Tenants
—
active
Open Alarms
—
across tenants
Events (24h)
—
processed
Devices
—
bound
Recent Alarms
View all →| Time | Severity | Type | Tenant |
|---|---|---|---|
| No alarms yet — start an adapter under Tenants. | |||
Pipeline Status
Correlation Enginerunning
NATS JetStreamconnected
Postgresconnected
Active Adapternone
Live Alarm Queue
| Time | State | Severity | Type | Device | Actions |
|---|---|---|---|---|---|
| Select a tenant and click Connect to subscribe, or Load history to see open alarms. | |||||
Resolve alarm
All Tenants
| Slug | Display Name | Status | ID |
|---|
Provision Tenant
v0.1 walking skeleton: tenant comes up immediately with default RBAC + a key-ceremony placeholder. Full Setup Wizard arrives in v0.2.
Start Adapter for Tenant
No adapter running.
Adapter Catalogue
| Adapter | Version | Publisher | Status | Capability |
|---|---|---|---|---|
| generic-onvif cam-fixed, cam-ptz |
0.1.0 | psim-platform | v0.1 — installed | ONVIF Profile S/T/M motion, PTZ, snapshot. v0.1 uses dev-emit synthetic events for the skeleton demo. |
| More adapters (Milestone, Genetec, Bosch, Hikvision, Dahua, Lenel, Si-Port, …) land in v0.2+ per ROADMAP. | ||||
Incident lifecycle UI lands in v0.3 (UC-02). Backend state machine + audit chain already in place.
Audit Log (hash-chained per tenant, FR-AUD-04/05)
| Time | Category | Action | Resource | Result | Reason |
|---|---|---|---|---|---|
| Select a tenant and click Load. | |||||
User management UI arrives in v0.2. Backend
UserRepo + per-tenant encryption already proven (25 tests pass).Device inventory browser arrives in v0.2. Backend onboarding state machine in place (FR-ONB-04).
Per-tenant adapter enablement UI arrives in v0.2 (FR-MT-11). Backend
tenant_adapters table ready.SIEM Bridge (Splunk / QRadar / Sentinel) arrives in v1.0 (UC-12). Event serialisation supports CEF / LEEF / syslog formats.
First-boot Setup Wizard arrives in v0.2 (ADR-26, FR-DEP-01..19). Sealed config storage already implemented.
Multi-dimensional SLA policy editor arrives in v0.3 (FR-CORE-10/13/14).
Encryption Policy — per Tenant × Field
Customer-controlled, PDPL-constrained. PDPL-classified fields are platform-locked and cannot be opted out of encryption (FR-CRYPTO-POLICY-04).
| Field Class | Default | PDPL-locked? |
|---|---|---|
| user.email | encrypted | yes — locked |
| user.mfa_secret | encrypted | yes — locked |
| device.credentials | encrypted | yes — locked |
| cardholder.name | encrypted | yes — locked |
| cardholder.badge_id | encrypted | yes — locked |
| cardholder.phone | encrypted | yes — locked |
| device.external_id | encrypted | no — customer-choosable |
| adapter.config | encrypted | no — customer-choosable |
| cardholder.photo_url | encrypted | no — customer-choosable |
| notes | encrypted | no — customer-choosable |
Per-tenant toggle UI arrives in v0.2. Backend already enforces both modes via storage version byte (`0x00` plain, `0x01` AES-256-GCM) — see ADR-28.
Multi-dimensional licence policy editor (per tenant × module × adapter × device-count × …) arrives in v0.3. v0.1 ships
LicenceGuard as a permissive default.System health dashboard arrives in v0.2. Each Go service exposes
/healthz + /readyz already.KMS Provider Status
Active Providerfile-based (v0.1 default)
Pluggable toHashiCorp Vault · AWS KMS · PKCS#11 HSM
Per-tenant MEKactive
Key Ceremony UIarrives v0.2 (FR-KMS-07/08)
PDPL-locked fields6 of 10 field classes
About this build
PSIM Platform — v0.1 walking skeleton
Built per: 27 ADRs, 15 architectural anti-patterns, ~170 functional + non-functional requirements.
Backend: Go services + Postgres + NATS JetStream + MinIO + per-tenant Vault encryption.
Adapter SDK: gRPC-style plugin protocol; first-party adapters in Go; partner adapters in any language.
Brand-agnostic per ADR-12 — every label on this page is configurable via env + CSS variables.
Built on Hetzner with customer-salt baked into every binary via
-ldflags per ADR-17. Served via psim.tahwol.com with Let's Encrypt TLS through nginx reverse proxy.