{"ok":true,"meta":{"generatedAt":"2026-06-30T13:21:08.986Z"},"data":{"version":"tzv3-pwa-push-audit-policy-v1","endpoint":"/api/pwa/push/audit-policy","command":"npm run pwa-push:audit","script":"scripts/tzv3-pwa-push-audit.mjs","policyEndpoint":"/api/pwa/push/policy","optInEndpoint":"POST /api/pwa/push/subscribe","unsubscribeEndpoint":"DELETE /api/pwa/push/subscribe","requiredEnvironment":["NEXT_PUBLIC_VAPID_PUBLIC_KEY","PWA_PUSH_PROVIDER_URL","PWA_PUSH_PROVIDER_TOKEN"],"configured":false,"expectedPolicy":{"scope":"favorites-status-only","clientOptInReady":true,"serverPushEnabled":true,"providerForwardingEnabled":true,"providerMethod":"POST","eventHeader":"x-artesc-push-event","idempotencyHeader":"x-idempotency-key","signatureHeader":"x-artesc-signature","unsubscribeEndpoint":"DELETE /api/pwa/push/subscribe","localServerSubscriptionStorageAllowed":false,"blockedEvents":["marketing blasts","behavioral-factor automation","third-party retargeting"]},"noWriteChecks":["GET /api/pwa/push/audit-policy","GET /api/pwa/push/policy","Verify approved provider env is represented in policy without printing token values.","Verify opt-in remains favorites-only and explicit-consent gated.","Verify unsubscribe/delete flow is documented before sends are enabled.","Do not POST or DELETE /api/pwa/push/subscribe during audit; those endpoints can create or delete provider records."],"productionReady":false,"productionBlockers":["NEXT_PUBLIC_VAPID_PUBLIC_KEY","PWA_PUSH_PROVIDER_URL","PWA_PUSH_PROVIDER_TOKEN"],"safety":{"mode":"read-only","writes":false,"printsSecrets":false,"note":"The PWA push audit only reads policy endpoints. It never creates PushSubscription records, never forwards provider writes, and never sends notifications."}}}