Controlled context
MapleAegis owns the complete fixture. It uses synthetic identities, no real credentials, no customer data and no public vulnerable target.
This sample covers a MapleAegis-owned, non-deployed Next.js and Supabase-style fixture using synthetic data. It demonstrates a fixed review method, sanitized remediation changes and offline regression records.
Request an authorized reviewMapleAegis owns the complete fixture. It uses synthetic identities, no real credentials, no customer data and no public vulnerable target.
Six lab alerts were triaged: four became evidence-backed findings and two were rejected because they did not establish a weakness.
A local patch replaces caller-controlled roles, adds resource membership, limits requests, minimizes logs and adds baseline response controls.
Four offline assertions passed. Runtime production, provider, browser and compliance conclusions were not tested or claimed.