1",
  "secret_policy": "No DSN, password, raw database user, host, port, key hash or API key is exported."
}