📈 Evalium — Defensibility Readiness Scorecard
This answers:
If challenged tomorrow, where would we stand?
Scored 0–5 (0 = absent, 5 = court-ready)
Core Ledger & KOE
| Area | Score | Why |
|---|---|---|
| Knowledge (K) | 4.0 | Strong versioning + snapshots |
| Observation (O) | 4.0 | Findings enforced with ledger events + reporting projection; subjects + assignment visibility live; four-eyes + auto-approve implemented |
| Evidence (E) | 4.5 | Ledger-native with hashing, storage tier, and decisions |
| Submissions (Ledger) | 4.5 | Strong foundation |
| Amend / Void | 2.5 | Partially implemented |
Structural Integrity
| Area | Score | Why |
|---|---|---|
| Snapshot integrity | 4.0 | Needs enforcement tests |
| WORM enforcement | 3.5 | Conceptually clear, not universal |
| Runtime vs Durable split | 4.5 | Very solid |
| RLS isolation | 5.0 | Best-in-class |
| Identity & Attribution | 4.0 | Actor vs Subject separation with submission subject links and assignment-based visibility |
Trust & Verification
| Area | Score | Why |
|---|---|---|
| Verification levels | 2.5 | L4 enforcement partial |
| Context binding | 2.5 | Enforcement partial |
| Step-up auth | 1.0 | Spec only |
| Audit explainability | 3.5 | Delegated authority provenance captured; still depends on operator completeness |
Transparency & Client Confidence
| Area | Score | Why |
|---|---|---|
| Engagement visibility | 2.5 | Engagements + glass box lens |
| Client portal | 2.0 | Glass Box APIs live |
| Ratification | 2.0 | Engagement ratification live |
| Hashing | 4.0 | Submission + engagement hashing with evidence ingestion hashes |
Overall Platform Defensibility Score
➡️ 3.9 / 5 — “Externally credible, still maturing”
That’s actually a good position:
- Your core is solid
- The gaps are well-bounded
- No fundamental rewrites needed