Verification Report¶

Summary¶

Category	Count
Claims verified ✅	14
Claims with drift 🔧	0
Claims requiring follow-up ⚠	5

A. Verified claims¶

Claim	Where claimed	How verified
Tech stack: React 18.3.1, TS 5.5.3, Vite 5.4.1, Tailwind 3.4.11	`architecture-overview.md`	`package.json`
6 user-visible routes	`routing-and-state.md`	enumerated in `src/App.tsx`
`src/services/api.ts` is 184 lines	`architecture-overview.md`, `api-consumption.md`	`wc -l src/services/api.ts` → 184
50 components in `src/components/ui/`	`ui-component-library.md`	`ls src/components/ui \\| wc -l` → 50
Token stored in `localStorage["auth_token"]`	`authentication-client.md`, `security.md`	`grep -n auth_token src/context/AuthContext.tsx` confirms `localStorage.getItem("auth_token")`
`Apptype` header hardcoded to `btoa("admin-console")` instead of `ENV.APP_TYPE`	`api-consumption.md` F-2, `security.md` F-2	`grep -n Apptype src/services/api.ts`
`cdn.gpteng.co/gptengineer.js` script in `index.html`	`security.md` F-3	`grep gpteng.co index.html`
`lovable-tagger` is dev-only	`dependencies-inventory.md`, `security.md` F-7	`vite.config.ts` `mode === 'development' && componentTagger()`
Three lockfiles (package-lock.json, yarn.lock, bun.lockb)	`dependencies-inventory.md`	`ls .lock bun.lockb`
`vite.config.ts` `port: 8080`, `allowedHosts: ["admin.someli.ai"]`, HMR overlay disabled	`architecture-overview.md`, `configuration.md`	`cat vite.config.ts`
No `Dockerfile` / `Jenkinsfile` / `.github/workflows/` in repo	`build-and-deploy.md`	`ls Dockerfile Jenkinsfile .github 2>&1` returns errors
`AuthContext.tsx` checks `localStorage["auth_token"]` and `/me` for session	`authentication-client.md`	`cat src/context/AuthContext.tsx`
Five role IDs configured as env vars (`SUPER_ADMIN`, `ADMIN`, `ACCOUNT_MANAGER`, `DEVELOPER`, `DESIGNER`)	`configuration.md`	`cat src/config/env.ts`
Tailwind dark mode is class-based but no theme switcher exists	`ui-component-library.md`	`cat tailwind.config.ts`; no `next-themes` mount in App.tsx

B. Drifted claims¶

None.

C. Follow-up needed¶

ID	Item	Why deferred
[VERIFY-1]	Confirm `strict: true` in `tsconfig.app.json`	Not explicitly read during this pass
[VERIFY-2]	Confirm production hosting (S3+CloudFront vs Lightsail+nginx vs Vercel)	Out-of-repo
[VERIFY-3]	Confirm whether `/uploadLogo`, `/uploadCompanyLogo` are implemented in `Someli-admin-api` (not in its `API-inventory.md`)	Cross-repo discrepancy noted; needs BE-side check
[VERIFY-4]	Confirm exact `--mode development` vs production differences in build output	Build not run during audit
[VERIFY-5]	Confirm `react-hook-form + zod` adoption: every form, or only some?	Page-by-page audit needed

D. Notes for next re-verification¶

This is the youngest repo in the platform; expect it to move quickly. Re-verify every 6 months.
Re-count routes, components; update README.md and routing-and-state.md.
Track Phase 0a items in the roadmap; mark off as fixed.
If tests are added, document the framework choice and update testing.md.
If a Dockerfile / CI workflow lands, update build-and-deploy.md.
If the auth changes (httpOnly cookie / token expiry), revise authentication-client.md and security.md.