Evidence-gated status

Claims remain locked until runtime evidence proves them.

Native runtime and qualifying production evidence are not both proven.

Production claimLocked
Native runtimeDetached
BackendReal
Last verified2026-07-13T08:23:26Z
Open Evidence Center
Public SurfaceEvidence-first read planeNo hidden production claim
User RouteScoped capsule workspaceGlobal authority blocked
Admin ControlEditorial + runtime governanceRoot powers excluded
Root-ControlLocal/hardware gatedOffline release authority

Mobile installable web shell

Install XPScerpto as a safe PWA shell.

The mobile shell may cache only public UI assets and safe public shells. Admin, correspondence, evidence, live IMAP status, API responses, cookies, CSRF tokens, message content, raw MIME, and attachments remain network-only/no-store.

Browser install prompt appears only when the browser exposes it.
PWA_INSTALLABLEYES
HOME_SCREEN_INSTALL_OBSERVEDYES_FROM_USER_SCREENSHOT
STANDALONE_MODEYES_FROM_USER_SCREENSHOT_OR_BROWSER_SIGNAL
OFFLINE_PUBLIC_SHELLYES
NATIVE_ANDROID_APKNO
NATIVE_IOS_APPNO
APP_STORE_READYNO
PLAY_STORE_READYNO
PRODUCTION_READYNO

Evidence Center

A product trust interface, not a raw developer log.

The center separates proven facts, locked claims, current blockers and sealed package evidence so reviewers can understand XPScerpto without reading internal debug streams first.

Claim state

Public claims are evidence-bound and cannot be elevated by copy or UI toggles.

Production lock

Production claim is locked under the runtime truth contract.

Native runtime

Native runtime is currently detached; detached state remains visible.

Asset seal

Static assets are locally sealed by xps_asset_manifest.json.

Current blockers

Native C++ runtime attachment and qualifying production evidence remain required.

Package hash

Latest package/hash evidence is exposed through the sealed asset and phase reports.

What is proven

  • Local-only public asset policy is enforced by CSP and static scans.
  • Brand assets are served from /static/brand only, not a CDN.
  • Admin, app and root-control are separate visual/control planes.
  • Detached native runtime is shown as a blocked production state.

What is not proven

  • Production-ready release is not claimed.
  • Security-complete status is not claimed.
  • Core Web Vitals are not claimed without browser/lab measurement.
  • Native runtime execution remains detached unless configured and probed.

XPScerpto Portal-3

Evidence

XPScerpto presents a sovereignty-oriented cryptographic platform portal with explicit authority boundaries, evidence-first status reporting, and a separate editorial control plane.

PlatformHWDomains

Evidence

This portal distinguishes the real Python backend from the native C++ runtime. Claims remain gated by evidence and runtime truth checks.

No public evidence report has been registered yet.

Truth contract

No unproven production claim

production_ready is computed from native runtime attachment plus qualifying evidence; it is not an editorial toggle.