Review dispatch / synthetic records only
Bring a role. Break one claim.
Choose one fixed-time review, use the supplied synthetic case, and return one concrete artifact. You are not being asked to adopt Habitable or put a real household into an alpha.
Intake boundary
No evidence uploadsNo names, addresses, photos, allegations, client information, case strategy, keys, or packet files—anywhere.
Stay on synthetic data. Habitable is not legal advice, an emergency service, an audited security product, or ready for a real legal matter. A review can identify a problem; it cannot by itself certify accessibility, security, legal fitness, or admissibility.
Choose one lane
Four roles. Four bounded handoffs.
Each lane names its time box, review material, and expected output before you begin. Stop if the supplied scope does not match your role or safety requirements.
Tenant organizer / workflow fit
Run one synthetic building handoff
Follow a fictional condition from capture through chronology, organizer review, and packet handoff. Use your ordinary categories and sequence without copying any member’s case.
- Use
- The local demo, tenant-union guide, and sample packet
- Return
- A friction log with the first three breakdowns, one unsafe assumption, and a stop / continue decision
Legal aid / recipient comprehension
Cold-read the packet before the claims
Open the synthetic packet without reading the implementation docs. Mark what you can establish, what you cannot establish, and where the wording sounds stronger than the underlying fact.
- Use
- The HTML sample packet only for the first pass
- Return
- Three misunderstood or over-strong labels, missing context, and the next question you would ask the person who created the record
Accessibility / human task completion
Walk the path with keyboard or assistive technology
Complete one synthetic path with the keyboard or assistive technology you actually use. Automated checks already run; this lane is for barriers automation cannot establish.
- Use
- The local app in English or Spanish and the accessible HTML packet
- Return
- Task, platform, browser, assistive technology, first blocker, severity, and whether completion was possible
Security / boundary and verifier challenge
Challenge one stated guarantee
Trace one threat-model boundary or try one synthetic tamper case against the standalone verifier. This is focused review, not an independent audit or security certification.
- Use
- The frozen threat-model baseline, current threat model, verifier, and synthetic packet
- Return
- The claim tested, method, observed result, and remaining uncertainty; report any vulnerability privately
See the whole handoff first
A user-started 75-second walkthrough
Six chapters show the synthetic case, packet export, and verifier boundary. Nothing starts until you choose Start. Pause, move chapter by chapter, or read the complete transcript instead.
Read the 75-second walkthrough transcript
- 0:00 — Synthetic record. Open fictional unit 4B. The Evidence Atlas joins the issue, captures, and timeline facts locally.
- 0:12 — Chronology. Connect the observed condition to dates, notices, responses, attempts, and recurrence without turning a tenant statement into an official finding.
- 0:25 — Readiness. Review the whole-unit disclosure boundary before export. If the scope is too broad, do not export.
- 0:37 — Packet export. Produce accessible HTML plus PDF and machine-readable companion artifacts, with integrity material in the appendix.
- 0:50 — Recipient read. Read the chronology first and verify the packaged bytes separately. Neither step decides whether the underlying account is true.
- 1:02 — Verification. The public sample reports intact bytes but an untrusted timestamp authority and not-ready status unless the recipient supplies independently trusted authority material.
Six concrete review tasks
Know what “done” means before you volunteer
These tasks are also maintained as public GitHub issues. Claim one there, work only with synthetic material, and return the named output. Security findings take the private route.
- Claim task #123
Run the organizer workflow dry run
Expected output: three workflow breakdowns, one unsafe assumption, and a stop / continue decision with a short reason.
- Claim task #122
Cold-read the synthetic packet
Expected output: three unclear or over-strong labels, missing context, and the first follow-up question for the record creator.
- Claim task #124
Complete the app path with the keyboard
Expected output: browser and platform, task attempted, first blocker, severity, and whether the synthetic path could be completed.
- Claim task #126
Walk one path with a screen reader
Expected output: assistive technology, browser, language, task, first blocker, severity, and whether the synthetic path could be completed. Describe the result in text; do not upload a recording.
- Claim task #121
Challenge one threat-model boundary
Expected output: claim tested, assumed adversary, method, observed result, and remaining uncertainty. Do not describe an unfixed vulnerability publicly.
- Claim task #125
Try one synthetic verifier tamper case
Expected output: mutation attempted, expected verdict, actual verdict, and reproducible synthetic fixture. Submit any acceptance bypass through private vulnerability reporting.
Route feedback by risk
Public work stays public. Sensitive contact does not.
Public / discussion
Questions and design critique
Use GitHub Discussions for general technical questions, workflow critique, and ideas that contain no tenant, client, case, or vulnerability information.
Join the start-here DiscussionPublic / task
Bounded technical work
Use the seeded issues to claim a synthetic review task or submit a non-sensitive, reproducible finding. Read the warning before posting.
Open the public task listPrivate / organization interest
Start with role and scope only
Email only an organization name you are authorized to share, your role, the review lane, and preferred follow-up. Email is not an evidence-transfer system. Do not attach or describe a case.
Open a private organization emailPrivate / security
Report a vulnerability confidentially
Use GitHub private vulnerability reporting. Reproduce with synthetic data. Do not post exploit details in an issue, discussion, pull request, or review log.
Report a vulnerability privatelyNo evidence uploads anywhere. This static site has no upload form. Do not send names, addresses, photos, messages, allegations, keys, packet files, client information, privileged material, or case strategy through GitHub, email, or review recordings.
Close the loop
What reviewers found / what changed
Every published entry separates the reviewer’s bounded finding from the project response, remaining gap, and status. The log updates after each completed review and at least monthly while review intake is active—even when there is no new finding to claim.

