Release evidence recipes and sanitized proof samples¶
Use this page when a release owner or reviewer needs copy-ready commands for release-readiness evidence, trusted PR Quality handoff evidence, or post-merge verification.
These commands are reporting-only. They do not release, publish, merge, apply patches, dismiss security findings, resolve review threads, or prove semantic equivalence.
The report commands consume repository-local files. The post-merge command does not collect GitHub evidence; collect and review the four saved evidence files separately before invoking it.
Recipe 1: baseline release-readiness package¶
Inputs¶
- A clean local checkout at the commit being reviewed.
- The repository release surfaces, including
Makefile,.github/workflows/release.yml, and the release evidence docs.
Command¶
python -m sdetkit release-readiness-evidence-package \
--root . \
--out-json build/sdetkit/release-readiness-evidence/package.json \
--out-md build/sdetkit/release-readiness-evidence/package.md \
--format json
Outputs¶
build/sdetkit/release-readiness-evidence/package.jsonbuild/sdetkit/release-readiness-evidence/package.md
Interpretation¶
A ready_for_human_release_review result means the expected evidence surfaces
were detected. It is not release or publish authorization. A
review_required result identifies missing or blocking evidence that a human
must resolve.
Recipe 2: package a trusted PR Quality handoff¶
Inputs¶
- A contributor-facing
pr-review-summary.md. - The matching trusted publisher
handoff-manifest.json. - Both files bound to the same Git head as the release package.
Command¶
python -m sdetkit release-readiness-evidence-package \
--root . \
--pr-quality-summary evidence/pr-review-summary.md \
--pr-quality-handoff-manifest evidence/handoff-manifest.json \
--out-json build/sdetkit/release-readiness-evidence/package.json \
--out-md build/sdetkit/release-readiness-evidence/package.md \
--format json
Outputs and review¶
Review pr_quality_handoff.collection_status, head_matches,
release_review_blocking, and source_digests. The summary and manifest are a
pair: supplying only one is missing, invalid JSON or authority fields are
malformed, a different head is stale, and mismatched bytes are
digest_mismatch.
Recipe 3: post-merge verification from saved evidence¶
Inputs¶
Create one deterministic evidence directory:
evidence/
├── pr.json
├── main-status.json
├── review-threads.json
└── security-check.json
The directory must already contain reviewed GitHub and local-security evidence. The command does not call GitHub and does not update those files.
Command¶
python -m sdetkit post-merge-verification \
--root . \
--evidence-dir evidence \
--previous-main-sha 1111111111111111111111111111111111111111 \
--out-json build/sdetkit/post-merge-verification/report.json \
--out-md build/sdetkit/post-merge-verification/report.md \
--format json
Outputs¶
build/sdetkit/post-merge-verification/report.jsonbuild/sdetkit/post-merge-verification/report.md
Interpretation¶
verified requires a closed merged PR, canonical merge containment, successful
CI, zero current GHAS review threads, zero warning/error security findings, and
no protected-path drift. Informational security findings remain visible through
finding_count and info_count; only blocking_finding_count, warn_count,
and error_count block verification.
Recipe 4: verify freshness without regenerating¶
Release package:
python -m sdetkit release-readiness-evidence-package \
--root . \
--out-json build/sdetkit/release-readiness-evidence/package.json \
--check-freshness \
--format text
Post-merge report:
python -m sdetkit post-merge-verification \
--root . \
--evidence-dir evidence \
--previous-main-sha 1111111111111111111111111111111111111111 \
--out-json build/sdetkit/post-merge-verification/report.json \
--check-freshness \
--format text
A stale freshness result means the recorded schema, generator bytes, input bytes, or Git head no longer matches the current context. Re-collect or regenerate evidence only through the reviewed operator workflow.
Outcome and collection-state matrix¶
| State | Meaning | Safe next action |
|---|---|---|
collected |
The requested evidence parsed and passed its input contract. | Continue reviewing the report decision. |
missing |
A required file or paired input is absent. | Collect the missing evidence; do not infer zero. |
malformed |
Evidence exists but violates its JSON or field contract. | Repair the collection process and recollect. |
stale |
Evidence is bound to a different head or input state. | Recollect evidence for the current commit. |
digest_mismatch |
Trusted manifest bytes do not match the supplied summary. | Stop and restore the trusted publisher pair. |
review_required |
Evidence is readable but a human blocker remains. | Review missing items or blocking posture. |
unavailable |
A required collection or local Git relation is not authoritative. | Investigate collection access and retry read-only proof. |
verified |
Post-merge evidence satisfies the reporting contract. | Record closure; no additional authority is granted. |
Sanitized proof samples¶
The samples use fixed timestamps, explicit sha256-redacted digest markers,
low-entropy placeholder commit SHAs, example.invalid URLs when a URL is
needed, and repository-relative paths.
They are examples, not current-run evidence.
Troubleshooting¶
- The report says missing: verify the exact input filenames and paired arguments.
- The report says malformed: validate the top-level JSON object, schema, and strict authority boundary.
- The report says stale: compare the saved evidence head and input digests with the current checkout.
- The post-merge report says review_required with info findings: inspect
blocking_finding_count; informational findings alone are non-blocking. - The report says unavailable: do not convert the result to zero or success. Restore authoritative collection or local Git access.
Authority boundary¶
Every recipe preserves:
reporting_only=true
repo_mutation=false
issue_mutation_allowed=false
automation_allowed=false
patch_application_allowed=false
workflow_rerun_allowed=false
security_dismissal_allowed=false
release_authorized=false
publish_authorized=false
merge_authorized=false
semantic_equivalence_proven=false
Human review remains required for release, publish, merge, security dismissal, and any repository mutation.