Authority note: all HempDash actions on this page are platform-scoped (delist on the Platform, revoke the Seal, suspend the account) — HempDash cannot stop a vendor's off-platform sales or mandate a recall. See Authority Boundary.
Owner: Robert Taylor (Eng) · Department: Engineering · Status: Live · Version: 1.0
Effective Date: 2026-06-13 · Last Reviewed: 2026-06-13 · Next Review Date: 2026-09-13
Source of Truth: code audits (backend-truth + portal-maturity) · Maturity: 4 (Operational)
Every capability gap found in the code audits, with severity + risk + owners. This is the master backlog. Owners marked (prov.) are unconfirmed.
| # | Gap | Sev | Compliance/Business risk | Eng owner | Ops owner | Current → Target |
|---|---|---|---|---|---|---|
| 1 | Recall does not auto-delist on the Platform | P0 | Recalled product stays sellable until manual platform delisting | Robert | Ayisha(prov.) | manual → auto-deactivate on recall |
| 2 | No delivery/handoff age verification | P0 | Underage delivery; legal exposure | Robert | Alliyson(prov.) | none → driver handoff gate |
| 3 | Go-live not enforced (API-bypassable) | P0 | Not-live vendor can transact | Robert | Ayisha(prov.) | advisory → enforced at order create |
| 4 | Go-live KYC verified/CLEAR mismatch |
P0 | Go-live may never clear | Robert | — | bug → fix enum compare |
| 5 | RLS tenant isolation inert | P1 | Cross-tenant data risk if a route omits filter | Robert | — | defined-inert → enforced or removed |
| 6 | RBAC matrix display-only | P1 | Any org member can POST recall/POS | Robert | — | display → server-enforced |
| 7 | COA expiry not enforced at sale | P1 | Expired-COA product sellable | Robert | Purple(prov.) | unchecked → block on expiry |
| 8 | Seal revocation has no write-path | P1 | Cannot kill a bad seal in-app | Robert | — | manual → revoke endpoint + cache bust |
| 9 | No demo/real separation (is_demo) |
P1 | Demo data can leak to public verify + investor metrics | Robert | Lola(prov.) | none → tenant/demo flag |
| 10 | COA replacement overwrites prior | P2 | Undercuts 3yr retention | Robert | Purple(prov.) | overwrite → supersession |
| 11 | No audit-log hash chain | P2 | Not tamper-evidently recomputable | Robert | — | append-only → hash chain |
| 12 | Label compliance unwired | P2 | §300.402 not enforced | Robert | Purple(prov.) | extract-only → persist+gate |
| 13 | No complaints/CAPA model | P2 | §300.208 gap | Robert | Ayisha(prov.) | none → complaint+CAPA |
| 14 | Legal-hold system absent | P2 | Preservation is manual | Robert | Ayisha(prov.) | none → hold model |
| 15 | Affiliate portal seam broken | P2 | Affiliate pages 404 (/affiliate/* vs /partners/me/*) |
Robert | Lola(prov.) | broken → router alias |
| 16 | 7-yr financial retention not enforced | P3 | IRS/1099 retention | Robert | — | unenforced → policy job |
| 17 | Audit-pack downloads not logged | P3 | Evidence-access trail | Robert | — | none → log |
| 18 | OCR confidence/provenance not stored | P3 | Review efficiency | Robert | — | none → store |
| 19 | Maturity/review job not automated | P3 | Staleness drift | Robert | Lola(prov.) | snapshot → scheduled job |
P0 count: 4 · P1: 5 · P2: 6 · P3: 4. P0s are the blocking gaps for compliance-readiness.
Reference index · System Capability Status · Authority & Decision Rights · Home