{"copy_paste":{"ci_step":"code=$(curl -s -o /tmp/ifport_gate.json -w '%{http_code}' 'https://ifport.io/gate?policy=strict&speed=deep'); cat /tmp/ifport_gate.json; test \"$code\" = \"200\"","incident_note":"IfPort is request-source-only: this evidence describes the public IP that contacted ifport.io, not an arbitrary target. Verify /network-path when NAT, VPN, proxy, CI, cloud, or sandbox routing may affect attribution.","markdown":"# IfPort Operator Playbook\n\nRun `curl https://ifport.io` from the runtime you want to validate. If open ports appear, use `/action-plan` and `/incident-bundle`. If attribution looks private/proxy, use `/network-path` before making host-level decisions.\n\nSafety boundary: request-source IP only; no arbitrary targets, CIDR sweeps, exploitation, payload delivery, or credential attacks.\n\nSupport: https://ifport.io/donate (current gap $15/mo). Current gap is $15/month. The fastest closure is 3 x $5/month supporters.\n"},"generated_at":"2026-06-04T15:56:29.843528212Z","interpretation":[{"first_actions":["Save snapshot_id and fingerprint_sha256 as baseline evidence.","Add /gate?policy=strict to CI or release smoke tests.","Re-run after firewall, load-balancer, VPN, cloud, or deployment changes."],"meaning":"The observed public request-source IP had no visible TCP ports in the selected profile.","scenario":"no_open_ports_with_public_source"},{"first_actions":["Use /action-plan for prioritized remediation commands.","Use /incident-bundle for ticket and Slack-ready response text.","Close or allowlist remote-admin and database ports unless explicitly intended."],"meaning":"At least one inbound TCP port is visible from the outside path that reached IfPort.","scenario":"unexpected_open_ports"},{"first_actions":["Open /network-path to inspect source attribution.","Run the check from a direct public egress path when host-level truth matters.","Treat decisions as review until observed_ip_scope is public."],"meaning":"The observed source may describe a NAT, proxy, VPN, container bridge, CI runner, or sandbox path rather than the end user's machine.","scenario":"private_or_proxy_source"},{"first_actions":["Block the deployment or change until exposure is explained.","Attach /evidence or /incident-bundle output to the change or incident record.","Re-run the same gate after remediation."],"meaning":"The current open-port set does not match the selected policy or exact expected-open baseline.","scenario":"policy_gate_failed"}],"links":{"action_plan":"https://ifport.io/action-plan","automation_pack":"https://ifport.io/automation-pack","automation_pack_archive":"https://ifport.io/automation-pack.tar.gz","badge":"https://ifport.io/badge.svg","donate":"https://ifport.io/donate","evidence":"https://ifport.io/evidence","gate":"https://ifport.io/gate","impact":"https://ifport.io/impact","incident_bundle":"https://ifport.io/incident-bundle","json":"https://ifport.io/json","mission":"https://ifport.io/mission","network_path":"https://ifport.io/network-path","openapi":"https://ifport.io/openapi.json","readiness":"https://ifport.io/readiness","run_check":"https://ifport.io/","support":"https://ifport.io/support"},"live_proof":{"action_required_decisions":56,"endpoint_429_total":0,"endpoint_5xx_total":0,"last_24h":"116 scans from 81 unique source IPs, 100.0% completion, 0.0% partial","runtime_scans_observed":231,"scan_workers_ready":1,"scan_workers_registered":1},"one_request_contract":["Run the check from the exact network path you need to validate.","IfPort scans only the observed request-source IP.","The default check is a compact TCP port profile; use profile=top1000 for explicit broad verification.","The response gives result, confidence, first action, evidence, and support context.","No arbitrary targets, CIDR ranges, exploitation, banner grabbing, or credential probing."],"operator_paths":[{"command":"curl https://ifport.io","name":"manual_check","when":"Human outside-view check before or after a deploy."},{"command":"curl -fsS https://ifport.io/json","name":"machine_json","when":"Agent, script, or dashboard needs structured output."},{"command":"curl -fsS 'https://ifport.io/gate?policy=strict&speed=deep'","name":"ci_gate","when":"Release should fail when unexpected public ports appear."},{"command":"curl -fsS 'https://ifport.io/evidence?format=markdown'","name":"evidence_pack","when":"Ticket, incident, audit, or post-change record needs portable proof."},{"command":"curl -OJ https://ifport.io/automation-pack.tar.gz","name":"automation_bundle","when":"Team wants ready gate scripts, CI snippets, and incident templates."}],"purpose":"No-scan operator handbook for turning one IfPort result into a decision, runbook, evidence artifact, CI gate, and supportable public utility.","service":"ifport.io","status":"ok","support":{"coverage_ratio":0.0,"donate_links_configured":false,"donate_url":"https://ifport.io/donate","monthly_covered_usd":0,"monthly_gap_usd":15,"monthly_target_usd":15,"next_action":"Current gap is $15/month. The fastest closure is 3 x $5/month supporters.","why_support":"Support keeps the immediate outside check free while funding TLS, hosting, abuse controls, worker capacity, signed-evidence verification, automation packs, and public reliability proof."}}