Authority note: all HempDash actions on this page are platform-scoped (delist on the Platform, revoke the Seal, suspend the account) — HempDash cannot stop a vendor's off-platform sales or mandate a recall. See Authority Boundary.
Owner: Robert Taylor + Ayisha · Department: Cross-functional · Status: Live · Version: 1.0
Effective Date: 2026-06-13 · Last Reviewed: 2026-06-13 · Next Review Date: 2026-09-13
Source of Truth: code audits (backend-truth + portal-maturity) · Maturity: 4 (Operational)
Capability-by-capability: is it documented, implemented, and do they agree? Status: 🟢 GREEN documented+implemented · 🟡 YELLOW partial · 🔴 RED documented-but-not-implemented · ⬛ BLACK contradiction.
| Capability | Doc | Impl | Status | Note |
|---|---|---|---|---|
| Seal issuance | ✓ | ✓ | 🟢 | Ed25519 JWS, KMS/PEM |
| Seal verification / JWKS | ✓ | ✓ | 🟢 | public verify + JWKS |
| Seal revocation | ✓ | ✗ | 🔴 | columns exist, no write-path; playbook says manual escalation |
| COA storage + 3yr retention | ✓ | ✓ | 🟢 | object-lock immutable |
| COA OCR/parse | ✓ | ~ | 🟡 | works; no confidence/provenance stored |
| COA expiry delists on the Platform | ✓ | ✗ | 🔴 | not enforced at sale |
| COA replacement preserves prior | ✓ | ✗ | 🔴 | overwrites in place |
| Recall create + fan-out + notify | ✓ | ✓ | 🟢 | real dispatch task |
| Recall auto-delists on the Platform | ✓ | ✗ | 🔴 | manual platform delisting (flagged in playbook) |
| Recall effectiveness | ✓ | ~ | 🟡 | field + disposition; closure not gated |
| NOV tracking | ✓ | ✓ | 🟢 | model + deadline webhook |
| Complaints / CAPA | ✓(gap) | ✗ | 🔴 | no model (TX §300.208 gap) |
| Audit pack generation | ✓ | ✓ | 🟢 | signed, synchronous |
| Audit pack download logging | ✓ | ✗ | 🔴 | not logged |
| POS pickup verification | ✓ | ✓ | 🟢 | server-enforced, single-use |
| Delivery / handoff age verification | ✓(gap) | ✗ | 🔴 | no gate exists |
| Go-live enforcement | ✓ | ✗ | 🔴 | advisory only; API-bypassable |
| Vendor KYB | ✓ | ~ | 🟡 | Middesk defaults to mock; no beneficial owners |
| Vendor suspension | ✓ | ~ | 🟡 | SUSPENDED status exists; workflow unconfirmed |
| Vendor reinstatement | ✓(gap) | ✗ | 🔴 | manual only |
| RBAC enforcement | ✓ | ✗ | 🔴 | matrix display-only; routes gate on org membership |
| RLS tenant isolation | ✓ | ✗ | 🔴 | defined but inert (admin_bypass) |
| DSAR (export/delete) | ✓ | ✓ | 🟢 | real models + playbook |
| Legal hold | ✓(gap) | ✗ | 🔴 | no system; manual |
| Label compliance | ✓(gap) | ✗ | 🔴 | model unwired (zero writers) |
| Vendor training gating | ✓ | ~ | 🟡 | boolean; does not gate RBAC |
| Payments / payouts | ✓ | ✓ | 🟢 | PaymentCloud/Stripe/Sezzle |
| Notifications (email/SMS/in-app) | ✓ | ✓ | 🟢 | delivery logs + DLQ |
0 unresolved. Every capability where the platform falls short of the intent is documented as manual / current-vs-target (Gate 6) rather than claimed as working — so no page contradicts reality. The RED rows are honest gaps, not contradictions.
Reference index · System Capability Status · Authority & Decision Rights · Home