secure-xl2hwp-local local-first air-gapped docs-only public surface

Local-only spreadsheet automation with verifiable handoff.

This page is intentionally not a SaaS front door. It is a public explainer for a secure local runtime whose strongest proof is the architecture path: trust boundary first, template-drift before export claims, then signed audit/export evidence for handoff.

Honest framing: GitHub Pages hosts the story. The regulated processing routes live only inside the local secure deployment.

01 · Trust boundary before features

Start with /ops/service-brief so users see roles, signing posture, and why public runtime is intentionally out of scope.

02 · Template drift before export confidence

/ops/template-drift-preview is the key differentiator: it shows placeholder/spec mismatch risk before anyone treats output as production-ready.

03 · Verification bundle, not just a file export

/ops/architecture-pack, signed summary bundles, and /ops/audit/export/verify turn the handoff into auditable proof.

Fastest architecture handoff flow

1
Open the service brief

Use /ops/service-brief to show the operating contract, trust boundary, allowed roles, and the intended architecture flow.

2
Show template-drift proof before claiming safe export

Use /ops/template-drift-preview to explain how placeholder gaps, spec mismatches, and hold points are surfaced before document generation is trusted.

3
End on signed verification evidence

Walk through /ops/architecture-pack, then show /ops/audit/export/summary.bundle.zip or /ops/audit/export/recent.bundle.zip and validate them with /ops/audit/export/verify.

Architecture briefing script

Use this when you need the clearest operating story in under two minutes.

"This is not a public SaaS demo. The design goal is local trust. I prove safety by showing the service brief, then template drift, then the signed architecture pack and export verification route."

Why template drift matters here

  • Spreadsheet contracts and Hancom templates evolve independently.
  • Operator confidence should come from mismatch visibility, not optimistic export success.
  • Drift preview creates a concrete approval gate before regulated artifacts move downstream.

Audit/export verification flow

  • Audit summaries exist as JSON/CSV plus signed bundle outputs.
  • Architecture-pack copy points users to the exact endpoints used for handoff.
  • Verification endpoint proves bundle integrity after transfer, not just at creation time.

Honest public framing

  • This public site explains the system; it does not host the processing runtime.
  • The strongest signal is deployment restraint plus evidence surfaces.
  • Local-only is part of the security story, not a missing hosted-demo step.

Best local operating order

  • 1. /ops/service-brief — trust boundary, roles, signing mode, operating contract.
  • 2. /ops/template-drift-preview — hold points for template/spec mismatch.
  • 3. /ops/runtime-scorecard — compact runtime posture before handoff.
  • 4. /ops/architecture-pack — architecture sequence, proof assets, approval gate.
  • 5. /ops/audit/export/verify — post-export integrity check.

First secure workflow clarity

  • Trust first. Start at /ops/service-brief before anyone asks about features or throughput.
  • Handoff certainty second. Keep /ops/runtime-scorecard and /ops/architecture-pack visible together so the user sees posture plus proof bundle in one story.
  • Export last. Only point to signed bundles after /ops/template-drift-preview is clean and /ops/audit/export/verify is part of the handoff.

How to discuss this project

  • This repo is strongest when discussed as a local secure workflow, not a hosted app.
  • The hero proof is template drift plus verifiable export evidence.
  • I start with contract surfaces, then show the drift gate, then the signed handoff route.

Public posture

  • Public site: documentation, proof route, and clarification framing
  • Local runtime: actual processing, architecture-pack, signed export, verify endpoints
  • Recommended verification flow: brief -> drift -> runtime scorecard -> architecture pack -> verify

Service launch path

Secure XL2HWP Local can start free, then convert on private value.

Local-only spreadsheet cleanup and Hancom handoff workflow with signed audit/export evidence. The free surface stays public and synthetic; paid value begins with paid local license, deployment package, and template adaptation support.

Free entrypublic architecture page that explains trust boundary and handoff path
Paid SKUpaid local license, deployment package, and template adaptation support
Search intentSecure XL2HWP Local demo / Secure XL2HWP Local system architecture