Settings Faz E3
Configure your API endpoint and access key. The key is stored only in this browser's localStorage.
API Endpoint
Health Probe
—
Two-factor authentication (TOTP)
Optional but strongly recommended. Compatible with Google Authenticator, 1Password, Authy, Aegis, and any RFC 6238 client.
1. Scan this QR or paste the secret into your authenticator:
2. Type the 6-digit code your app shows:
Save these recovery codes. Each works once if you lose access to your authenticator. They are NOT shown again.
Type your current 6-digit code to confirm disabling 2FA:
Assets & DCV
Register a domain, place the verification record, then run the gate. Without DCV no scan can start.
Register a domain
Your assets
Rules of Engagement
Upload the signed PDF authorising AssurePort to test a target. Validation runs through Claude Haiku 4.5 — score ≥ 0.85 required.
Upload RoE PDF
Active RoE documents
Scans
Dispatch scans against assets that have a valid DCV + active RoE.
Dispatch a scan
Recent scans
Findings
All vulnerabilities discovered across your scans. Filter by severity. Click a row to drill into the markdown report.
Pick a scan
Summary
Findings list
Members & Invitations
Invite teammates, manage roles. Owners and admins can invite. Owner role is protected (last-owner cannot be demoted or removed).
Invite a teammate
Active members
Pending invitations
API Keys
D1 only stores SHA-256 hashes. New keys are shown ONCE — save them in your password manager.
Issue a new key
Active keys
Account
Token balance & top-up. 1 credit = $0.01 USD of Anthropic API spend.
Balance
Top up (dev)
Polar.sh checkout coming soon — for now, balance is provisioned via webhook from a successful purchase. Use the dev top-up below for testing.
Billing
Subscription, transaction history, and per-day usage. The credit ledger is append-only and cryptographically immutable (SQLite trigger blocks UPDATE/DELETE).
Current subscription
Usage — last 30 days
Transaction history
Activity Log
Every meaningful mutation in your tenant — auth events, member changes, scans, charges, webhooks. Append-only, exportable. Use this for KVKK Article 32 evidence.