Proof: npm test (212/212) and npm run operator-dashboard:build cover non-JSON auth failures and rebuilt the dashboard bundle.
Assumptions: browser auth failures may return plain text before a session cookie is established; API callers should receive JSON errors.
Still fake: dashboard quote outcomes still depend on inventory-delta attribution instead of venue-native terminal fill events.
Proof: npm test; npm run operator-dashboard:build; focused regressions cover maker/taker activation creating config, invalid initial edge rejection, and invalid max-notional rejection.
Assumptions: Adding maker/taker/both mode should create an initial pair strategy config with operator-provided edge and max notional, but pairs without a real price route must remain blocked.
Still fake: No BTC/USDC external reference price route or liquidity model exists; non-nBTC/EURe pairs still fail closed on missing price route until that path is built.
Proof: npm test passed 171/171; npm run operator-dashboard:build passed; regression tests cover pair activation/pause fail-closed behavior, per-pair edge controls, and asset deposit address exposure.
Assumptions: Activating a directed pair is operator-approved live-funds-adjacent control; trading still requires existing DB strategy config, price route, armed services, and inventory, so unsupported imported assets remain blocked.
Still fake: no new price routes or liquidity discovery were added; non-current pairs without routes/config remain visible but cannot trade.
Proof: npm test passed 166/166; npm run operator-dashboard:build passed; focused dashboard static tests cover removing the 20-row asset registry cap and requesting 250 catalog rows.
Assumptions: Current 1Click import has 163 supported tokens, so a 250-row dashboard catalog cap exposes the full current catalog while keeping the bootstrap bounded.
Still fake: no live funds movement; imported assets remain catalog-visible only unless explicitly inventory/trading enabled.
Proof: Live dashboard preflight returned an empty client response because an upstream control timeout rejected outside the server catch path and restarted operator-dashboard. The server now awaits API handlers, wraps control proxy failures, and returns structured JSON errors instead of crashing.
Assumptions: A timed-out control proxy should be observable as a dashboard control failure, not as process death. Returning 504/502 JSON is safer than treating the action as successful or hiding the upstream state.
Still fake: This does not make unanswered solver quote requests fill; it only makes the dashboard control surface truthful and non-crashing for failed or timed-out controls.
