Skip to main content

Evalium Master Capability Registry

This registry provides an exhaustive map of Evalium's functional capabilities, linking backend architectural intent to business-facing features and forensic verification. It covers the full lifecycle of a high-stakes assessment, from definition to long-term defensible reporting.

1. Identity & Access Governance

Capability: Granular RBAC & Capability-Based Access

  • Intent: Enforce the principle of least privilege while maintaining multi-tenant and intra-tenant (silo) isolation.
  • Forensic Invariant: Hard-coded role checks are strictly banned; all authorization logic is centralized in the authz service and enforced via PostgreSQL Row-Level Security (RLS).
  • Verification: backend/tests/authz_middleware.sh, backend/tests/user_rbac_schema.sh.

Capability: Multi-Layer Session Revocation

  • Intent: Immediate "kill-switch" for compromised accounts or suspicious activity across multiple devices.
  • Logic: Supports revoking specific sessions (revokeSession), all other sessions (revokeOtherSessions), or all sessions for a user (revokeAllSessions).
  • Verification: backend/tests/auth_sessions_revoke_others.sh.

Capability: Delegated Authority Tracking (Provenance)

  • Intent: Non-repudiation of "Acting on Behalf" relationships (e.g., a manager approving a verifier's finding).
  • Logic: Records the actorID and the authorityContext for every mutation in the ledger.
  • Verification: backend/tests/defensibility_authority_provenance.sh.

2. Content authoring & Stimulus Management

Capability: Advanced Question Logic (MCQ/MRQ)

  • Intent: Support complex knowledge checks with granular grading control and structural validation.
  • Granular Logic:
    • Grading Modes: threshold (pass if > N correct), per-choice (points per correct, penalty per incorrect), proportional (normalized score).
    • Selection Constraints: minSelect, maxSelect, exactSelect enforced at the moment of submission.
  • Verification: backend/tests/reporting_question_health_mrq.sh.

Capability: Stimulus Management (Passages)

  • Intent: Anchor multiple questions to a shared Stimulus (Text/Media) while maintaining version integrity.
  • Logic: Question versions are explicitly linked to passage versions; changing a passage requires a deliberate update to the evaluation version.
  • Verification: backend/tests/passages_crud.sh.

Capability: Structural authoring Validation (Hard Gates)

  • Intent: Prevent logically invalid evaluations (e.g., unreachable sections or empty buckets) from reaching the field.
  • Forensic Invariant: The Publish event is blocked if structural errors exist (e.g., a bucket shortfall where only 3 questions exist for a rule requiring 5).
  • Verification: backend/tests/evaluations_validate.sh.

Capability: Localisation Contract (BCP-47)

  • Intent: Prevent UI drift and text corruption in multi-language environments.
  • Logic: Enforces a "Canonical Envelope" (defaultLocale + locales) across all content APIs. Validates locale tags against BCP-47.
  • Verification: backend/tests/test_localisation_all.sh.

3. Library Operations & Portability

Capability: Inventory Views (Virtual Folders)

  • Intent: Organize massive question/evaluation banks without the fragility of physical folder structures.
  • Logic: A saved-filter engine providing personal and shared visibility, optimized for RLS-scoped search performance.
  • Verification: backend/tests/inventory_views_smoke.sh.

Capability: Content Portability & Lineage (Packs)

  • Intent: Bundle approved versions for movement between environments (e.g., Global Library to Local Tenant).
  • Logic: Records the cryptographic lineage from "Pack Revision" to "Local Install," enabling auditing of where a specific evaluation variant originated.
  • Verification: backend/tests/content_packs.sh.

Capability: High-Volume Bulk Actions

  • Intent: Efficient management of library assets (Archive, Restore, Tag Replace).
  • Forensic Invariant: Includes a dryRun mode to audit the "blast radius" of a change across the library before commit.
  • Verification: backend/tests/authoring_bulk_actions.sh.

4. Operational Delivery & Field Resilience

Capability: Legally Mandated Accommodations (Overrides)

  • Intent: Provide adjustments for specific candidates (extra time/attempts) without altering the authoritative template.
  • Logic: Per-user overrides for extraAttempts, timeLimitExtension, and feedbackModeOverride.
  • Verification: backend/tests/assignments_idempotency.sh.

Capability: Automated Compliance Scheduling

  • Intent: Automate recurring certification cycles (e.g., annual safety checks).
  • Forensic Invariant: Schedules use an atomic "Locking Gate" to prevent duplicate issuance or missed execution windows.
  • Verification: backend/tests/assignments.sh.

Capability: Environment Lockdown & Telemetry

  • Intent: Verify candidate attention and detect cheating via browser behavior monitoring.
  • Logic: Continuous recording of focusLost, fullscreenExit, and navigation events into the ledger, summarized in the final result.
  • Verification: backend/tests/delivery_session.sh.

Capability: Deterministic Draw (Buckets)

  • Intent: Ensure dynamic forms are reconstructable for audit.
  • Forensic Invariant: The specific list of question_version_ids selected for a user via dynamic buckets is frozen in question_order at session start.
  • Verification: backend/tests/evaluations_buckets.sh.

5. Observational Assessment & Findings

Capability: Multi-Subject Linkage

  • Intent: Support observations where one execution applies to a team, a vehicle, or multiple assets.
  • Logic: Associates a single submission with multiple subjects via the submission_subjects durable link.
  • Verification: backend/tests/observation_assignment_multi_subjects.sh.

Capability: Verifier-Led Findings & Evidence Gating

  • Intent: Enable verifiers to record defects against subjects with mandatory substantiation.
  • Logic Gate: Backend enforces requiresComment or requiresEvidence for specific findings; approval is blocked until the condition is met.
  • Verification: backend/tests/observation_findings_evidence_required.sh.

Capability: Approval Workflows (Four-Eyes)

  • Intent: Quality control for high-stakes assessments.
  • Logic: Supports pending_review, approved, rejected, and changes_requested states. Enforces policies requiring review by a different actor than the observer.
  • Verification: backend/tests/observation_submission_four_eyes.sh.

6. Results Governance & Remediation

Capability: Forensic Results Remediation (Snap-then-Append)

  • Intent: Correct scoring errors (e.g., a bad answer key) without destroying the execution history.
  • Forensic Invariant: Version 1 (Execution Truth) is never overwritten. Administrative corrections create Version 2+, maintaining a clear delta between "As Executed" and "As Remediated."
  • Verification: backend/tests/results_remediation_drop_item.sh.

Capability: Dual-Time Policy Enforcement

  • Intent: Distinguish between "passed under rules at time of execution" vs "would pass under today's tightened rules."
  • Logic: Emits dual-time status codes (defensibleAtExecution vs readyNow) for all submissions.
  • Verification: backend/tests/proof_readiness_dual_time_smoke.sh.

Capability: Non-Repudiable Ratification

  • Intent: Provide a legally binding sign-off for a submission or engagement milestone.
  • Forensic Invariant: Records the state fingerprint/hash, signer identity, and fresh re-authentication (Step-Up) proof in the immutable ledger.
  • Verification: backend/tests/submission_ratification.sh.

7. Defensibility, Reporting & Analytics

Capability: Snapshot-Isolated Projection Engine

  • Intent: Guarantee that reporting facts remain constant even if the source library is deleted or renamed.
  • Forensic Invariant: Reporting workers are strictly decoupled from live authoring tables; they pull content text and payloads exclusively from the VersionSnapshot.
  • Verification: backend/tests/test_reporting_all.sh.

Capability: Question Health Analytics (Signal Detection)

  • Intent: Identify flawed or biased questions via statistical anomalies in field data.
  • Metrics: Calculates Facility (mean score), Omission Rate, and Time on Item (P90/Median).
  • Verification: backend/tests/reporting_question_health_all.sh.

Capability: Defensibility Exception Triage

  • Intent: Allow admins to acknowledge and document system anomalies (e.g., "Focus loss was caused by an OS update popup").
  • Forensic Invariant: Triage status and commentary are recorded in the ledger, providing essential context during an audit.
  • Verification: backend/tests/defensibility_exceptions_smoke.sh.

8. Compliance, Privacy & Data Lifecycle

Capability: Hybrid Scrub (Right to be Forgotten)

  • Intent: Satisfy GDPR/PII requests without breaking the "Golden Thread" of assessment proof.
  • Logic: Redacts email and name while preserving the immutable UUID and performance records for organizational analytics.
  • Verification: backend/tests/compliance_forget.sh.
  • Intent: Prevent data loss during active legal investigations.
  • Forensic Invariant: Hold status is verified inside the database transaction of all automated and manual cleanup workers. Holds override all retention policies.
  • Verification: backend/tests/compliance_restrict.sh.

Capability: Data Retention Safety (Dry Run)

  • Intent: Safely audit the impact of large-scale data cleanup policies.
  • Logic: Mandatory DryRun mode that calculates and logs eligible records without enqueuing destructive jobs.
  • Verification: backend/tests/compliance_retention_incidents.sh.

Capability: Evidence Storage Tiering & Verification

  • Intent: Manage the physicality of proof across its lifecycle.
  • Logic: Moves artifacts from Hot (MinIO) to Cold (Glacier) storage while maintaining ledger-linked integrity hashes.
  • Verification: backend/tests/evidence_storage_tier_worker.sh.