Validation & evidence for the QUORUM site and simulator.

These behaviors are present in the site code and are part of the deployed QUORUM experience.

• Scenario selection, policy selection, and the simulation engine workflow.
• Live flow, forensic replay, system topology, and report generation views.
• Mobile-responsive layout with scrollable panels and stacked controls.
• Decision history, campaign timelines, and risk-report rendering.
• Site navigation, sitemap entries, and public disclosure pages.

These elements are intentionally synthetic or fallback-driven. They are useful for demonstration, but they should not be mistaken for live production telemetry.

• Scenario payloads, behavioral signals, and attack story timelines.
• Campaign sequences and the narrative playback around each event.
• Local fallback analysis when the external analysis endpoint is unavailable.
• Report copy, causal explanations, and tier labels built from synthetic inputs.

These checks were run against the deployed site and its live endpoint, outside the simulator runtime itself.

• Public delivery of simulation.html and upgrade.js from the live host.
• UTF-8 content delivery and nginx configuration reload on the deployment server.
• Live analysis endpoint returned expected classifications for representative clean and high-risk test payloads.
• Capability removal on request: the retired standalone capabilities document now returns 404.

These items are not yet fully closed out. They should remain visible until the review is complete.

• Independent third-party review of the simulator logic and policy behavior.
• Broader browser and device matrix, including iOS Safari and Android Chrome.
• Accessibility review with keyboard-only and assistive-technology paths.
• Long-duration soak, concurrency, and load testing for the live endpoint.

• No independent SOC 2, ISO 27001, or penetration-test attestation is claimed.
• No production financial-institution deployment is claimed unless separately documented.
• No real customer transaction telemetry is used in the public simulator.
• No regulator-approved automated filing workflow is claimed by the simulator.

• Windows desktop development via PowerShell and local file editing.
• Ubuntu deployment host running nginx for the live site.
• Public HTTP access to the live domain and IP address.
• Responsive layout review at desktop and mobile viewport widths in the simulator code.

• Browsers are modern and have JavaScript enabled.
• The site is served from the same origin used during validation.
• Reported scenario data is synthetic unless a page explicitly says otherwise.
• If the live analysis endpoint is unavailable, the simulator falls back to local scoring logic.
• Validation claims apply to the current deployed build, not to prior revisions.