Public claims are evidence-bound and cannot be elevated by copy or UI toggles.
Mobile installable web shell
Install XPScerpto as a safe PWA shell.
The mobile shell may cache only public UI assets and safe public shells. Admin, correspondence, evidence, live IMAP status, API responses, cookies, CSRF tokens, message content, raw MIME, and attachments remain network-only/no-store.
Evidence Center
A product trust interface, not a raw developer log.
The center separates proven facts, locked claims, current blockers and sealed package evidence so reviewers can understand XPScerpto without reading internal debug streams first.
Production claim is locked under the runtime truth contract.
Native runtime is currently detached; detached state remains visible.
Static assets are locally sealed by xps_asset_manifest.json.
Native C++ runtime attachment and qualifying production evidence remain required.
Latest package/hash evidence is exposed through the sealed asset and phase reports.
What is proven
- Local-only public asset policy is enforced by CSP and static scans.
- Brand assets are served from /static/brand only, not a CDN.
- Admin, app and root-control are separate visual/control planes.
- Detached native runtime is shown as a blocked production state.
What is not proven
- Production-ready release is not claimed.
- Security-complete status is not claimed.
- Core Web Vitals are not claimed without browser/lab measurement.
- Native runtime execution remains detached unless configured and probed.
XPScerpto Portal-3
الأدلة
تعرض XPScerpto بوابة لمنصة تشفير سيادية تركّز على حدود السلطة الصريحة، وتقارير الحالة المبنية على الأدلة، ولوحة تحرير منفصلة.
الأدلة
هذه البوابة تميّز بوضوح بين backend Python الحقيقي وبين runtime C++ الأصلي. أي ادعاء يبقى مقيدًا بالأدلة وبعقد الحقيقة التشغيلي.
Truth contract
No unproven production claim
production_ready is computed from native runtime attachment plus qualifying evidence; it is not an editorial toggle.