Hotel Comp Policy Model | Technical Evidence

Engineering evidence

Verified S3-to-Snowflake decision lineage, data contracts, semantic quality gates, security controls, and report-source parity.

Evidence boundary: Operational records and outcomes are synthetic. Public context establishes property fit and guest-facing value, not internal policy, costs, or performance.

This appendix shows how the static executive decision is produced, validated, and kept traceable. It is supporting evidence for the decision product, not a claim that cloud infrastructure improves the synthetic model's statistical validity.

Evidence boundary: operating records and policy outcomes are synthetic. Account, bucket, role, credential, and guest identifiers are intentionally omitted.

Decision Lineage

synthetic PMS / CRM / service / comp / POS / survey / operations
+ bounded public property, pricing, review, and demand context
        |
        v
S3 landing/{run_id}              source-faithful, versioned snapshots
        |
        v
Snowflake RAW                    source-shaped VARCHAR ingestion
        |
        v
Python policy engine             bootstrap, policy comparison, sensitivity
        |
        v
S3 model-output/{run_id}         versioned statistical outputs
        |
        v
Snowflake typed MARTS / AUDIT    decision views and quality controls
        |
        v
parity-checked extract           static executive decision brief

Python remains responsible for the paired bootstrap and coherent shared-world assumption stress test. Snowflake is responsible for typed persistence, SQL serving views, reconciliation, and decision-semantic validation.

Verified Execution

Operational Decision Runtime

The manager-facing prototype uses the same deterministic Python decision modules as the offline comparison workflow. A generated, checksummed bundle freezes the selected rule, catalog, guardrails, and provenance for the Worker; generated module hashes prevent the edge runtime from quietly drifting away from the canonical source.

Data Contracts And Quality Gates

The curated Snowflake layer uses snowflake_mart_types:v1. 253 of 360 MARTS columns are explicitly numeric, Boolean, or date types; identifiers, labels, explanations, and provenance remain text.

Validation covers:

Security And Cost Controls

ControlImplementation
Public accessS3 public access is blocked; no cloud resources are exposed by the report.
EncryptionS3 objects use server-side encryption and bucket versioning.
AWS accessSnowflake assumes a prefix-scoped IAM role with an external ID.
Snowflake accessProject-scoped role; credentials and connection files stay outside Git.
Compute costX-Small warehouse with auto-resume and 60-second auto-suspend.
ReproducibilityRun IDs, row counts, hashes, contracts, and sanitized validation evidence.
AutomationLocal tests run independently; cloud validation is deliberately manually triggered to control credentials and cost.

Reproducible Paths

make local-all       # credential-free DuckDB path
make enterprise-all  # S3 -> Snowflake -> validated extracts -> reports

The default report remains static so a stakeholder does not need cloud credentials or a running warehouse. A validated extract is materialized before publication.

Deliberate Limitations

Reviewable Implementation