Trust and compliance

Rotapulse is a safety tool. Every claim on the homepage is tied to something you can inspect: a file in the repo, a test, a config value, a database policy. This page names each one.

Deterministic by default

HSE FRI scoring is pure, versioned, regression tested. Every number is reproducible from history.

Engine version 2026.04.0, pinned in src/lib/fri-engine/version.ts
37 engine tests including worked RR446 examples
Every stored ShiftScore carries fri_version + profile_version for replay

AI narrates, never decides

The model explains and suggests. The deterministic engine re-validates every suggestion before you see it.

No LLM call on the scoring path. Scores are produced by pure TypeScript.
LLM suggestions pass through scoreShift() before surfacing in the UI
NEXT_PUBLIC_ENABLE_AI_NARRATIVE is off by default

UK compliant, UK hosted

EU region Supabase, UK Vercel region, GDPR by design. Built for NHS, logistics, rail subcontractors, hospitality.

Supabase project in eu-west-2 (London)
Vercel regions locked to lhr1 (London) in vercel.json
Row-level security on every table, JWT-scoped by org_id (see policies in 0001_initial_schema.sql)

Runtime facts

What this instance reports about itself, live. If any of these look wrong for a UK customer, the deploy is misconfigured.

FRI engine version: 2026.04.0
Default profile: generic@1.0
Vercel region: lhr1
Supabase region: eu-west-2
Engine tests: 37
Ingest tests: 18

Where to look

The source is available to anyone we invite. Ask for access and we will add you.

Deterministic scorer: src/lib/fri-engine/
RR446 worked examples: src/lib/fri-engine/__tests__/rr446-examples.test.ts
Ingest pipeline: src/lib/ingest/
Row level security policies: supabase/migrations/0001_initial_schema.sql