DOCUMENTATION HUB·LEVEL_2

Support Guide — Ironframe GRC

REF_PATH: support/support-guideSOURCE: APP_DOCUMENTS_DB

Support Guide — Ironframe GRC

For L1/L2 support and customer success engineers.

Support tiers

TierScopeEscalation
L1Login, tenant selection, UI navigation, FAQL2 if API 5xx or isolation suspected
L2API errors, cron/heartbeat, export failuresPlatform engineering + TAS review
L3RLS breach, data corruption, constitutional overrideSecurity incident + PO

Intake checklist

Collect on every ticket:

  1. User email and Supabase user ID (if available)
  2. Active tenant UUID (from switcher or cookie ironframe-tenant)
  3. URL path and timestamp (UTC)
  4. Browser and OS
  5. Screenshot or HAR (no secrets)
  6. Response status for dashboard and sustainability telemetry endpoints

Triage flow

User report
    │
    ├─ Auth/login? → Supabase dashboard, session cookies, middleware
    ├─ Blank dashboard? → Tenant switch race, refetch, 401 on dashboard
    ├─ Carbon pulse? → Electricity Maps key, fallback env, LKG route
    ├─ Export fail? → Tenant scope, exports dashboard auth
    ├─ Stale data banner? → Ironwatch heartbeat, SystemConfig.degraded flags
    └─ Cross-tenant data? → STOP — escalate L3 immediately

Common resolutions

IssueSteps
Session expiredClear site cookies, re-login
No tenant scopeSelect tenant; not Global for exports
Carbon loop / missing API keyConfirm IRONWATCH_SUSTAINABILITY_FALLBACK_ENABLED=true or set ELECTRICITY_MAPS_API_KEY
Dashboard 503Check deployment logs; run platform health probe
Cron not runningVerify cron schedule configuration and IRONFRAME_CRON_SECRET
Simulation noise in auditExpected—GRCBOT filtered in UI; use purge tools if admin requests

Escalation triggers (immediate)

  • Any evidence of cross-tenant data in UI or API response
  • Ironguard violation logs with successful data return
  • Constitutional override invoked without change ticket
  • Sustained stale lockdown (>24h) without waiver documentation

Tools for operators

ToolUse
Deployment logsFunction errors, cron execution
Supabase logsAuth failures, RLS denials
npm run test:vercel-smokePost-deploy cron/auth probe
TAS integrity probeConstitutional health (200 vs 503)
Nightly Cron RunbookDoc Engine vs API narrate — logs, env, pass/fail
Prisma StudioRead-only row inspection (never mutate without runbook)

Communication templates

Acknowledgment:
“We’ve received your report for tenant [NAME]. We’re checking dashboard and sustainability API responses and will update you within [SLA].”

Fallback mode explanation:
“Live grid carbon data is temporarily unavailable. Ironframe is displaying a verified last-known-good or forensic baseline so your Command Center stays operational. No financial cents were altered.”

Related documents