Portable
Layers and roles are abstracted so you swap firewall, identity provider, database, AI provider, and hardware family without re-architecting; nothing is wired to a single vendor or chip family.
PARSO-SAMAD
The 10-pillar self-assessment Beelab grades itself against.
Beelab is not a third-party-certified product. PARSO-SAMAD is the internal framework used to grade every release against ten engineering pillars on a 5-point scale, totaling 50 points. The framework was originally written in 2025 and is published here so you can audit how Beelab grades itself.
The ten pillars
Each scored 0 to 5- P_ / 5
Portable
Can I unplug it, move it, and restore in 15 minutes?
- A_ / 5
Automated
Will it run for two weeks without me touching it?
- R_ / 5
Recoverable
When did I last test a full restore?
- S_ / 5
Secure
What can an attacker do with my public IP?
- O_ / 5
Observable
How do I know it's healthy right now?
- S_ / 5
Scalable
Can I add a service without breaking something else?
- A_ / 5
Auditable
Can I prove who changed what and when?
- M_ / 5
Maintainable
Will I understand this config in three years?
- A_ / 5
Accessible
What's my actual uptime?
- D_ / 5
Durable
Will this hardware last five or more years?
Scored per release, published in changelog.
Grading bands
Total points across the ten pillars place a release in one of five bands. The label below the score on this page is the band the current total falls into.
- 0-15FoundationalEarly build. Most pillars are still manual or untested. The platform may run, but recovery and observability are not yet wired.
- 16-29BuildingCore services are up and at least one backup and monitoring path exists, but key pillars still depend on operator presence.
- 30-41OperationalThe platform runs unattended for days at a time, backups exist and have been opened at least once, and most pillars have a documented runbook.
- 42-50CompliantEvery pillar is engineered to a documented standard. Recovery is tested, observability is end to end, and the platform survives single-node loss.
- 50Excellent (with automation)Every pillar is fully scored and every recurring task (patching, restore drills, certificate rotation, capacity planning) is automated, not scheduled.
Beelab's current self-assessed score
Overall, self-assessed
42+ / 50Compliant
Last self-assessed: 2026-05-17. Next assessment: per release. Per-pillar breakdown ships in the next changelog entry.
PARSO-SAMAD is Beelab's own self-assessment framework. It is not a third-party audit, certification, or attestation. Your organization remains the data controller, processor, or covered entity as applicable for SOC 2, HIPAA, GDPR, or any regulated workload you run on Beelab.
Evidence
Ten pillars, dated and traced.
One layered, public-safe sentence per pillar, self-assessed against the framework above and dated so you can check the work against /changelog when a new release ships.
Automated
Provisioning, deploy, backup, and monitoring run on declarative manifests with a GitOps default (Forgejo + ArgoCD or your choice), so rebuilding the stack from code is the steady state, not the exception.
Recoverable
Backups (encrypted snapshots and offsite copy to a provider you pick) plus a written restore drill are part of the platform contract, not an afterthought; restore steps live in the runbook next to the backup config.
Secure
Zero-trust networking, single sign-on with MFA (Authentik or your identity provider), secrets in a vault, encrypted at rest and in transit, with a published responsible-disclosure policy at /security.
Observable
Metrics, logs, uptime, and alerts ship wired in through an observability layer (Prometheus, Grafana, Loki, Uptime Kuma defaults, swap any piece), so the platform tells you it is healthy before you have to ask.
Scalable
Compute scales 1 to N nodes or N racks across multiple cluster types coexisting side by side (immutable Kubernetes, lightweight Kubernetes, virtualization, container workloads, and the Apple Silicon AI mesh).
Auditable
Every release carries a PARSO-SAMAD self-assessment and a public record on /changelog and /roadmap; the rubric, the score, and the date are all visible on this page.
Maintainable
One job per node, one node per job, blast radius bounded by role, with routine ops, upgrades, and migrations captured as documented playbooks you can read before you touch anything.
Accessible
Public surfaces target WCAG 2.2 AA on color contrast, focus visibility, and motion; admin surfaces accept keyboard and screen-reader workflows alongside pointer input.
Durable
Validated hardware families (HP EliteDesk, Lenovo ThinkCentre, Dell OptiPlex, Minisforum, Mac mini Pro, Mac Studio), ECC where supported, ZFS mirrors, and redundant power and network paths on the parts that matter.