Deploy audit

Before the site goes live, prove the static publish surface exists.

This page documents the deploy audit for tracemap.tools: the generated routes, sitemap, robots file, LLM discovery file, JSON indexes, and public claim boundaries that must survive a static-site build.

Public claim level: demo. Shared site principle: No public conclusion without evidence. This audit is not live AWS state, not runtime behavior proof, and not deployment success proof.

What the audit checks

The publish contract is static and reviewable.

RoutesRequired public pages such as home, docs, validation, limitations, demo result, proof paths, legacy evidence, and this deploy audit route must build to HTML.

Discoveryllms.txt, docs-index.json, and routes-index.json must exist and continue pointing to public-safe evidence, docs, and limitations.

Crawlersrobots.txt must keep the sitemap directive and the LLM discovery comment, while sitemap.xml must include expected HTML routes.

BoundariesThe audit page must keep non-claims visible and avoid private paths, local URLs, raw fact streams, SQLite files, analyzer logs, credentials, and raw generated artifacts.

Command

The deploy audit runs as part of site validation.

Amplify still publishes only site/dist. This check verifies the static build output before that directory is uploaded.

cd site
npm run validate

Entry points

These files and routes are the public discovery spine.

Human entry points

Routes: home, docs, validation, limitations, proof paths, and legacy evidence.

Limitation: Route presence is not product completeness, deployment state, or release approval.

Bot entry points

Files: llms.txt, docs-index.json, routes-index.json, sitemap.xml, and robots.txt.

Limitation: Discovery metadata routes readers to evidence; it does not infer conclusions or prove runtime behavior.

Proof entry points

Routes: demo result, proof upgrades, proof assets, and proof path index.

Limitation: Public demo proof remains scoped to checked-in samples and public-safe summaries.

Non-claims

The deploy audit is not an uptime monitor.

No runtime behavior proof, production traffic proof, endpoint performance proof, deployment success proof, release safety proof, or release approval proof.
No claim that AWS Amplify, DNS, TLS, CDN cache, or external crawlers currently serve the newest commit.
No AI impact analysis, LLM calls, embeddings, vector databases, or prompt-based classification in TraceMap scanner or reducer claims.
No raw facts, SQLite files, analyzer logs, source snippets, SQL text, config values, secrets, local absolute paths, raw remotes, or generated scan directories.