# MPC Production Promotion Verdict — v6.82.190

`BLOCKED_FROM_PRODUCTION_PROMOTION`

- Generated: `2026-07-12T09:32:10+02:00`
- PASS: **117**
- FIXED_AND_VERIFIED: **22**
- BLOCKED: **106**
- NOT_APPLICABLE: **35**
- DEFERRED_WITH_JUSTIFICATION: **0**

The package is deployment-ready for MPC staging and has zero known unresolved critical application-code defects. Production promotion remains blocked because the Codex requires evidence from the actual hosted environment, real devices, configured external providers, monitoring and rollback/restore operations.

## Blocking items

| Truth | Evidence | Risk | Exact remediation | Owner | Verification required |
|---|---|---|---|---|---|
| STG-008 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-009 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-014 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-018 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-019 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-020 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-025 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-026 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-029 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-030 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-031 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-037 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-039 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-041 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-042 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-045 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-049 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-050 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-051 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-056 | Runtime flags are visible in source, but a complete owner/expiry/default register was not supplied. | Runtime flags are visible in source, but a complete owner/expiry/default register was not supplied. | Inventory every feature flag with staging and production defaults, owner, purpose and expiry/removal decision; remove abandoned flags. | Product / Release Owner | Local source/runtime evidence reviewed; required final verification: Approved feature-flag register reconciled to candidate source. |
| STG-059 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-060 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-065 | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Deploy through a versioned or maintenance-protected release switch, verify Brotli/gzip and cache behaviour, then perform and document rollback to the previous known-good release while preserving runtime data. | Hosting Operator / Release Owner | Local source/runtime evidence reviewed; required final verification: Timestamped deployment/rollback transcript and post-rollback smoke results. |
| STG-070 | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Deploy through a versioned or maintenance-protected release switch, verify Brotli/gzip and cache behaviour, then perform and document rollback to the previous known-good release while preserving runtime data. | Hosting Operator / Release Owner | Local source/runtime evidence reviewed; required final verification: Timestamped deployment/rollback transcript and post-rollback smoke results. |
| STG-072 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-074 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-083 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-084 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-091 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-094 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-095 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-096 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-097 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-098 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-099 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-100 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-101 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-102 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-104 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-105 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-106 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-107 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-115 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-118 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-119 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-120 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-121 | Server-side negative validation passed, but durable success, duplicate, timeout, provider-failure, captured-mailbox, retry and bounce visibility require configured staging delivery services. | Server-side negative validation passed, but durable success, duplicate, timeout, provider-failure, captured-mailbox, retry and bounce visibility require configured staging delivery services. | Configure an approved staging mailbox/sandbox and synthetic identities, then execute every form through success, duplicate, timeout, provider failure, retry exhaustion and bounce visibility scenarios. | Forms & Email Integration Owner | Local source/runtime evidence reviewed; required final verification: Submission IDs, timestamps and test-mail/provider records must reconcile without contacting real visitors. |
| STG-125 | Server-side negative validation passed, but durable success, duplicate, timeout, provider-failure, captured-mailbox, retry and bounce visibility require configured staging delivery services. | Server-side negative validation passed, but durable success, duplicate, timeout, provider-failure, captured-mailbox, retry and bounce visibility require configured staging delivery services. | Configure an approved staging mailbox/sandbox and synthetic identities, then execute every form through success, duplicate, timeout, provider failure, retry exhaustion and bounce visibility scenarios. | Forms & Email Integration Owner | Local source/runtime evidence reviewed; required final verification: Submission IDs, timestamps and test-mail/provider records must reconcile without contacting real visitors. |
| STG-126 | Server-side negative validation passed, but durable success, duplicate, timeout, provider-failure, captured-mailbox, retry and bounce visibility require configured staging delivery services. | Server-side negative validation passed, but durable success, duplicate, timeout, provider-failure, captured-mailbox, retry and bounce visibility require configured staging delivery services. | Configure an approved staging mailbox/sandbox and synthetic identities, then execute every form through success, duplicate, timeout, provider failure, retry exhaustion and bounce visibility scenarios. | Forms & Email Integration Owner | Local source/runtime evidence reviewed; required final verification: Submission IDs, timestamps and test-mail/provider records must reconcile without contacting real visitors. |
| STG-127 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-140 | The package protects administration, but individual account inventory and MFA enforcement are hosting/identity decisions not evidenced in the supplied build. | The package protects administration, but individual account inventory and MFA enforcement are hosting/identity decisions not evidenced in the supplied build. | Replace any shared administrator password with individual accounts, enable MFA where supported, disable dormant accounts and attach the privileged-account register. | Security Owner | Local source/runtime evidence reviewed; required final verification: Authentication review and successful MFA/account lifecycle test. |
| STG-149 | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Configure staging log retention, error reporting and critical alerts; test deletion and alert delivery to named owners; verify timestamps and searches without prohibited data. | Operations / Privacy Owner | Local source/runtime evidence reviewed; required final verification: Monitoring console evidence, alert receipt and retention/deletion test record. |
| STG-151 | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Configure staging log retention, error reporting and critical alerts; test deletion and alert delivery to named owners; verify timestamps and searches without prohibited data. | Operations / Privacy Owner | Local source/runtime evidence reviewed; required final verification: Monitoring console evidence, alert receipt and retention/deletion test record. |
| STG-152 | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Configure staging log retention, error reporting and critical alerts; test deletion and alert delivery to named owners; verify timestamps and searches without prohibited data. | Operations / Privacy Owner | Local source/runtime evidence reviewed; required final verification: Monitoring console evidence, alert receipt and retention/deletion test record. |
| STG-157 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-158 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-159 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-160 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-164 | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Local logs are privacy-filtered and correlated, but deployed retention/deletion, searchable monitoring, client/server error delivery and alert routing were not available for verification. | Configure staging log retention, error reporting and critical alerts; test deletion and alert delivery to named owners; verify timestamps and searches without prohibited data. | Operations / Privacy Owner | Local source/runtime evidence reviewed; required final verification: Monitoring console evidence, alert receipt and retention/deletion test record. |
| STG-167 | Applicable environment, device, accessibility, performance, monitoring and rollback gates remain unverified; therefore zero-failure promotion acceptance cannot be issued. | Applicable environment, device, accessibility, performance, monitoring and rollback gates remain unverified; therefore zero-failure promotion acceptance cannot be issued. | Close every BLOCKED truth in this matrix and rerun the exact candidate acceptance suite before changing the promotion verdict. | MPC Release Owner | Local source/runtime evidence reviewed; required final verification: Updated matrix contains zero applicable BLOCKED statuses. |
| STG-170 | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Deploy through a versioned or maintenance-protected release switch, verify Brotli/gzip and cache behaviour, then perform and document rollback to the previous known-good release while preserving runtime data. | Hosting Operator / Release Owner | Local source/runtime evidence reviewed; required final verification: Timestamped deployment/rollback transcript and post-rollback smoke results. |
| STG-171 | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Deploy through a versioned or maintenance-protected release switch, verify Brotli/gzip and cache behaviour, then perform and document rollback to the previous known-good release while preserving runtime data. | Hosting Operator / Release Owner | Local source/runtime evidence reviewed; required final verification: Timestamped deployment/rollback transcript and post-rollback smoke results. |
| STG-172 | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Deploy through a versioned or maintenance-protected release switch, verify Brotli/gzip and cache behaviour, then perform and document rollback to the previous known-good release while preserving runtime data. | Hosting Operator / Release Owner | Local source/runtime evidence reviewed; required final verification: Timestamped deployment/rollback transcript and post-rollback smoke results. |
| STG-174 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-175 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-177 | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Atomic deployment, compression/CDN parity, previous-release recoverability and rollback cannot be proven from source-only local execution. | Deploy through a versioned or maintenance-protected release switch, verify Brotli/gzip and cache behaviour, then perform and document rollback to the previous known-good release while preserving runtime data. | Hosting Operator / Release Owner | Local source/runtime evidence reviewed; required final verification: Timestamped deployment/rollback transcript and post-rollback smoke results. |
| STG-180 | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | The corrected artifact has been tested locally but has not yet been deployed and independently reproduced on the actual staging/public hostname. | Deploy this exact ZIP, record its SHA-256, run the packaged live verification and have a second authorised operator reproduce the smoke checks. | MPC Release Owner / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Live hostname report must match release 6.82.190 and this archive checksum. |
| STG-186 | Applicable environment, device, accessibility, performance, monitoring and rollback gates remain unverified; therefore zero-failure promotion acceptance cannot be issued. | Applicable environment, device, accessibility, performance, monitoring and rollback gates remain unverified; therefore zero-failure promotion acceptance cannot be issued. | Close every BLOCKED truth in this matrix and rerun the exact candidate acceptance suite before changing the promotion verdict. | MPC Release Owner | Local source/runtime evidence reviewed; required final verification: Updated matrix contains zero applicable BLOCKED statuses. |
| STG-197 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-200 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-201 | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | DNS, certificate validity, access control, expiry alerting and failure behaviour require the actual hosted staging environment. | Validate public DNS and certificate chain, configure documented revocable tester access, test fail-closed behaviour, set expiry monitoring, and execute the DNS/TLS rollback drill. | Hosting/DNS Administrator | Local source/runtime evidence reviewed; required final verification: Independent HTTPS/TLS/access-control report against staging.marlothparkcentral.com. |
| STG-203 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-204 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-205 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-206 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-207 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-208 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-209 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-210 | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Build and asset-size evidence exists, but no authoritative hosted Brotli/gzip, Core Web Vitals, shared-hosting resource, concurrency or capacity run was possible in this environment. | Run repeatable mobile lab and capacity tests against the deployed candidate, capture LCP/INP/CLS/TTFB, compression, resource saturation and route budgets, compare with the accepted baseline, and document the hosting-upgrade threshold. | Performance Engineer / Hosting Operator | Local source/runtime evidence reviewed; required final verification: Timestamped performance and load report tied to the immutable candidate checksum. |
| STG-211 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-212 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-213 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-214 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-215 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-216 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
| STG-218 | Source scanning, dependency audit and targeted local security probes passed, but an authorised dynamic scan against the deployed staging hostname was not available. | Source scanning, dependency audit and targeted local security probes passed, but an authorised dynamic scan against the deployed staging hostname was not available. | Run an authorised DAST scan against the deployed candidate, triage every finding, fix and retest all critical/high issues. | Security Engineer / Hosting Owner | Local source/runtime evidence reviewed; required final verification: Final DAST report with zero unresolved critical/high findings. |
| STG-220 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-221 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-222 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-233 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-234 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-235 | The supplied package and local test environment do not contain the external operational evidence required by this truth. | The supplied package and local test environment do not contain the external operational evidence required by this truth. | Perform the Codex verification for Cookie and tracker scans MUST be run on staging after consent-state changes. against the exact deployed candidate and attach reproducible evidence. | MPC Release Owner | Local source/runtime evidence reviewed; required final verification: Evidence must be tied to release 6.82.190 and its SHA-256. |
| STG-237 | Provider/cross-border processing records and breach-response tabletop evidence are policy/owner artefacts not present in the supplied code package. | Provider/cross-border processing records and breach-response tabletop evidence are policy/owner artefacts not present in the supplied code package. | Approve the processing register and cross-border flows, then conduct and record a breach-response tabletop exercise for this candidate capability set. | POPIA / Legal Owner | Local source/runtime evidence reviewed; required final verification: Signed privacy/legal record and completed exercise evidence. |
| STG-238 | Provider/cross-border processing records and breach-response tabletop evidence are policy/owner artefacts not present in the supplied code package. | Provider/cross-border processing records and breach-response tabletop evidence are policy/owner artefacts not present in the supplied code package. | Approve the processing register and cross-border flows, then conduct and record a breach-response tabletop exercise for this candidate capability set. | POPIA / Legal Owner | Local source/runtime evidence reviewed; required final verification: Signed privacy/legal record and completed exercise evidence. |
| STG-241 | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | Create a rights/provenance register for every promoted asset, validate required responsive attribution and licence restrictions, and test withdrawal across originals, variants, references and caches. | Content & Rights Owner | Local source/runtime evidence reviewed; required final verification: Rights register and a successful representative withdrawal test. |
| STG-242 | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | Create a rights/provenance register for every promoted asset, validate required responsive attribution and licence restrictions, and test withdrawal across originals, variants, references and caches. | Content & Rights Owner | Local source/runtime evidence reviewed; required final verification: Rights register and a successful representative withdrawal test. |
| STG-243 | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | Create a rights/provenance register for every promoted asset, validate required responsive attribution and licence restrictions, and test withdrawal across originals, variants, references and caches. | Content & Rights Owner | Local source/runtime evidence reviewed; required final verification: Rights register and a successful representative withdrawal test. |
| STG-244 | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | Create a rights/provenance register for every promoted asset, validate required responsive attribution and licence restrictions, and test withdrawal across originals, variants, references and caches. | Content & Rights Owner | Local source/runtime evidence reviewed; required final verification: Rights register and a successful representative withdrawal test. |
| STG-246 | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | The package contains substantial media and generated variants, but complete provenance, rights, attribution and withdrawal evidence for every asset was not supplied. | Create a rights/provenance register for every promoted asset, validate required responsive attribution and licence restrictions, and test withdrawal across originals, variants, references and caches. | Content & Rights Owner | Local source/runtime evidence reviewed; required final verification: Rights register and a successful representative withdrawal test. |
| STG-247 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-248 | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Application code enforces safe defaults, but the actual cPanel secrets, identities, data stores, backups and provider account inventories are outside the supplied package. | Provide a redacted staging environment inventory, prove staging-only credentials and data, execute the documented reset/backup/restore/account checks, and attach operator evidence. | MPC Owner / Hosting & Security Administrator | Local source/runtime evidence reviewed; required final verification: Review environment inventory and successful controlled tests without exposing secret values. |
| STG-249 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-250 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-252 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-255 | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Outbound URL syntax and inventory were checked, but sandbox DNS/network restrictions prevented destination, provider-outage and removal-path verification. | Run the external-link and provider failure tests from an authorised network, approve every outbound host, verify contact/map destinations and document provider environment mapping. | MPC Content/Integration Owner | Local source/runtime evidence reviewed; required final verification: Zero unintended external 4xx/5xx plus controlled outage/removal evidence. |
| STG-258 | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Automated source/mobile contracts passed, but the available Chromium installation is centrally blocked from local URLs and no real iOS/Android or screen-reader devices were available. The 77 MPC Kidz PDFs also remain untagged PDF/UA documents. | Run the packaged route set on current iOS Safari and Android Chrome at small-screen and constrained-network profiles; complete keyboard, VoiceOver/TalkBack, zoom/reflow, orientation, virtual-keyboard, dialog and Back/Forward checks; remediate/tag the Kidz PDFs or approve a blocking accessibility workstream. | Mobile & Accessibility QA Owner | Local source/runtime evidence reviewed; required final verification: Signed device/browser/accessibility matrix with screenshots, issue closure and PDF accessibility evidence. |
