Dataset QA Gate
Checks record count, accepted status values, version-record coverage, SHA-256 consistency, check-log presence, latest status alignment, and scan timestamps.
Methodology boundaryThis page collects the checks used to assess whether the monitored records are consistent enough for public analysis. The badges below indicate automated checks or review channels. They are not legal, regulatory, or compliance certifications.
The OpenSSF Best Practices badge is already passing. The other badges expose public workflow or repository-review evidence and should be read as operational signals, not as legal, regulatory, or security certifications.
External OpenSSF Best Practices self-attestation for project 13465.
Inspect evidencePublic scorecardRepository supply-chain posture report generated by OpenSSF Scorecard.
Inspect evidenceCI workflow badgeShows the latest Prisma, dataset QA, lint, build, and audit gate run.
Inspect evidenceChecks record count, accepted status values, version-record coverage, SHA-256 consistency, check-log presence, latest status alignment, and scan timestamps.
Methodology boundaryRanks source coverage, retrieval traceability, public baselines, and publicEvidence-gated movement. It does not rank legal compliance or provider trustworthiness.
Open signals boardThe scraper can call a separate bearer-protected VPS renderer for script-rendered pages. Initial URLs, browser redirects, and subresource requests are validated against SSRF rules.
Open renderer sourceThe repository contains a current platform report covering configured inventory, assurance controls, public assets, deployment notes, known warnings, and next priorities.
Open reportRuns Prisma validation, source-evidence dataset assurance, lint, production build, and high-severity dependency audit before public release changes are merged.
Open workflowScans JavaScript and TypeScript code paths with GitHub security-and-quality queries. Findings remain external to product statements until reviewed.
Open scanReviews repository security posture such as branch protection, dependency update practices, token permissions, pinned actions, and vulnerability reporting.
Open scorecardOpenSSF Best Practices project 13465 is passing. This is public self-attestation evidence for open-source process hygiene, not a legal or security certification.
Open badge recordA SonarQube Cloud workflow and project configuration are present. The scan activates when the repository has a Sonar project and SONAR_TOKEN secret.
Open workflowVitest tracks auth/session handling, rate limiting, confidence metadata, diff parsing, subscriber preferences, and export/report utilities. This is targeted operational coverage, not full UI coverage.
Open workflowSupports controlled review of companies, monitored source URLs, policy records, cron runs, QA findings, database state, KPI matrix coverage, and evidence telemetry.
Checks production HTTP security headers and configuration on the deployed domain. The score depends on Hostinger and live response headers.
Open scanProvides a public report for the deployed domain response headers. Use it as live operational evidence, not as a security certification.
Open reportPolicyWatcher treats confidence as an operational state. A record may be available, partial, unavailable, or in need of review; the UI and the admin tools should expose that state rather than hide it.
Provider URL, jurisdiction, policy type, ingestion method, and status are visible as reviewable record fields.
Direct fetch, HTTP/2, optional VPS rendering, and freshness-guarded archives update evidence metadata. Blocked or unavailable pages are recorded without inventing replacement content.
The QA script compares hashes, version records, check logs, timestamps, and accepted status values at the policy-record grain.
A release can be promoted only after source-evidence dataset assurance, lint, build, and security scan workflow have passed.
PolicyWatcher monitors configured public source URLs, records check outcomes, maps policy changes, and produces analytical indicators. The platform focuses on observable public texts and QA state. Each visible signal is designed to be traceable back to provider sources, repository history, or the documented methodology.