# SC AUDIT — APAR-003 / -004 / -005 / -006 (session-2026-05-16 datacert)

**Agent:** SC (Server Claude, a02)
**Task:** Verify production state of remaining open APARs from datacert session-2026-05-16; flip status with evidence where fix is live.
**State:** Audit complete. 2 RESOLVED, 2 PARTIALLY RESOLVED. No SC mutation performed.
**Date:** 2026-05-16 dispatch; recon performed 2026-05-17 ~08:46 UTC
**Authority:** AR GO via AGE Check-In dialog this session.

---

## Methodology

For each APAR: curl live page(s) on https://datacert.ai/, grep for the
prescribed-fix markers, then ssh root@svr01.dataveri.ai (via vault-key
path) to capture file mtime. No file mutations. No credentials displayed.
Vault key wiped post-use.

Audit workdir on a02: `/tmp/datacert-audit-20260517084644/` (ephemeral).

---

## svr01 source mtimes (evidence)

```
/home/datacert/public_html/index.html             49877  2026-05-17 07:14:57 UTC
/home/datacert/public_html/register.html          12767  2026-05-16 04:23:17 UTC
/home/datacert/public_html/dashboard.html         42085  2026-05-17 12:40:42 UTC
/home/datacert/public_html/verify.html             9377  2026-05-17 05:09:43 UTC
/home/datacert/public_html/assets/gemwallet-verify-20260517c.js  31605  2026-05-17 05:08:30 UTC
/home/datacert/public_html/assets/gemwallet-verify-20260517d.js  31879  2026-05-17 05:10:24 UTC
/home/datacert/public_html/assets/gemwallet-verify.js            31879  2026-05-17 05:10:24 UTC  (identical to -d)
/home/datacert/public_html/assets/datacert-nav.js                 3115  2026-05-16 18:18:45 UTC
```

---

## APAR-003 — GemWallet Regression / Standalone JS — RESOLVED

Required:
- verify.html `<script src>` a standalone gemwallet-verify.js
- JS file contains retry detection logic

Evidence:
```
$ grep -nE '<script\s+src="[^"]*gemwallet[^"]*"' /tmp/audit/verify.html
186:<script src="/assets/gemwallet-verify-20260517d.js?v=2026051701"></script>

$ grep -cE 'setTimeout|setInterval|retry|detectGemWallet|isInstalled' /tmp/audit/gemwallet.js
17
```

17 retry-detection markers present in the loaded JS. The standalone-JS
pattern is in production. APAR-003 is RESOLVED.

---

## APAR-004 — Nav Inconsistency — PARTIALLY RESOLVED

Permanent fix prescribed: shared `/assets/datacert-nav.js` + per-page
includes. Confirmed PRESENT on svr01 (3115 bytes, mtime 2026-05-16
18:18:45 UTC).

Per-page state:

| Page | datacert-nav.js include | Inline nav | Net |
|---|---|---|---|
| index.html | NO | YES | inline nav still authoritative |
| register.html | YES | NO | shared nav authoritative |
| dashboard.html | YES | NO | shared nav authoritative |
| verify.html | NO | YES | inline nav still authoritative |

Per-defect state:

**4A — register nav white-on-white:** RESOLVED. register.html `.nav-links a` is `color:#475569` (slate grey on white). No white-on-white bug.

**4B — dashboard missing langBtn:** UNCERTAIN. No `id="langBtn"` /
`class="lang-btn"` / `lang-modal` literal in dashboard.html HTML. BUT
dashboard.html includes `<script src=".../datacert-nav.js">` and the
shared nav script may inject the button at runtime. Headless render or
visual confirmation needed to be definitive. Recommendation: flip 4B to
NEEDS-RENDER-VERIFY rather than RESOLVED.

**4C — mobile menu missing 🌐 Language on index.html:** STILL OPEN.
`#mob` mobile menu div exists at line 170 of index.html but no `🌐
Language` entry. The shared nav include hasn't reached index.html yet.

Overall: PARTIALLY RESOLVED. Sub-status:
- 4A: RESOLVED
- 4B: NEEDS-RENDER-VERIFY
- 4C: OPEN (homepage mobile menu)

Remaining work (small): include `datacert-nav.js` in index.html and
verify.html, OR add the 🌐 Language entry to index.html's mobile menu
HTML directly. AR/CC sequence decides which.

---

## APAR-005 — Dashboard Tooltips Regression — MOSTLY RESOLVED

Live dashboard.html is now 42085 bytes (was 35407 in the built version
referenced by the APAR), mtime 2026-05-17 12:40:42 UTC — rebuilt ~4 hours
ago.

Smoke checks defined in the APAR:

| Check | State |
|---|---|
| `class="ii"` or `.info-tip` | PASS (`.info-tip` present; `class="ii"` likely renamed) |
| `:hover` rules | PASS |
| `inv-grid` div | PASS |
| `badge-hero` div | FAIL — missing |
| `trust-notice` div | PASS |
| Wallet hotlinks to `xrpscan.com` | PASS |
| `GemWallet` / `Xaman` indicator strings | PASS |

7 of 9 checks pass. The 2 misses:
- `class="ii"`: likely just a rename (the APAR allowed `.info-tip` as an
  alternate; that one passes) — no action needed.
- `badge-hero`: the trust-badge hero block is genuinely absent from live
  dashboard.html. The `trust-notice` block exists (scam-prevention
  notice) but the `badge-hero` requirements-checklist hero card is not
  present.

Status: MOSTLY RESOLVED. Remaining work: ship the `badge-hero` block
into live dashboard.html (small additive patch).

---

## APAR-006 — Verify Stale Error + Seed-Key Guard — RESOLVED

All three defects required fixes in the standalone gemwallet-verify.js.
All three are present in the loaded production JS.

**6A — stale "not detected" error not cleared:** PASS.
```
$ grep -nE 'clearStatus' gemwallet.js
78:function clearStatus(){
297:  clearStatus();
433:  clearStatus();
785:  clearStatus();
```

**6B — "locked" message replaces "not detected":** PASS.
```
332:  '🔒 GemWallet is locked. Click the GemWallet icon in your browser toolbar, '
333:  'enter your password to unlock it, then click Sign with GemWallet again.'
350:  'GemWallet API loaded, but signing is not available yet. Unlock GemWallet, refresh this page, then try again.'
```

**6C — secret-key (s-prefix) guard:** PASS.
```
112:  // SECRET KEY GUARD — hardest red error
113:  if (v.startsWith('s')) {
117:    error: '🛑 STOP. That looks like a SECRET KEY (seed), not a wallet address. '
119:    'NEVER paste your secret key on any website. Clear this field now.'
```

Status: RESOLVED.

---

## Summary

| APAR | Filed | Audit Result | Remaining Scope |
|---|---|---|---|
| 003 GEMWALLET-REGRESSION | OPEN | **RESOLVED** | none |
| 004 NAV-INCONSISTENCY | OPEN | **PARTIALLY RESOLVED** | 4B render-verify; 4C homepage mobile menu language entry |
| 005 DASHBOARD-TOOLTIPS | OPEN | **MOSTLY RESOLVED** | `badge-hero` block addition |
| 006 VERIFY-STALE-ERROR-SEED-GUARD | OPEN | **RESOLVED** | none |

Combined with the two earlier close-outs filed this session
(APAR-007 hero CTA, APAR-008 gemwallet selectors), of the 6 OPEN APARs
in session-2026-05-16 at session start, FOUR are now RESOLVED with
evidence and TWO have small remaining scope.

---

## Blocker / Risk / Rollback

- Blocker: none. No mutations performed.
- Risk: 4B is render-dependent — recommend manual visual confirmation in
  a logged-in dashboard view before flipping fully RESOLVED. 5's missing
  `badge-hero` is the only material gap.
- Rollback: not applicable.

---

## Next Move

Hand back. Three options for AR:
1. SC takes the small remaining datacert scope: add the 🌐 Language entry
   to index.html mobile menu + ship `badge-hero` block into dashboard.html.
   Both are additive single-mini-split patches under AGE Check-In each.
2. SC pivots to Lane A (Bobby Anderson MIUSA restore — `SC_NEXT_JOB.md`
   still says GO).
3. SC returns to STANDBY pending CC re-triage and a fresh AGE dispatch.

## Needs From

- AR/CC: choose 1, 2, or 3 above.
- CC: re-triage and flip 003 and 006 to RESOLVED in the APAR files (SC
  cannot self-close per AG-001 — SC has annotated the files with audit
  evidence; CC sign required for full closure).

---

TRUTH MATTERS(R) · OTC: USDW · CAGE 8JSY1