Owner: Robert Taylor (Eng) · Department: Engineering · Status: Live · Version: 1.0
Effective Date: 2026-06-13 · Last Reviewed: 2026-06-13 · Next Review Date: 2026-09-13
Source of Truth: code (FastAPI backend) · Maturity: 4 (Operational)
On-demand, synchronous generation of a signed compliance evidence pack + a DSHS inspection ZIP.
flowchart LR
B[builder<br/>live DB queries] --> M[manifest<br/>vendor/seal/COA/events]
M --> SG[signer<br/>SHA-256 + Ed25519 JWS]
SG --> AP[(AuditPack versions<br/>immutable)]
- Synchronous (no job table); 90-day default window.
- Sections: vendor summary, seal history, seal scans, compliance events, COA archive.
- Signed: detached Ed25519 JWS over SHA-256 of the canonical manifest.
- Stored versions immutable (unique vendor+version).
- No training/recall/POS/CAPA sections in the manifest (§20.11-14).
- Downloads NOT audit-logged (§20.23).
- No generation-duration metric (§20.21).
- No 'not legal advice' disclaimer string (§20.24).
Architecture index · Inspection Readiness SOP · Home
Distilled from docs/audits/backend-truth-audit-2026-06-13.md and portal-maturity-audit-2026-06-13.md.