Live verification
Behavioural proof, not just structural checks.
Every claim on this page is implemented + running today. Every row links to the file or workflow that runs it — auditors can trace any claim to its source.
High-risk surfaces — behaviourally probed every 15 minutes
A 200 OK on /health doesn't prove an irreversible operation works. The liveness verifier exercises the real signing, render, token-mint, and HTTP roundtrip paths against synthetic targets — no real customers touched — every 15 minutes.
| Surface | What's proven | Cadence | Source |
|---|---|---|---|
| API | Every mounted rail (52) reaches and responds correctly Behavioural — exercises a real GET / POST against each rail's canonical entry path with a synthetic tenant id. | Every 15 minutes | packages/liveness-engine/src/manifest.ts |
| email-sender | Every email template renders successfully with its canonical input Catches zod-schema regression or render-helper rename before a real customer email blows up. No actual send. | Every 15 minutes | services/email-sender/src/handlers/health.ts#/health/render |
| github-app | GitHub App JWT mints AND GitHub accepts it Read-only GET /app on the GitHub API. Catches silent key-rotation or App-uninstall. | Every 15 minutes | services/github-app/src/handlers/health.ts#/health/installation-token |
| contact | Validate → render → MIME path works end-to-end Read-only — nothing persisted, no email sent. | Every 15 minutes | services/contact/src/index.ts#/contact/health |
| webhooks | HMAC sign + verify roundtrips AND wrong-secret is rejected In-process roundtrip — no outbound HTTP to customer endpoints. | Every 15 minutes | services/webhooks/src/index.ts#/health/sign |
EU regulator change feed
Four EU official sources are probed daily. New EUR-Lex acts are parsed, tagged with affected sector packs and framework codes, and routed into the obligations engine within the day. The remaining three sources currently ship as canaries — site-restructure detection today, structured event extraction next.
| Source | Detail | Cadence | Coverage | Adapter |
|---|---|---|---|---|
| EUR-Lex | L-series (Legislation) + C-series (Information) RSS | Daily | Every new EU regulation, directive, decision, recommendation, opinion or corrigendum | packages/regulatory-watch-core/src/adapters/eur-lex.ts |
| NANDO (Notified Bodies) | Single Market Compliance Space | Daily canary | Suspension or withdrawal of Notified Bodies for MDR / IVDR / CPR / Machinery | packages/regulatory-watch-core/src/adapters/nando.ts |
| EUDAMED | European Database on Medical Devices | Daily canary | Device registrations + UDI changes | packages/regulatory-watch-core/src/adapters/eudamed.ts |
| EMSA Equasis | European Maritime Safety Agency vessel database | Daily canary | Vessel detentions, port-state inspection outcomes, deficiencies | packages/regulatory-watch-core/src/adapters/emsa-equasis.ts |
Open observability
Three pieces of infrastructure that turn opaque runtime state into auditable, version-controlled artefacts.
Every 30 minutes a snapshot of Cloudflare worker error rates is committed to the errors/cf branch. `git show origin/errors/cf:latest.json` is the source of truth — fully versioned, fully auditable, no dashboard-only opacity.
Every user-initiated flow (specialist apply, demo provision, onboarding complete, DSAR submit, etc.) declares its required side-effects: which D1 row is written, which email template is dispatched, which event is emitted. CI fails if any declared side-effect isn't wired in the handler source.
Every package's tests run on every PR (not just one anchor package). Catches drift in dictionaries, frameworks, services, manifests in the same CI cycle the change ships in.
What this means for your audit
Every assertion here is implemented + running today. Your auditor can ask for the source for any line on this page; we'll point them at the file or the CI workflow. No marketing puffery — every probe, every adapter, every gate exists on disk and runs on the cadence stated.