Review dispatch / synthetic records only

Bring a role. Break one claim.

Choose one fixed-time review, use the supplied synthetic case, and return one concrete artifact. You are not being asked to adopt Habitable or put a real household into an alpha.

Intake boundary

No evidence uploads

No names, addresses, photos, allegations, client information, case strategy, keys, or packet files—anywhere.

Stay on synthetic data. Habitable is not legal advice, an emergency service, an audited security product, or ready for a real legal matter. A review can identify a problem; it cannot by itself certify accessibility, security, legal fitness, or admissibility.

Choose one lane

Four roles. Four bounded handoffs.

Each lane names its time box, review material, and expected output before you begin. Stop if the supplied scope does not match your role or safety requirements.

OR45 min

Tenant organizer / workflow fit

Run one synthetic building handoff

Follow a fictional condition from capture through chronology, organizer review, and packet handoff. Use your ordinary categories and sequence without copying any member’s case.

Use
The local demo, tenant-union guide, and sample packet
Return
A friction log with the first three breakdowns, one unsafe assumption, and a stop / continue decision
Start the organizer review
AX30–45 min

Accessibility / human task completion

Walk the path with keyboard or assistive technology

Complete one synthetic path with the keyboard or assistive technology you actually use. Automated checks already run; this lane is for barriers automation cannot establish.

Use
The local app in English or Spanish and the accessible HTML packet
Return
Task, platform, browser, assistive technology, first blocker, severity, and whether completion was possible
Choose an accessibility task
SE45–60 min

Security / boundary and verifier challenge

Challenge one stated guarantee

Trace one threat-model boundary or try one synthetic tamper case against the standalone verifier. This is focused review, not an independent audit or security certification.

Use
The frozen threat-model baseline, current threat model, verifier, and synthetic packet
Return
The claim tested, method, observed result, and remaining uncertainty; report any vulnerability privately
Choose a security task

See the whole handoff first

A user-started 75-second walkthrough

Six chapters show the synthetic case, packet export, and verifier boundary. Nothing starts until you choose Start. Pause, move chapter by chapter, or read the complete transcript instead.

The synthetic Evidence Atlas for unit 4B, joining captures and timeline facts.

Chapter 1 / 0:00–0:12

Open a synthetic building record

The Evidence Atlas keeps the issue, captures, and timeline facts in one local case. This walkthrough uses fictional unit 4B; no household or case is represented.

The synthetic app record with issue and recording workspaces visible.

Chapter 2 / 0:12–0:25

Join the condition to its chronology

A condition is not just a photo. The record connects what was observed with dates, notices, responses, repair attempts, and recurrence without silently turning a tenant statement into an official finding.

The synthetic app showing readiness and export workspaces.

Chapter 3 / 0:25–0:37

Review before anything leaves the device

The operator checks readiness and the disclosure boundary before export. Current packets cover the whole unit; if that is too broad, the safe choice is not to export.

The synthetic exported packet with issue chronology and evidence appendix.

Chapter 4 / 0:37–0:50

Export a recipient-readable packet

The export pairs a human-readable chronology with hashes, signatures, timestamp material, and custody structure. The HTML is the accessible reading; the PDF and machine-readable bundle are companion artifacts.

Recipient check / synthetic packet

Read first. Verify separately.

The packet must explain its scope without requiring source-code knowledge. A recipient then checks the packaged bytes with the standalone verifier and independently selected trust material.

Open the actual sample packet

Chapter 5 / 0:50–1:02

Keep reading and verification distinct

A clear packet can still contain an inaccurate statement. A successful cryptographic check can show that packaged bytes stayed intact; it cannot prove what happened in a building.

habitable: integrity: intact
timestamp authority: NOT TRUSTED (0/3 items)
evidence readiness: NOT READY

Not evidence-ready: rerun with --trusted-cert PEM
for an authority you independently trust.

Chapter 6 / 1:02–1:15

Report the limit, not just the success

This is the actual result for the public synthetic sample without an independently trusted authority certificate. Integrity is intact; authority trust and evidence readiness are not established.

Read the 75-second walkthrough transcript
  1. 0:00 — Synthetic record. Open fictional unit 4B. The Evidence Atlas joins the issue, captures, and timeline facts locally.
  2. 0:12 — Chronology. Connect the observed condition to dates, notices, responses, attempts, and recurrence without turning a tenant statement into an official finding.
  3. 0:25 — Readiness. Review the whole-unit disclosure boundary before export. If the scope is too broad, do not export.
  4. 0:37 — Packet export. Produce accessible HTML plus PDF and machine-readable companion artifacts, with integrity material in the appendix.
  5. 0:50 — Recipient read. Read the chronology first and verify the packaged bytes separately. Neither step decides whether the underlying account is true.
  6. 1:02 — Verification. The public sample reports intact bytes but an untrusted timestamp authority and not-ready status unless the recipient supplies independently trusted authority material.

Six concrete review tasks

Know what “done” means before you volunteer

These tasks are also maintained as public GitHub issues. Claim one there, work only with synthetic material, and return the named output. Security findings take the private route.

  1. OR-0145 min

    Run the organizer workflow dry run

    Expected output: three workflow breakdowns, one unsafe assumption, and a stop / continue decision with a short reason.

    Claim task #123
  2. AX-0130 min

    Complete the app path with the keyboard

    Expected output: browser and platform, task attempted, first blocker, severity, and whether the synthetic path could be completed.

    Claim task #124
  3. AX-0245 min

    Walk one path with a screen reader

    Expected output: assistive technology, browser, language, task, first blocker, severity, and whether the synthetic path could be completed. Describe the result in text; do not upload a recording.

    Claim task #126
  4. SE-0145 min

    Challenge one threat-model boundary

    Expected output: claim tested, assumed adversary, method, observed result, and remaining uncertainty. Do not describe an unfixed vulnerability publicly.

    Claim task #121
  5. SE-0260 min

    Try one synthetic verifier tamper case

    Expected output: mutation attempted, expected verdict, actual verdict, and reproducible synthetic fixture. Submit any acceptance bypass through private vulnerability reporting.

    Claim task #125

Route feedback by risk

Public work stays public. Sensitive contact does not.

Public / discussion

Questions and design critique

Use GitHub Discussions for general technical questions, workflow critique, and ideas that contain no tenant, client, case, or vulnerability information.

Join the start-here Discussion

Public / task

Bounded technical work

Use the seeded issues to claim a synthetic review task or submit a non-sensitive, reproducible finding. Read the warning before posting.

Open the public task list

Private / organization interest

Start with role and scope only

Email only an organization name you are authorized to share, your role, the review lane, and preferred follow-up. Email is not an evidence-transfer system. Do not attach or describe a case.

Open a private organization email

Private / security

Report a vulnerability confidentially

Use GitHub private vulnerability reporting. Reproduce with synthetic data. Do not post exploit details in an issue, discussion, pull request, or review log.

Report a vulnerability privately

No evidence uploads anywhere. This static site has no upload form. Do not send names, addresses, photos, messages, allegations, keys, packet files, client information, privileged material, or case strategy through GitHub, email, or review recordings.