Case study · v1.0 · published 2026-04-29
Hireposture, the candidate-data calibration.
Fourth internal audit under The Integrity Framework v1.0. Hireposture is structurally aligned with the framework but uses different marker names than the reference implementation. The audit codified the candidate-data-vs-compliance-attestation distinction in v1.8.0.
Source documents are public: Hireposture's INTEGRITY.md and audits/tif-compliance.md.
What was audited
Hireposture is a Startvest LLC product. Pre-posting compliance check for job descriptions, scoped to ADA Title I qualification-standard risk. Two surfaces: an audit pipeline (paste a JD, get findings against a curated rule library) and a memo-plus-audit-trail output designed to be defensible inside an EEOC charge investigation. The product never certifies a JD as compliant — every memo carries an explicit “not legal advice” disclaimer and recommends employment-counsel review.
ADA-related categories carry the same overlay-vendor failure pressure that destroyed accessiBe and similar. Hireposture is built on the inverse premise: documented chain over certification artifact.
Headline result
20 dimensions · Layer 1 vetoes (6) + Layer 2 constraints (7) + Layer 3 guardrails (7)
16
Pass
3
Partial / Needs update
1
Out-of-segment
0
Fail
Vendor scorecard (TIF v1.0): 4 YES / 0 PARTIAL / 2 NO. Open scorecard rows: MSA refund clause (counsel-blocked) and annual independent audit (deferred pending external funding, honestly classified — buyer-driven for the mid-market HR tier).
Layer 2 was 7/7 PASS after the v1.8.0 calibration. Layer 1 had one PARTIAL — Veto 6 (TechCrunch Test) is honestly framed as PRE-COUNSEL-REVIEW; flips PASS when the rule library is attorney-attested and the marketing copy passes UPL review. Layer 3 has the standard portfolio open items: MSA refund clause and accountability community.
The headline finding: candidate-data vs compliance-attestation
Hireposture's Layer 2 architecture is structurally aligned with the framework but uses different marker names than FieldLedger (the reference implementation). On first run, two CRITICAL rules failed: CRIT-SV-AI-REVIEW-GATE and CRIT-SV-NO-PRE-POPULATED-ATTESTATION. Both turned out to be marker-naming false negatives.
Constraint
L2 C2 — AI Output Review Gates
FieldLedger marker
reviewedBy (camelCase, on AI-output rows)
Hireposture marker
signed_by_user_id (snake_case, on Hireposture_AuditMemos)
Constraint
L2 C3 — Self-Attestation Isolation
FieldLedger marker
RateSnapshotJson (output-attestation provenance: did this rate-letter reference customer-submitted evidence?)
Hireposture marker
customer_attested (data-input provenance: is this finding's source field rule_match, llm_extraction, or customer_attested?)
Both products satisfy the constraint. They just label it differently, at different layers — input-data provenance vs output-attestation provenance. The framework had been calibrated against FL's naming and didn't anticipate HP's legitimate variants.
Framework revision: v1.8.0
Widened required-pattern lists for both rules:
CRIT-SV-AI-REVIEW-GATEnow also acceptssigned_by,signedBy,signed_by_user_idas review-gate markers.CRIT-SV-NO-PRE-POPULATED-ATTESTATIONnow also accepts snake_case variants of the existing markers (customer_attested,attested_by,submitted_by,reviewed_by, etc.).
The framework now accepts both forms because both indicate the constraint is structurally enforced. Backwards-compatible against FL/CL/IL: identical pass counts to v1.7.0.
This is the candidate-data-vs-compliance-attestation distinction the audit anticipated, codified. It is also the foundation for the v1.9.0 third C3 axis (validation-gate) that ADAComplianceDocs surfaced one audit later.
Open items at audit close
Eleven remediation tickets opened. Most are counsel-blocked — Hireposture sits in a category where the line between a workflow tool and unauthorized practice of law is fragile and counsel review is the gating step.
Finalize MSA refund-on-failure clause (counsel-blocked)
~4-5 month counsel review window. Pro-rated refund clause for documented memo errors or missed patterns.
Employment counsel review of rule library (UPL exposure)
32 rules in v0.1-bootstrap curated from public sources but not legally attested. Veto 6 flips PARTIAL → PASS on attestation.
Employment counsel review of marketing copy
UPL exposure on every claim made about what the product does.
Draft DPA template (counsel-blocked)
Required for enterprise procurement.
Attorney content partnership BD
Year-1 attorney content partnership (Fisher Phillips / Ogletree / Jackson Lewis / Seyfarth) is upstream content licensing, not downstream certification.
Pen test execution
ZAP automated scan or external tester before public launch.
Test coverage on critical paths
Audit pipeline, memo signing gate, Stripe webhook, multi-tenant isolation, first-signin workspace provisioning.
Complete workspace cancellation flow + add is_active column
Trail retention is enforced at the DB-trigger layer. Cancellation UX is incomplete.
Engage accountability community
NDRN, AAPD, plaintiff-side ADA attorneys, JAN.
Rename CRIT-SV-MEMO-SIGNATURE-GATE → CRIT-HP-MEMO-SIGNATURE-GATE
Per CRIT-SV-NO-BASE-ID-OVERRIDE, the SV namespace is reserved for the base manifest.
integrity@startvest.ai mailbox provisioning
Same shared resolution as FL/CL/IL/ADA.
What this teaches
- Marker naming is real architecture, not just style. snake_case vs camelCase, output-attestation vs input-data provenance — different naming reflects different legitimate Layer 2 implementations.
- Required-pattern lists must be widened cautiously, not narrowed. v1.8.0 added markers; never removed them. Backwards-compat is a hard constraint — every product that passed before passes after.
- Pre-counsel-review is a legitimate Veto 6 PARTIAL. Counsel review takes time and money. Honest classification beats forcing PASS. Hireposture explicitly avoids “attorney-curated” marketing claims until attestation lands.
Reproducibility
# from a clone of the integrity-cli repo node bin/integrity.mjs check ../hireposture --format=json \ > ../hireposture/audits/tif-compliance.cli-output.json
Changelog
- 2026-04-29 — v1.0. Initial publication. Drove base manifest v1.8.0 (snake_case marker variants; candidate-data-vs-compliance-attestation distinction codified).