Evidence-led release progress

Reprint Push Progress

Final release is NO-GO because the current final-release gate evaluator reports REPRINT_PUSH_LIVE_SOURCE_REQUIRED. We are at 3/21 gates backed (14%), with 18 release-blocking gate(s) still open.

NO-GO final release
3/21 final gates
18 blocking gates
1000/1000 RPP checklist

Release Stages

3/21 backed now
  • 1

    Support evidence inventory

    checked

    1000/1000 checklist

    620 generated harness cases are cataloged (345 ready, 201 conflict, 74 blocked). This is support evidence, not release approval.

  • 2

    Release-gate evaluator

    held

    3/21 backed

    The final-release evaluator is the source of truth. It is read-only, reports mutationAttempted: false, and currently names REPRINT_PUSH_LIVE_SOURCE_REQUIRED.

  • 3

    Production binding

    blocked

    13 blockers

    Bind live topology, credential, identity, route, and recovery evidence to the final-release evaluator before release movement.

  • 4

    Storage boundary CAS

    blocked

    STORAGE_BOUNDARY_CAS_REQUIRED

    DB/file guarded-write smokes remain useful support proof, but final release needs production-backed storage-boundary CAS for every final target write.

  • 5

    Operator proof and updates

    active

    4 open

    Refresh this surface locally every 600000 ms during active work, then run the focused progress checks before publishing.

  • 6

    Final decision

    held

    NO-GO

    The Go/No-Go record and this surface must keep final release NO-GO while the evaluator reports [release-gates-ci:held final=3/21 candidate=3/21 reason=REPRINT_PUSH_LIVE_SOURCE_REQUIRED].

Current Plan

Release movement stays evaluator-led
  • Keep support evidence separate from production release approval.
  • Bind production topology, credential, identity, route, recovery, storage, and operator proof into the final-release evaluator.
  • Treat storage-boundary-cas as an explicit final-release blocker until production CAS evidence is supplied.
  • Refresh this page locally during active work and validate before any publish proof.

Source Snapshot

Generated from current local data
Release gates

node scripts/release/check-release-gates.mjs --scope final-release --now 2026-06-02T23:02:58.728Z

First blocker

RPP-0001 source-url: REPRINT_PUSH_SOURCE_URL is required before release gates can run preflight, dry-run, apply, or recovery.

Generated harness

node scripts/harness/generated-push-cases.js -> 620 cases.

Update cadence

npm run refresh:progress-surface:watch or managed watcher commands refresh every 600000 ms, roughly 10 minutes.

Managed watcher

not-started; alive: false; cadence: 600000 ms.

Explicit Storage Blocker

STORAGE_BOUNDARY_CAS_REQUIRED

storage-boundary-cas is open. Release movement requires production-backed evidence that every final target write is guarded at the storage boundary, revalidated before mutation, and rejects stale-at-write attempts without later mutation. The DB guarded-write and file guarded-write smokes pass locally as support evidence only.

21-Gate Model

3 passed / 18 blocking
Bucket Passed Blocking
Auth 0/4 4
Boundary 1/1 0
Identity 0/1 1
Operator Proof 0/4 4
Recovery 0/2 2
Route 0/3 3
Storage 0/1 1
Summary 1/1 0
Topology 1/4 3

Passed Gates

  • packaged-fallback RPP-0004
  • remote-alias RPP-0005
  • release-movement-summary RPP-0016

These passed gates do not close production risk. The release remains held until all blocking gates have final-release evidence.

Remaining Blockers

All require production-scoped closure
RPP Gate Bucket Code Reason
RPP-0001 source-url topology REPRINT_PUSH_LIVE_SOURCE_REQUIRED REPRINT_PUSH_SOURCE_URL is required before release gates can run preflight, dry-run, apply, or recovery.
RPP-0002 local-url topology REPRINT_PUSH_LOCAL_URL_REQUIRED REPRINT_PUSH_LOCAL_URL is required to prove the local edited site boundary.
RPP-0003 remote-changed-url topology REPRINT_PUSH_REMOTE_CHANGED_URL_REQUIRED REPRINT_PUSH_REMOTE_CHANGED_URL is required to prove stale remote replay fails before mutation.
RPP-0006 auth-source-readback auth PRODUCTION_AUTH_SESSION_BOUNDARY_REQUIRED Auth source command readback must prove the same live source URL used at issuance and readback.
RPP-0007 production-secret auth REPRINT_PUSH_SECRET_REQUIRED Production credential evidence is required before release movement.
RPP-0008 application-password-binding auth APPLICATION_PASSWORD_BINDING_REQUIRED Application Password credential binding must be proven against the checked source identity.
RPP-0009 manage-options-capability auth MANAGE_OPTIONS_CAPABILITY_REQUIRED manage_options capability proof is required for the checked production user.
RPP-0010 same-source-identity identity SAME_SOURCE_IDENTITY_REQUIRED Same source URL identity proof is required across preflight, dry-run, apply, journal, and recovery.
RPP-0011 preflight-route-identity route PREFLIGHT_ROUTE_IDENTITY_REQUIRED Preflight route identity proof is required before release movement.
RPP-0012 dry-run-route-eligibility route DRY_RUN_ROUTE_ELIGIBILITY_REQUIRED Dry-run route eligibility proof is required before release movement.
RPP-0013 apply-route-pre-mutation route APPLY_ROUTE_PRE_MUTATION_REQUIRED Apply route pre-mutation rejection proof is required before release movement.
RPP-0014 journal-route-read-only recovery JOURNAL_ROUTE_READ_ONLY_REQUIRED Journal route read-only proof is required before release movement.
RPP-0015 recovery-inspect-read-only recovery RECOVERY_INSPECT_READ_ONLY_REQUIRED Recovery inspect read-only proof is required before release movement.
RPP-0021 storage-boundary-cas storage STORAGE_BOUNDARY_CAS_REQUIRED Storage-boundary CAS proof is required for every final target write before release movement.
RPP-0017 tmux-status-marker operator-proof TMUX_STATUS_MARKER_REQUIRED A final bracketed stdout status marker is required for tmux-visible release gate proof.
RPP-0018 progress-release-timestamp operator-proof PROGRESS_RELEASE_TIMESTAMP_REQUIRED A release timestamp tied to current evidence is required before release movement.
RPP-0019 agents-release-gates-row operator-proof AGENTS_RELEASE_GATES_ROW_REQUIRED .agents/RELEASE_GATES.md status row evidence is required before release movement.
RPP-0020 verify-release-failure-reason operator-proof VERIFY_RELEASE_FAILURE_REASON_REQUIRED verify:release must prove nonzero failures include a named reason before release movement.

Refresh Mechanism

Local-only, no tunnels

One-shot refresh: npm run refresh:progress-surface. Foreground active-work loop: npm run refresh:progress-surface:watch, which repeats every 600000 ms until Ctrl-C. Managed loop: npm run refresh:progress-surface:watch:start, npm run refresh:progress-surface:watch:status, and npm run refresh:progress-surface:watch:stop. Validation: npm run check:progress-surface. Publishing proof remains separate with npm run publish:progress-page:dry-run.

Full evidence lives off-page
Release timestamp proof

Evidence toward RPP-0038 links `node --test test/progress-html-release-timestamp.test.js test/release-gates.test.js test/release-gate-cli.test.js` observed status `pass` to the generated proof timestamp ; release remains held and `NO-GO`.