body { background:#f5efe4; color:#16201d; } .layout { display:flex; min-height:100vh; } .content { flex:1; padding:2rem; } .hero { border:1px solid #16201d; border-radius:24px; padding:1.35rem; background:radial-gradient(circle at 90% 0%,#bbf7d0,transparent 30%),linear-gradient(135deg,#fff7ed,#dcfce7); box-shadow:0 20px 60px rgba(15,23,42,.12); } .eyebrow { text-transform:uppercase; letter-spacing:.14em; font-size:.72rem; font-weight:900; color:#475569; } h1 { margin:.25rem 0 .5rem; font-size:2.05rem; line-height:1.05; } h2 { margin:.2rem 0 .45rem; } .grid { display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:1rem; margin:1rem 0; } .card,.section { border:1px solid rgba(22,32,29,.16); background:rgba(255,255,255,.9); border-radius:18px; padding:1rem; } .section { margin-top:1rem; } .value { font-size:2rem; font-weight:950; letter-spacing:-.04em; } .label { text-transform:uppercase; letter-spacing:.11em; font-size:.72rem; color:#64748b; font-weight:900; } .muted { color:#64748b; font-size:.86rem; } .mono { font-family:"SFMono-Regular",Consolas,monospace; font-size:.82rem; } .badge { display:inline-flex;align-items:center;border:1px solid;border-radius:999px;padding:.16rem .55rem;font-size:.74rem;font-weight:900; } table { width:100%; border-collapse:collapse; margin-top:.75rem; } th,td { text-align:left; border-bottom:1px solid #e2e8f0; padding:.62rem; vertical-align:top; } th { color:#475569; text-transform:uppercase; letter-spacing:.1em; font-size:.72rem; } .wide { overflow:auto; }
bp Sphere · Architecture Assurance

Multi-Channel Data Service Audit

same data service, same source record, same policy, same action authority, same audit trail

This proves that P2P web, drawers, chat, Claude Co-Work, ServiceNow, mobile, and API consume governed modular data services instead of channel-specific shortcuts. Each channel must preserve evidence packs, source lineage, action authority, audit trail, and decision replay links from the same runtime contract.

Overall status
PASS
Parity rows
7/7
Certified channels
6
Boundary violations
0

Audit Questions

  • Are all channels calling the same data service contracts?
  • Are they receiving the same source-bound business objects?
  • Are actions going through the same policy/action runtime?
  • Can we prove this with logs, traces, tests, and code inspection?

Channel-to-Service Contract Matrix

Every capability maps to one canonical backend service and one stable contract. Channels render the response; they do not compute finance truth.

CapabilityRequired serviceContractChecksCoverage
My invoice queue
get_my_p2p_work_queue
invoice_queue_servicep2p_progressive_queue.v1same count, same top cases, source-bound items, trace idall channels
Invoice details
open_invoice_detail
invoice_detail_servicep2p_case_summary.v1same supplier, same amount, same status, same source recordall channels
Supplier info
open_invoice_detail
supplier_servicep2p_case_summary.v1same supplier id, same supplier status, same provenanceall channels
PO/GR evidence
show_invoice_evidence
po_gr_match_servicep2p_case_evidence.v1same PO, same GR state, same source lineageall channels
Missing evidence
show_invoice_evidence
evidence_servicep2p_case_evidence.v1same evidence pack, same gaps, same lineageall channels
Policy trigger
show_policy_reason
policy_decision_servicep2p_case_decision.v1same policy result, same version, same rationaleall channels
Allowed actions
show_allowed_actions
action_eligibility_servicep2p_case_actions.v1same allowed actions, same blocked actions, same authorityall channels
ServiceNow ticket creation
create_servicenow_ticket
action_runtimeaction_runtime.v1same action gate, same ledger requirement, no direct writeall channels
Audit trail
show_decision_replay
audit_servicep2p_case_replay.v1same trace model, same event chain, same actor/channel ledgerall channels
Decision replay
show_decision_replay
replay_servicep2p_case_replay.v1same replay id, same timeline stages, same write-back linkall channels

Runtime Channel Certification

ChannelQueue countSource-boundTraceServiceStatus
P2P Web Page
web_portal
558TRACE-CHANNEL-e5a59c7e-6e91-5653-9670-489809d98abfPASS
Chat
sphere_chat
558TRACE-CHANNEL-1efb82a6-1271-590a-a532-1a14e00091f8PASS
Claude Co-Work
claude_cowork
558TRACE-CHANNEL-658ccad7-76b7-5554-af3c-dbbee587d85cPASS
ServiceNow
servicenow
558TRACE-CHANNEL-4ec66f32-03c4-519c-b566-b388c721fc48PASS
Mobile
mobile
558TRACE-CHANNEL-15d1e98e-32e8-5d56-b823-72db8cd58186PASS
API
rest_api
558TRACE-CHANNEL-0f79c42a-4299-53b3-91f2-06cae4e029cbPASS

Cross-Channel Parity Results

CapabilityWebChatClaudeServiceNowMobileAPIStatus
Queue count
invoice_queue_service
555555555555PASS
Top invoice/case
invoice_queue_service
CASE-P2P-000001CASE-P2P-000001CASE-P2P-000001CASE-P2P-000001CASE-P2P-000001CASE-P2P-000001PASS
Evidence pack
evidence_service
EVD-PACK-P2P-000001EVD-PACK-P2P-000001EVD-PACK-P2P-000001EVD-PACK-P2P-000001EVD-PACK-P2P-000001EVD-PACK-P2P-000001PASS
Policy result
policy_decision_service
runtime-ownedruntime-ownedruntime-ownedruntime-ownedruntime-ownedruntime-ownedPASS
Release payment
action_eligibility_service
blockedblockedblockedblockedblockedblockedPASS
Ticket creation
action_runtime
runtimeruntimeruntimeruntimeruntimeruntimePASS
Replay
replay_service
availableavailableavailableavailableavailableavailablePASS

Static Boundary Scan

Certified channel boundary files are scanned for direct DB, test-double, and local business-rule patterns. Backend services are not treated as channel code.

FileStatusFinding
api/enterprise_experience.pyPASSno prohibited channel patterns
api/ux_channels.pyPASSno prohibited channel patterns
api/governed_chat.pyPASSno prohibited channel patterns
api/claude_cowork.pyPASSno prohibited channel patterns
core/claude_cowork_runtime.pyPASSno prohibited channel patterns
ui/enterprise_chat.pyPASSno prohibited channel patterns
ui/governed_chat.pyPASSno prohibited channel patterns
ui/mobile_cockpit.pyPASSno prohibited channel patterns
ui/_mission_p2p_queue_runtime.pyPASSno prohibited channel patterns

Telemetry and Anti-Drift Contract

Required telemetry
  • trace_id
  • channel
  • user_id
  • role
  • intent
  • experience_contract
  • services_called
  • source_systems_accessed
  • source_record_ids
  • policy_versions
  • mock_data_used
  • source_bound
  • actions_available
  • actions_blocked
  • audit_logged
Anti-drift controls
  • CI prevents channel-to-database imports in certified adapters.
  • CI prevents mock data from certified non-test channel routes.
  • Cross-channel parity runs the same canonical intents through all channels.
  • Every response carries service attestation, trace id, and contract version.
  • Deployment fails on critical action-authority divergence.
TargetRequired value
channel_requests_using_approved_data_services_pct100
direct_db_access_from_channel_layer0
mock_stub_data_in_non_test_mode0
source_bound_responses_pct100
action_runtime_usage_for_write_actions_pct100
policy_checked_controlled_actions_pct100
cross_channel_parity_pass_rate_pct100
responses_with_trace_id_pct100
responses_with_contract_version_pct100

API contract: /api/iaf/experience/multi-channel-service-audit