# Provider Control Tower Polish Release Note

Date: 2026-05-06  
Branch: `wave1/provider-control-tower-polish`

## Summary

This polish slice makes the Provider Control Tower safer and clearer for CEO demos. It keeps the feature scoped to provider/category readiness control and does not introduce unrelated marketplace flows.

## What Improved

- Shared provider integration safety rules now live in `@navi/validators`.
- Provider integration DTOs include safety warnings for dashboard display.
- API create/update paths enforce safety blockers before writing records.
- Dashboard provider integration cards show detail view, vault reference names, URLs, created/updated metadata, health, readiness, and safety labels.
- Category modes include operator help text for each mode.
- Payment provider, third-party API, provider health, and audit history pages now explain current readiness and limitations more clearly.
- Provider-control docs and QA checklist now describe safety rules and mock health limitations.

## What Is Real

- Category modes are database-backed.
- Provider integrations are database-backed.
- RBAC is enforced by API decorators and route permission checks.
- Zod validation rejects raw secret-like values and unsafe readiness combinations.
- Audit logs are written by API service methods for category mode changes, provider integration create/update/disable, and mock health checks.
- Dashboard pages fetch from the API using the authenticated dashboard session.

## What Is Still Placeholder

- Provider health checks are safe mock configuration checks; they do not call real third-party APIs yet.
- Vault references are stored, but runtime vault secret resolution is not part of this slice.
- Payment provider settings show readiness configuration only; no live payment provider setup is performed here.

## Safety Rules Added

- Production provider enablement requires a vault secret reference name.
- Demo providers cannot be live-ready.
- Demo providers cannot enable payment, refund, or commission.
- Refund and commission require payment to be enabled.
- Payment-enabled providers require vault references and matching sandbox/live readiness.
- Production live readiness is blocked when health is degraded, down, or disabled.

## Rollback Plan

Revert this branch. The rollback removes safety-warning DTO additions, API safety enforcement, dashboard polish, shared provider-control API-client endpoints, and documentation updates. Existing provider integration records remain compatible because no database schema change is included.

## Next Recommended Branch

`wave1/provider-adapter-health-checks`

Build provider-specific sandbox health adapters behind the current safe abstraction after provider contracts, vault access, and sandbox credentials are approved.