Reprint Push Progress
Final release is NO-GO because the current final-release gate evaluator reports REPRINT_PUSH_LIVE_SOURCE_REQUIRED. We are at 3/21 gates backed (14%), with 18 release-blocking gate(s) still open.
Release Stages
3/21 backed now-
1
Support evidence inventory
checked620 generated harness cases are cataloged (345 ready, 201 conflict, 74 blocked). This is support evidence, not release approval.
-
2
Release-gate evaluator
heldThe final-release evaluator is the source of truth. It is read-only, reports mutationAttempted: false, and currently names REPRINT_PUSH_LIVE_SOURCE_REQUIRED.
-
3
Production binding
blockedBind live topology, credential, identity, route, and recovery evidence to the final-release evaluator before release movement.
-
4
Storage boundary CAS
blockedDB/file guarded-write smokes remain useful support proof, but final release needs production-backed storage-boundary CAS for every final target write.
-
5
Operator proof and updates
activeRefresh this surface locally every 600000 ms during active work, then run the focused progress checks before publishing.
-
6
Final decision
heldThe Go/No-Go record and this surface must keep final release NO-GO while the evaluator reports [release-gates-ci:held final=3/21 candidate=3/21 reason=REPRINT_PUSH_LIVE_SOURCE_REQUIRED].
Current Plan
Release movement stays evaluator-led- Keep support evidence separate from production release approval.
- Bind production topology, credential, identity, route, recovery, storage, and operator proof into the final-release evaluator.
- Treat storage-boundary-cas as an explicit final-release blocker until production CAS evidence is supplied.
- Refresh this page locally during active work and validate before any publish proof.
Source Snapshot
Generated from current local datanode scripts/release/check-release-gates.mjs --scope final-release --now 2026-06-02T23:02:58.728Z
RPP-0001 source-url: REPRINT_PUSH_SOURCE_URL is required before release gates can run preflight, dry-run, apply, or recovery.
node scripts/harness/generated-push-cases.js -> 620 cases.
npm run refresh:progress-surface:watch or managed watcher commands refresh every 600000 ms, roughly 10 minutes.
not-started; alive: false; cadence: 600000 ms.
Explicit Storage Blocker
STORAGE_BOUNDARY_CAS_REQUIREDstorage-boundary-cas is open. Release movement requires production-backed evidence that every final target write is guarded at the storage boundary, revalidated before mutation, and rejects stale-at-write attempts without later mutation. The DB guarded-write and file guarded-write smokes pass locally as support evidence only.
21-Gate Model
3 passed / 18 blocking| Bucket | Passed | Blocking |
|---|---|---|
| Auth | 0/4 | 4 |
| Boundary | 1/1 | 0 |
| Identity | 0/1 | 1 |
| Operator Proof | 0/4 | 4 |
| Recovery | 0/2 | 2 |
| Route | 0/3 | 3 |
| Storage | 0/1 | 1 |
| Summary | 1/1 | 0 |
| Topology | 1/4 | 3 |
Passed Gates
packaged-fallbackRPP-0004remote-aliasRPP-0005release-movement-summaryRPP-0016
These passed gates do not close production risk. The release remains held until all blocking gates have final-release evidence.
Remaining Blockers
All require production-scoped closure| RPP | Gate | Bucket | Code | Reason |
|---|---|---|---|---|
| RPP-0001 | source-url |
topology | REPRINT_PUSH_LIVE_SOURCE_REQUIRED |
REPRINT_PUSH_SOURCE_URL is required before release gates can run preflight, dry-run, apply, or recovery. |
| RPP-0002 | local-url |
topology | REPRINT_PUSH_LOCAL_URL_REQUIRED |
REPRINT_PUSH_LOCAL_URL is required to prove the local edited site boundary. |
| RPP-0003 | remote-changed-url |
topology | REPRINT_PUSH_REMOTE_CHANGED_URL_REQUIRED |
REPRINT_PUSH_REMOTE_CHANGED_URL is required to prove stale remote replay fails before mutation. |
| RPP-0006 | auth-source-readback |
auth | PRODUCTION_AUTH_SESSION_BOUNDARY_REQUIRED |
Auth source command readback must prove the same live source URL used at issuance and readback. |
| RPP-0007 | production-secret |
auth | REPRINT_PUSH_SECRET_REQUIRED |
Production credential evidence is required before release movement. |
| RPP-0008 | application-password-binding |
auth | APPLICATION_PASSWORD_BINDING_REQUIRED |
Application Password credential binding must be proven against the checked source identity. |
| RPP-0009 | manage-options-capability |
auth | MANAGE_OPTIONS_CAPABILITY_REQUIRED |
manage_options capability proof is required for the checked production user. |
| RPP-0010 | same-source-identity |
identity | SAME_SOURCE_IDENTITY_REQUIRED |
Same source URL identity proof is required across preflight, dry-run, apply, journal, and recovery. |
| RPP-0011 | preflight-route-identity |
route | PREFLIGHT_ROUTE_IDENTITY_REQUIRED |
Preflight route identity proof is required before release movement. |
| RPP-0012 | dry-run-route-eligibility |
route | DRY_RUN_ROUTE_ELIGIBILITY_REQUIRED |
Dry-run route eligibility proof is required before release movement. |
| RPP-0013 | apply-route-pre-mutation |
route | APPLY_ROUTE_PRE_MUTATION_REQUIRED |
Apply route pre-mutation rejection proof is required before release movement. |
| RPP-0014 | journal-route-read-only |
recovery | JOURNAL_ROUTE_READ_ONLY_REQUIRED |
Journal route read-only proof is required before release movement. |
| RPP-0015 | recovery-inspect-read-only |
recovery | RECOVERY_INSPECT_READ_ONLY_REQUIRED |
Recovery inspect read-only proof is required before release movement. |
| RPP-0021 | storage-boundary-cas |
storage | STORAGE_BOUNDARY_CAS_REQUIRED |
Storage-boundary CAS proof is required for every final target write before release movement. |
| RPP-0017 | tmux-status-marker |
operator-proof | TMUX_STATUS_MARKER_REQUIRED |
A final bracketed stdout status marker is required for tmux-visible release gate proof. |
| RPP-0018 | progress-release-timestamp |
operator-proof | PROGRESS_RELEASE_TIMESTAMP_REQUIRED |
A release timestamp tied to current evidence is required before release movement. |
| RPP-0019 | agents-release-gates-row |
operator-proof | AGENTS_RELEASE_GATES_ROW_REQUIRED |
.agents/RELEASE_GATES.md status row evidence is required before release movement. |
| RPP-0020 | verify-release-failure-reason |
operator-proof | VERIFY_RELEASE_FAILURE_REASON_REQUIRED |
verify:release must prove nonzero failures include a named reason before release movement. |
Refresh Mechanism
Local-only, no tunnelsOne-shot refresh: npm run refresh:progress-surface. Foreground active-work loop: npm run refresh:progress-surface:watch, which repeats every 600000 ms until Ctrl-C. Managed loop: npm run refresh:progress-surface:watch:start, npm run refresh:progress-surface:watch:status, and npm run refresh:progress-surface:watch:stop. Validation: npm run check:progress-surface. Publishing proof remains separate with npm run publish:progress-page:dry-run.
Drill-In Links
Full evidence lives off-page- Release gate evidence
- Go/No-Go release decision record
- Detailed progress report
- Progress refresh instructions
- Generated push harness
Evidence toward RPP-0038 links `node --test test/progress-html-release-timestamp.test.js test/release-gates.test.js test/release-gate-cli.test.js` observed status `pass` to the generated proof timestamp ; release remains held and `NO-GO`.