Public/private report separation keeps public-safe summaries distinct from deeper internal diagnostics.
The frontend shell displays public-safe demo evidence only. Private/internal report material is not exposed in the public UI.
Current evidence combines internal/local tests and controlled hosted API smoke. External validation and production hardening are separate future milestones.