Public claims are evidence-bound and cannot be elevated by copy or UI toggles.
Mobile installable web shell
Install XPScerpto as a safe PWA shell.
The mobile shell may cache only public UI assets and safe public shells. Admin, correspondence, evidence, live IMAP status, API responses, cookies, CSRF tokens, message content, raw MIME, and attachments remain network-only/no-store.
Evidence Center
A product trust interface, not a raw developer log.
The center separates proven facts, locked claims, current blockers and sealed package evidence so reviewers can understand XPScerpto without reading internal debug streams first.
Production claim is locked under the runtime truth contract.
Native runtime is currently detached; detached state remains visible.
Static assets are locally sealed by xps_asset_manifest.json.
Native C++ runtime attachment and qualifying production evidence remain required.
Latest package/hash evidence is exposed through the sealed asset and phase reports.
What is proven
- Local-only public asset policy is enforced by CSP and static scans.
- Brand assets are served from /static/brand only, not a CDN.
- Admin, app and root-control are separate visual/control planes.
- Detached native runtime is shown as a blocked production state.
What is not proven
- Production-ready release is not claimed.
- Security-complete status is not claimed.
- Core Web Vitals are not claimed without browser/lab measurement.
- Native runtime execution remains detached unless configured and probed.
XPScerpto Portal-3
Nachweise
XPScerpto zeigt ein souveränitätsorientiertes Kryptografie-Portal mit klaren Autoritätsgrenzen, evidenzbasierter Statusanzeige und separater redaktioneller Steuerung.
Nachweise
Dieses Portal trennt den realen Python-Backendbetrieb vom nativen C++-Runtime. Aussagen bleiben durch Nachweise und den Runtime-Truth-Contract begrenzt.
Truth contract
No unproven production claim
production_ready is computed from native runtime attachment plus qualifying evidence; it is not an editorial toggle.