You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Added the public self-host release spec files under `docs/specs/` and the acceptance gate at `docs/acceptance/public-selfhost-release-gate.yaml`.
12
12
- Created the pre-change implementation audit at `reports/public-selfhost-hardening/implementation-audit.md`.
13
13
- Hardened the public self-host RC verifier so it emits only `GO` or `NO-GO`, rejects real-executor simulation env values, runs configured real executor gates by adapter, and fails the release gate when required real proofs are missing.
14
+
- Removed stale active public-doc wording that said missing real executor proof reports `PARTIAL`; active RC docs now say missing/skipped/simulated/failed required real executor proof is `NO-GO`, and the public boundary checker rejects stale `reports PARTIAL` claims plus malformed hardening-report final verdict lines.
14
15
- Confirmed the real Codex path invokes the configured Codex binary with `ALL_ADAPTERS_SIMULATION_MODE=0` and `CODEX_SIMULATION_MODE=0`.
15
16
- Added `codencer run events`, `codencer run report`, `codencer run cancel`, and structured `codencer run resume` blocker behavior.
-`python3 scripts/check_docs_links.py` after aligning RC verdict docs with NO-GO policy - passed
144
+
-`python3 scripts/check_public_boundary.py` after aligning RC verdict docs with NO-GO policy - passed
145
+
-`make verify-public-release` after aligning RC verdict docs with NO-GO policy - passed
141
146
-`CODENCER_E2E_REAL_EXECUTORS=codex,claude CODENCER_E2E_CODEX_COMMAND=<codex-binary> CODENCER_E2E_CLAUDE_COMMAND=<claude-binary> make verify-public-selfhost-rc` - failed by design with `NO-GO` after Codex and Claude passed and Antigravity was missing
142
147
-`cd web/gateway-console && CODENCER_E2E_BIN_DIR=../../bin CODENCER_E2E_EXECUTOR_ADAPTER=antigravity CODENCER_E2E_EXECUTOR_PROFILE=antigravity-default CODENCER_E2E_ANTIGRAVITY_INSTANCE_FILE=<temp-file> node tests/live/verify-live.mjs` - failed correctly; the provided Antigravity LS did not expose the isolated verifier repo workspace
Copy file name to clipboardExpand all lines: reports/public-selfhost-hardening/implementation-audit.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,15 +43,15 @@ the exact package was not available in the current attachment cache.
43
43
| Run history/audit/console | Partially implemented | Gateway-observed run history/audit now includes scope, limit/offset pagination, server-side filters, and grouped lifecycle summaries; synced/local ingest transport remains incomplete. |
44
44
| Redaction | Partially implemented | Gateway/sync sanitization exists and artifact-backed release verification now covers default human CLI output for init, config show, project init/status/scan, executor list, sync preview, submit, and run output; full explicit JSON/debug/path surface policy proof is still incomplete. |
45
45
| Public/private boundary | Partially implemented | Docs/checks exist; public repo still contains cloud-control-plane packages that need boundary review against the new specs. |
46
-
| Public RC verifier | Partially implemented |`make verify-public-selfhost-rc` emits only `GO`/`NO-GO`, requires configured real-proof coverage, and reports `NO-GO` when required proofs are missing; Antigravity remains unproven. |
46
+
| Public RC verifier | Partially implemented |`make verify-public-selfhost-rc` emits only `GO`/`NO-GO`, requires configured real-proof coverage, reports `NO-GO` when required proofs are missing, and public boundary checks reject stale active docs claiming `PARTIAL` verdicts; Antigravity remains unproven. |
47
47
48
48
## Requirement Audit
49
49
50
50
### 00 - Public Self-host Release Gate
51
51
52
52
| Requirement | Status | Evidence |
53
53
| --- | --- | --- |
54
-
| Final verdicts only `GO` or `NO-GO`| Implemented |`scripts/verify_public_selfhost_rc.sh` emits `GO` or `NO-GO`; no `PARTIAL` branch remains. |
54
+
| Final verdicts only `GO` or `NO-GO`| Implemented |`scripts/verify_public_selfhost_rc.sh` emits `GO` or `NO-GO`; no `PARTIAL` branch remains, active docs now describe missing real proof as `NO-GO`, and `scripts/check_public_boundary.py` rejects stale `reports PARTIAL` claims plus malformed final hardening-report verdict lines. |
55
55
| Fake/simulation cannot satisfy GO | Implemented for current verifier | Real executor gates reject simulation text/metadata and missing required real proofs force `NO-GO`; Codex and Claude real gates passed with simulation disabled. |
| Codex, Claude Code, and Antigravity real proofs | Partially implemented | Codex passed current artifact-backed scoped proof in `reports/public-selfhost-rc/20260624T120012Z`; Codex and Claude Code passed earlier artifact-backed real gates in `reports/public-selfhost-rc/20260624T105654Z`; Antigravity remains missing. |
0 commit comments