Back to dashboard
3.6.3 Adaptive Workspace
Trust & Quality Evidence

Inspectable controls for dataset confidence.

This page collects the checks used to assess whether the monitored records are consistent enough for public analysis. The badges below indicate automated checks or review channels. They are not legal, regulatory, or compliance certifications.

Release gate
Prisma schema
Source-evidence gate
Dataset QA
Scraper tests
Renderer checks
Lint
Build
High-severity audit
Policy record grainpolicyId + versionRecord + checkLog
Obtained and visible badges

Public quality signals that can be inspected.

The OpenSSF Best Practices badge is already passing. The other badges expose public workflow or repository-review evidence and should be read as operational signals, not as legal, regulatory, or security certifications.

Public evidence

Badges and external review points

Local + CI

Dataset QA Gate

Checks record count, accepted status values, version-record coverage, SHA-256 consistency, check-log presence, latest status alignment, and scan timestamps.

Methodology boundary
Evidence-only ranking

Policy Signals Board

Ranks source coverage, retrieval traceability, public baselines, and publicEvidence-gated movement. It does not rank legal compliance or provider trustworthiness.

Open signals board
Confidence hardening

Renderer-Backed Retrieval

The scraper can call a separate bearer-protected VPS renderer for script-rendered pages. Initial URLs, browser redirects, and subresource requests are validated against SSRF rules.

Open renderer source
Repository report

State of the Art Report

The repository contains a current platform report covering configured inventory, assurance controls, public assets, deployment notes, known warnings, and next priorities.

Open report
Workflow

GitHub Quality Gate

Runs Prisma validation, source-evidence dataset assurance, lint, production build, and high-severity dependency audit before public release changes are merged.

Open workflow
Static scan

CodeQL Analysis

Scans JavaScript and TypeScript code paths with GitHub security-and-quality queries. Findings remain external to product statements until reviewed.

Open scan
Supply chain

OpenSSF Scorecard

Reviews repository security posture such as branch protection, dependency update practices, token permissions, pinned actions, and vulnerability reporting.

Open scorecard
Passing self-attestation

OpenSSF Best Practices

OpenSSF Best Practices project 13465 is passing. This is public self-attestation evidence for open-source process hygiene, not a legal or security certification.

Open badge record
Ready to connect

SonarQube Cloud

A SonarQube Cloud workflow and project configuration are present. The scan activates when the repository has a Sonar project and SONAR_TOKEN secret.

Open workflow
Targeted tests enabled

Codecov Targeted Reliability Coverage

Vitest tracks auth/session handling, rate limiting, confidence metadata, diff parsing, subscriber preferences, and export/report utilities. This is targeted operational coverage, not full UI coverage.

Open workflow
Internal control

Admin Review Console

Supports controlled review of companies, monitored source URLs, policy records, cron runs, QA findings, database state, KPI matrix coverage, and evidence telemetry.

Live scan

MDN HTTP Observatory

Checks production HTTP security headers and configuration on the deployed domain. The score depends on Hostinger and live response headers.

Open scan
Live scan

SecurityHeaders.com

Provides a public report for the deployed domain response headers. Use it as live operational evidence, not as a security certification.

Open report
Assurance workflow

From configured source to release decision

PolicyWatcher treats confidence as an operational state. A record may be available, partial, unavailable, or in need of review; the UI and the admin tools should expose that state rather than hide it.

01

Source configuration

Provider URL, jurisdiction, policy type, ingestion method, and status are visible as reviewable record fields.

02

Retrieval and failure logging

Direct fetch, HTTP/2, optional VPS rendering, and freshness-guarded archives update evidence metadata. Blocked or unavailable pages are recorded without inventing replacement content.

03

Integrity checks

The QA script compares hashes, version records, check logs, timestamps, and accepted status values at the policy-record grain.

04

Release gate

A release can be promoted only after source-evidence dataset assurance, lint, build, and security scan workflow have passed.

Evidence scope

Operational evidence with clear scope.

PolicyWatcher monitors configured public source URLs, records check outcomes, maps policy changes, and produces analytical indicators. The platform focuses on observable public texts and QA state. Each visible signal is designed to be traceable back to provider sources, repository history, or the documented methodology.