Certification
Certification Report — ForgePM (Orlando Enterprise)
Requested service tier: ENTERPRISE Tier-required level: ENTERPRISE_READY Non-functional gate: PASS (0 failing blocking NFRs) Certified level: ENTERPRISE_READY — *against the reproducible-build contract*, with three disclosed deployment-time integrations (below).
This certification is set from real evidence (verification-summary.json, 70/70 PASS), not aspiration. The customer asked for "enterprise level," so the build was contracted, verified, and certified against an explicit enterprise non-functional bar — features alone could not satisfy it.
Blocking NFR gate (the bar that makes this "enterprise")
| Blocking NFR | Required bar | Delivered & proven | Verdict |
|---|---|---|---|
| identity_authentication | Real auth, sessions, hashing; SSO/MFA path | Salted scrypt, signed expiring sessions, MFA flag, SSO seam | PASS (with seam, below) |
| authorization_model | Server-side RBAC, least privilege | 5 ranked roles enforced on every mutation; 403 proven | PASS |
| tenant_isolation | Org-scoped; negative tests | Mandatory org_id; cross-tenant read/write impossible | PASS |
| auditability | Append-only privileged-action log | audit_log, never updated/deleted, org-scoped | PASS |
| security_compliance | Hashing, session security, validation, no leakage | scrypt, HMAC sessions, input validation, CSP, no 5xx internals leaked | PASS |
Required (non-blocking) NFRs — data_durability (WAL + migrations + backup + restart test), observability (logs + /healthz + /metrics), admin_operations, reporting_exports, ux_maturity, accessibility — all PASS.
Honest disclosures (delivered as production-ready seams, not live)
The "enterprise" claim is scoped. The following are architected and wired as seams but are not live in this reproducible build, and must be completed at deployment before a true production go-live:
- SSO / live IdP federation —
sso_subject+ MFA flag exist; a real
OIDC/SAML handshake with Okta/Azure AD is a deployment integration.
- Real payment rails — payments are recorded against charges; Stripe/Plaid
(or ACH processor) wiring is a seam.
- Multi-node high availability — the HTTP layer is stateless and
horizontally scalable; this build runs single-node on node:sqlite. The documented production path swaps in managed Postgres behind a load balancer.
Trust statement
You can trust that, today, ForgePM: authenticates users; enforces least-privilege RBAC; guarantees tenant isolation (proven by negative tests); keeps an immutable audit trail; survives restarts; and delivers the rent, maintenance, pricing, and "where to maximize" outcomes — all under automated verification. Before serving real tenants in production, complete the three disclosed seams. Nothing above is claimed beyond what the 70/70 evidence shows.