proof_matrix.yml

schema_version: gn_ten_proof_matrix_v1
workspace_ref: workspace://nshkrdotcom/gn-ten
branch_policy: main_only

contract_families:
  - "000 repo contracts"
  - "100 development process"
  - "200 refactoring"
  - "300 architecture"
  - "400 agent patterns"
  - "500 governance"
  - "600 deployment"

proofs:
  - id: repo_agent_instruction_drift
    owner_repo: stack_lab
    contract_family: "000 repo contracts"
    status: implemented
    profile: local_quick
    command: mix gn_ten.repo_agents.validate
    fixture: repo_agent_instructions/
    receipt: receipt://stack_lab/repo_agent_instruction_drift/latest
    proves:
      - repo-local AGENTS.md marked gn-ten sections match reviewed drafts
      - CLAUDE.md compatibility shims point to AGENTS.md
    does_not_prove:
      - semantic correctness of every human-authored instruction paragraph
      - future repo-local edits outside marked gn-ten sections
    next_action: keep validator in mix ci and expand with no-bypass checks in Phase I
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/local_quick/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: stack_lab_development_loop
    owner_repo: stack_lab
    contract_family: "100 development process"
    status: implemented
    profile: local_full
    command: mix ci
    fixture: support/lab_core
    receipt: receipt://stack_lab/mix_ci/latest
    proves:
      - StackLab workspace commands, support packages, examples, tests, credo, docs, and weld gates compose locally
      - local development gates can run from the command surface without feature branches
    does_not_prove:
      - every repo-local CI gate across all ten repos after future drift
      - deployment behavior or live-provider behavior
    next_action: add batch command receipts and resumable ordered execution in Phase G

  - id: refactoring_deletion_backlog
    owner_repo: stack_lab
    contract_family: "200 refactoring"
    status: implemented
    profile: local_quick
    command: mix gn_ten.refactoring_deletion.scenarios --json
    fixture: docs/receipts/gn_ten_refactoring/deletion_backlog.json
    receipt: receipt://stack_lab/refactoring_deletion_backlog/latest
    proves:
      - current refactoring deletion inventory covers all ten target repos
      - deletion campaigns are linked to StackLab batch receipts
      - retained compatibility surfaces have owner, reason, review date, and scanner posture
      - active delete candidates are empty for the current platform claim
    does_not_prove:
      - semantic duplicate detection beyond named inventory classes
      - deletion of public product compatibility routes or flags
      - future duplicate introductions outside scanner coverage
    next_action: keep deletion inventory receipts in StackLab CI and open concrete deletion campaigns when active candidates appear
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/refactoring_deletion_backlog/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: workspace_manifest_control_plane
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_quick
    command: mix gn_ten.validate
    fixture: gn-ten.yml
    receipt: receipt://stack_lab/workspace_manifest_control_plane/latest
    proves:
      - gn-ten manifest names the exact ten repos in ranked order
      - each repo declares main-only branch policy and proof ownership fields
    does_not_prove:
      - runtime correctness of any repo
      - artifact freshness after producer commits
    next_action: keep manifest validation in mix ci and link Phase G receipts to repo command batches
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/local_quick/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: contract_artifact_ledger
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_quick
    command: mix gn_ten.artifacts.validate
    fixture: contract_artifacts.yml
    receipt: receipt://stack_lab/contract_artifact_ledger/latest
    proves:
      - projected artifact producers and consumers resolve through gn-ten.yml
      - stale source SHA drift is classified by artifact lifecycle status
    does_not_prove:
      - artifacts have been published or consumed by package managers
      - consumer behavior has been assembled through runtime fixtures
    next_action: add Phase G batch receipts that connect producer commands to ledger refreshes
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/local_quick/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_topology_freeze
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_quick
    command: mix gn_ten.topology.freeze --json
    fixture: lib/stack_lab/gn_ten/distributed_topology.ex
    receipt: receipt://stack_lab/gn_ten_distributed_topology_freeze/latest
    proves:
      - canonical v2 distributed topology refs, node caps, owner repos, owner discovery groups, and required profiles are frozen
      - topology validation rejects unknown repos, duplicate node ids, missing required domains, owner group mismatch, and node counts above cap
      - scale profiles have exact reviewed node counts for 12, 32, and 49 nodes
    does_not_prove:
      - EPMD startup or peer lifecycle
      - owner facade availability
      - distributed business semantics
      - monolith/distributed parity
      - 49-node scale feasibility
    next_action: implement generic node-lab preflight and peer lifecycle against the frozen topology catalog
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_topology_freeze/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_preflight
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_quick
    command: mix stack_lab.gn_ten.node_lab.preflight --json
    fixture: support/gn_ten_node_lab
    receipt: receipt://stack_lab/gn_ten_node_lab_preflight/latest
    proves:
      - the reusable support/gn_ten_node_lab package owns preflight and peer lifecycle checks
      - EPMD can be found and started on this host
      - StackLab can start a shortname controller node
      - StackLab can generate a redacted per-run cookie value without writing it to receipts
      - the planned distribution port range is validated
      - frozen topology specs can be parsed with node-cap enforcement
      - a temporary peer can start, sync code paths, answer bounded erpc, stop, and become unreachable after cleanup
      - current EPMD names and listen-socket exposure are recorded
      - existing multi-node proofs remain parallel in root CI until node-lab migration
    does_not_prove:
      - owner facade availability
      - domain business semantics
      - monolith/distributed parity
      - per-run cookie application to peers
      - production distribution security
      - release artifact boot
    next_action: use support/gn_ten_node_lab for Phase 5 topology specs, app boot, facade readiness, and pg group checks
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_node_lab_preflight/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_context_roundtrip
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_full
    command: cd examples/gn_ten_distributed_stack && mix stack_lab.gn_ten.distributed.prove --profile context_6_node --json
    fixture: examples/gn_ten_distributed_stack/priv/topologies/context_6_node.exs
    receipt: receipt://stack_lab/gn_ten_distributed_context_roundtrip/latest
    proves:
      - the fugu Context ABI baseline and distributed context proof run from one StackLab proof package
      - AppKit, Mezzanine, Citadel, OuterBrain, and AITrace are represented as distinct owner-profile peer nodes
      - context packet hash, authority refs, render handoff refs, trace refs, evidence posture, owner pg groups, and envelope scanner facts are present
      - proof receipts exclude Erlang cookies, raw prompts, raw memory, provider payloads, credentials, local PIDs, and private tool output
    does_not_prove:
      - router or model invocation behavior
      - Execution Plane lower-lane behavior
      - production distribution security
      - release artifact boot
      - live provider behavior
      - fault recovery
    next_action: keep this as the required context prerequisite for router/model and parity proofs
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_context_roundtrip/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_router_model_roundtrip
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_full
    command: cd examples/gn_ten_distributed_stack && mix stack_lab.gn_ten.distributed.prove --profile router_model_6_node --json
    fixture: examples/gn_ten_distributed_stack/priv/topologies/router_model_6_node.exs
    receipt: receipt://stack_lab/gn_ten_distributed_router_model_roundtrip/latest
    proves:
      - the fugu router/model baseline and distributed router/model proof run from one StackLab proof package
      - route decision refs, render handoff refs, model invocation refs, token and cost facts, stream fragment posture, and terminal AppKit projection facts are present
      - Jido Integration model invocation stays behind owner DTOs and fake/local inference by default
      - router/model receipts reject raw provider payloads and preserve deterministic receipt hashes for parity
    does_not_prove:
      - full 9-node Execution Plane lower-lane proof
      - live provider behavior
      - production distribution security
      - release artifact boot
      - GEPA candidate generation
      - TRINITY long-loop feedback behavior beyond the deterministic route adapter fixture
    next_action: use this proof as the semantic input to parity and partition-recovery proofs; leave full_9_node open until lower-lane runtime is implemented
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_router_model_roundtrip/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_partition_recovery
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_full
    command: cd examples/gn_ten_distributed_stack && mix stack_lab.gn_ten.distributed.prove --profile partition_recovery --json
    fixture: examples/gn_ten_distributed_stack
    receipt: receipt://stack_lab/gn_ten_distributed_partition_recovery/latest
    proves:
      - StackLab records bounded fault receipts for peer crash, node disconnect and heal, facade timeout, stale DTO, duplicate delivery, and AITrace exporter failure
      - recovery receipts preserve owner safe actions, idempotency posture, outbox or deny posture, trace refs, and cleanup state
      - partition recovery starts from the implemented router_model_6_node proof rather than a separate untracked harness path
    does_not_prove:
      - WAN partition behavior
      - Kubernetes or container discovery
      - production Erlang distribution security
      - live provider retry or billing behavior
      - Execution Plane lower-lane partition behavior
      - release artifact boot
    next_action: keep fault fixtures as regression inputs for Phase 18 hardening
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_partition_recovery/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_parity
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_full
    command: mix stack_lab.gn_ten.distributed.prove --profile parity --json
    fixture: examples/gn_ten_distributed_stack
    receipt: receipt://stack_lab/gn_ten_distributed_parity/latest
    proves:
      - the fugu router/model monolith baseline and distributed router/model proof can run from one command
      - semantic parity hashes match for context packet, authority, admission, route, render handoff, model invocation, AppKit projection, and trace refs
      - parity hash inputs use GroundPlane.Boundary.Codec rather than inspect/1, :erlang.term_to_binary/1, or direct Jason.encode!/1
      - node placement, timing, transport-attempt, and lifecycle facts are excluded from the semantic parity hash
      - raw payload fields, unexpected semantic fields, missing fields, and terminal status mismatches produce open_defect findings
    does_not_prove:
      - production distribution security
      - release artifact boot
      - live provider behavior
      - 49-node scale behavior
      - semantic equivalence for fields outside the parity semantic field list
    next_action: implement Phase 14 scale profiles with parity preserved as the semantic baseline
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_parity/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_scale_12
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_full
    command: mix stack_lab.gn_ten.distributed.prove --profile scale_12_node --max-nodes 12 --json
    fixture: examples/gn_ten_distributed_stack/priv/topologies/scale_12_node.exs
    receipt: receipt://stack_lab/gn_ten_distributed_scale_12/latest
    proves:
      - StackLab can boot and cleanly stop a 12-node local peer-mode topology
      - scale receipts record node cap, node count, startup duration, scheduler flags, peer failure count, host resource summary, and cleanup status
      - requested max-node caps are enforced before node startup
      - the 49-node stress profile is blocked until host feasibility fields are explicitly supplied
      - the Phase 13 parity receipt remains the semantic baseline for scale posture
    does_not_prove:
      - 32-node or 49-node local stress behavior
      - sustained performance SLOs
      - production distribution security
      - release artifact boot
      - live provider behavior
    next_action: add Phase 15 operator/debug UX while keeping 32/49-node profiles opt-in
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_scale_12/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_release_peer
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: local_full
    command: cd examples/gn_ten_distributed_stack && mix stack_lab.gn_ten.node_lab.release.verify --json
    fixture: examples/gn_ten_distributed_stack/priv/releases/execution_plane_node_release_peer.exs
    receipt: receipt://stack_lab/gn_ten_distributed_release_peer/latest
    proves:
      - one test-only release-wrapper manifest can boot the execution_plane_node profile and return a peer-mode-compatible node receipt shape
      - release-path verification records owner app start, expected app version, facade ping, code-path mode, and receipt-shape parity with peer mode
      - missing manifest, version mismatch, unavailable facade, and receipt-shape mismatch produce bounded open-defect receipts
    does_not_prove:
      - production release packaging
      - release artifact minimality
      - a single all-domain production release
      - production distribution security
      - container or VM networking
      - live provider behavior
    next_action: keep release mode as an opt-in parity prototype until peer-mode distributed semantics stay green under Phase 18 regressions
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_release_peer/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: gn_ten_distributed_hardening
    owner_repo: stack_lab
    contract_family: "600 deployment"
    status: implemented
    profile: local_full
    command: mix stack_lab.gn_ten.distributed.hardening --json
    fixture: docs/receipts/gn_ten_distributed_phase18/hardening.json
    receipt: receipt://stack_lab/gn_ten_distributed_hardening/latest
    proves:
      - distributed proof matrix closes with no missing implemented proof rows or open distributed defects
      - topology, preflight, context, router/model, partition recovery, parity, scale_12, and release_peer receipts remain the local peer-mode regression families
      - support/gn_ten_node_lab remains internal StackLab proof infrastructure and North-Shore-AI/crucible_cluster extraction is deferred until the API is domain-free
      - full_9_node lower-lane runtime, 32/49-node stress, production security, production release packaging, and live-provider behavior remain explicit non-release claims
    does_not_prove:
      - full 9-node lower-lane runtime behavior
      - 32-node or 49-node stress behavior
      - production distribution security
      - production release packaging
      - live provider behavior
      - public crucible_cluster extraction readiness
    next_action: keep the distributed hardening receipt green while future lower-lane, scale, production-security, and extraction proofs are implemented explicitly
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/gn_ten_distributed_hardening/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: product_no_bypass
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: assembled_offline
    command: mix test test/stack_lab/gn_ten_product_no_bypass_test.exs
    fixture: fixtures/products/
    receipt: receipt://stack_lab/product_no_bypass/latest
    proves:
      - AppKit-owned scanner accepts a product fixture using only product-safe surfaces
      - AppKit-owned scanner rejects a hostile product fixture that imports lower or bridge internals directly
      - product-shaped proof does not require Extravaganza-specific source layout
    does_not_prove:
      - runtime correctness of any AppKit surface backend
      - full product UI behavior
      - every future product path unless wired into CI
    next_action: keep scanner in AppKit, Extravaganza, and StackLab CI and expand fixtures as new product shapes appear
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/local_quick/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: agent_turn_runtime_patterns
    owner_repo: stack_lab
    contract_family: "400 agent patterns"
    status: implemented
    profile: assembled_offline
    command: cd examples/session_lineage_drill && mix test
    fixture: examples/session_lineage_drill/docs/receipts/agent_turn_runtime_patterns.md
    receipt: receipt://stack_lab/agent_turn_runtime_patterns/latest
    proves:
      - named session-lineage assembled proof covers multi-turn recovery
      - dynamic tool manifest resolution survives recovery and unauthorized tools fail closed
      - primary-lane fault injection selects an authorized fallback lane
      - AITrace lineage includes required agent-turn replay events
      - proof carries repo evidence for OuterBrain, Citadel, Jido Integration, Execution Plane, Mezzanine, and AITrace
    does_not_prove:
      - live provider behavior
      - production multi-node runtime behavior
      - real dynamic tool registry mutation
      - production AITrace retention policy
    next_action: keep session-lineage proof in StackLab CI and add live runtime drill only when release claims require it
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/agent_turn_runtime_patterns/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: governed_connector_export_fixture
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.connector.scenarios
    fixture: docs/receipts/gn_ten_connector/governed_compliance_export.json
    receipt: receipt://stack_lab/governed_connector_export_fixture/latest
    proves:
      - governed compliance export bundle is deterministic and codec-backed
      - explicit governed AITrace exporter and export context refs are required
      - source traces and replay exports carry tenant refs and fail closed on cross-tenant replay
      - connector binding refs, credential lease refs, lower receipt refs, and redaction refs are enough for audit joins
      - public export artifacts deny raw secrets, native auth material, prompt bodies, provider payloads, and untrusted content bodies
    does_not_prove:
      - live provider behavior
      - production secret backend behavior
      - production compliance export retention
      - operator-facing compliance UI behavior
    next_action: keep governed export fixture and leak-negative tests in connector scenarios; add live compliance-retention proof only when release claims it
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/governed_connector_export_fixture/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: connector_provider_free
    owner_repo: stack_lab
    contract_family: "400 agent patterns"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.connector.scenarios
    fixture: docs/receipts/gn_ten_connector/connector_hardening.json
    receipt: receipt://stack_lab/connector_provider_free/latest
    proves:
      - connector contracts can normalize fixture provider responses without live-provider calls
      - public connector evidence carries fixture refs instead of provider payloads
    does_not_prove:
      - live provider behavior
      - production connector latency or retry behavior
      - provider billing correctness
    next_action: add gated live-provider smoke only after provider-free connector receipts stay green
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/connector_hardening/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: connector_secret_lease
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.connector.scenarios
    fixture: docs/receipts/gn_ten_connector/connector_hardening.json
    receipt: receipt://stack_lab/connector_secret_lease/latest
    proves:
      - public connector seam uses opaque lease handles instead of raw secret values
      - connector scenario receipts deny secret-shaped public keys
    does_not_prove:
      - production secret backend behavior
      - credential rotation under live providers
      - audit-grade secret handling
    next_action: connect lease receipts to JidoIntegration auth events after audit export lands
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/connector_hardening/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: connector_token_budget
    owner_repo: stack_lab
    contract_family: "400 agent patterns"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.connector.scenarios
    fixture: docs/receipts/gn_ten_connector/connector_hardening.json
    receipt: receipt://stack_lab/connector_token_budget/latest
    proves:
      - provider-free model-call fixture halts or falls back when requested tokens exceed budget
      - connector budget scenario records bounded cost posture without raw prompts
    does_not_prove:
      - live provider usage accounting
      - real invoice correctness
      - tenant-level monthly budget enforcement
    next_action: wire budget scenario into agent-turn runtime proof after M2 mechanisms are promoted
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/connector_hardening/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: prompt_injection_defense
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.connector.scenarios
    fixture: docs/receipts/gn_ten_connector/connector_hardening.json
    receipt: receipt://stack_lab/prompt_injection_defense/latest
    proves:
      - untrusted content cannot alter connector policy or expand tool permissions in the fixture
      - rejected injection attempts produce public-safe evidence refs
    does_not_prove:
      - full semantic prompt-injection resistance
      - live webpage or ticket ingestion behavior
      - every future tool manifest source
    next_action: combine with Citadel route validation when dynamic tool loading proof lands
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/connector_hardening/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: tenant_isolation_read
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.tenant.scenarios
    fixture: docs/receipts/gn_ten_tenant/tenant_isolation.json
    receipt: receipt://stack_lab/tenant_isolation_read/latest
    proves:
      - provider-free tenant read fixture denies cross-tenant record reads
      - tenant read scenario carries conservative proof posture
    does_not_prove:
      - production row-level security
      - audit-grade tenant isolation
      - live provider tenant isolation
    next_action: keep tenant scenarios wired into StackLab CI and expand after real tenant stores land
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/tenant_isolation/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: tenant_isolation_write
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.tenant.scenarios
    fixture: docs/receipts/gn_ten_tenant/tenant_isolation.json
    receipt: receipt://stack_lab/tenant_isolation_write/latest
    proves:
      - provider-free tenant write fixture denies cross-tenant record writes
      - same-tenant write fixture remains allowed
    does_not_prove:
      - production row-level security
      - audit-grade tenant isolation
      - live provider tenant isolation
    next_action: connect to repo-local write paths when tenant stores move beyond fixtures
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/tenant_isolation/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: tenant_lease_handling
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.tenant.scenarios
    fixture: docs/receipts/gn_ten_tenant/tenant_isolation.json
    receipt: receipt://stack_lab/tenant_lease_handling/latest
    proves:
      - provider-free tenant lease fixture denies cross-tenant lease use
      - jido_integration credential lease records now carry tenant_id directly
    does_not_prove:
      - production row-level security
      - audit-grade tenant isolation
      - live provider credential handling
    next_action: keep tenant lease scanner in StackLab CI and expand after provider connector hardening
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/tenant_isolation/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: restart_fencing_provider_free
    owner_repo: stack_lab
    contract_family: "500 governance"
    status: implemented
    profile: assembled_offline
    command: mix gn_ten.restart_fencing.scenarios
    fixture: test/stack_lab/gn_ten_restart_fencing_scenarios_test.exs
    receipt: receipt://stack_lab/restart_fencing_provider_free/latest
    proves:
      - provider-free restart fixture denies duplicate dispatch while a delayed active execution exists
      - stale installation revision attempts are denied before dispatch
      - revoked GroundPlane leases are denied after restart before reuse
    does_not_prove:
      - production restart orchestration
      - live provider credential handling
      - audit-grade lease revocation
    next_action: keep restart fencing scenarios wired into StackLab CI and pair with Mezzanine lifecycle proof
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/restart_fencing/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: single_node_deployment_rehearsal
    owner_repo: stack_lab
    contract_family: "600 deployment"
    status: implemented
    profile: deployment_single_node
    command: mix gn_ten.deploy.report
    fixture: docs/receipts/gn_ten_deployment/
    receipt: receipt://stack_lab/single_node_deployment_rehearsal/latest
    proves:
      - cold deploy, backup/restore, substrate health, zero-downtime migration, and websocket reconnect drills have separate receipts
      - every deployment rehearsal receipt carries weak local proof posture
      - deployment trace fixture exports with production_deployment_proven?: false
    does_not_prove:
      - clean-host production deployment
      - real Coolify/container host behavior
      - destructive production database restore
      - online DDL safety under production write traffic
      - production websocket edge failover
      - authoritative audit truth
    next_action: convert local rehearsals into clean-host operator drills after single-node deployment scripts are repo-owned
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/deployment_single_node/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: context_abi_roundtrip
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: assembled_offline
    command: cd examples/context_abi_roundtrip && mix stack_lab.context_abi.roundtrip --json
    fixture: examples/context_abi_roundtrip
    receipt: receipt://stack_lab/context_abi_roundtrip/latest
    proves:
      - product intent enters through AppKit context surface DTOs
      - OuterBrain compiles a deterministic Context ABI packet and render refs
      - Citadel grants ref-only context authority for the packet
      - Mezzanine admits the packet, routes through the fixture adapter, and carries the render handoff into model invocation
      - Jido Integration fake runtime emits a governed model-call receipt without live provider credentials
      - AITrace emits bounded context, route, model, and eval facts
      - StackLab context, model, cost, lineage, tenant, and memory scanners pass on the assembled receipt
    does_not_prove:
      - live provider behavior
      - production persistence
      - distributed BEAM placement
      - TRINITY route quality beyond the fixture adapter
      - GEPA optimization quality
    next_action: keep the provider-free Context ABI proof green, then bind TRINITY routing and GEPA optimization phases on top of the same handoff refs
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/context_abi_roundtrip/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: nshkr_router_fabric_roundtrip
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: assembled_offline
    command: cd examples/nshkr_router_fabric_roundtrip && MIX_ENV=test mix compile --quiet && MIX_ENV=test mix stack_lab.nshkr.router_fabric.roundtrip --json
    fixture: examples/nshkr_router_fabric_roundtrip
    receipt: receipt://stack_lab/nshkr_router_fabric_roundtrip/latest
    proves:
      - admitted Context ABI packet is routed through the concrete TRINITY Mezzanine router adapter
      - Mezzanine route decision carries route policy, authority, selected model profile, verifier, fallback plan, and TRINITY route-plan refs
      - OuterBrain render refs are carried into Jido Integration fake model invocation without raw prompt or provider payload leakage
      - Mezzanine eval failure reasons are mapped to bounded owner-local failure receipts and AppKit safe projections
      - AppKit projects context packet, route decision, model invocation, and eval verdict refs through product-safe DTOs
      - AITrace emits bounded context, route, model, and eval facts
      - StackLab context ABI, router fabric, coordination fabric, and model inference scanners pass on the assembled receipt
    does_not_prove:
      - live provider behavior
      - distributed BEAM placement
      - GEPA optimization quality
      - production persistence
      - learned TRINITY route quality beyond deterministic adapter wiring
    next_action: keep the provider-free router fabric proof green, then bind GEPA optimization and adaptive-control phases on top of the same route/render/model refs
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/nshkr_router_fabric_roundtrip/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: fugu_single_node_readiness_handoff
    owner_repo: stack_lab
    contract_family: "300 architecture"
    status: implemented
    profile: assembled_offline
    command: mix stack_lab.fugu.readiness_handoff --json
    fixture: docs/receipts/gn_ten_phase16/fugu_single_node_handoff.json
    receipt: receipt://stack_lab/fugu_single_node_readiness/latest
    proves:
      - provider-free fugu Context ABI and router fabric proofs are the single-node substrate blockers for distributed v2 work
      - Extravaganza external product acceptance is part of the single-node handoff posture
      - live provider checks are opt-in and guarded by explicit live and secrets-loaded flags
      - distributed BEAM placement is handed off to the nshkr_v2 StackLab topology checklist instead of being claimed here
      - persistence and restart claims are profile-specific and remain provider-free unless separately proven
    does_not_prove:
      - live provider behavior
      - distributed BEAM placement
      - production persistence
      - production credential rotation
      - 49-node local scale feasibility
    next_action: use this receipt as the explicit v2 readiness gate before distributed context topology work begins
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/fugu_single_node_readiness/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: fugu_release_claim_closeout
    owner_repo: stack_lab
    contract_family: "600 deployment"
    status: implemented
    profile: local_full
    command: mix stack_lab.fugu.release_closeout --json
    fixture: docs/receipts/gn_ten_phase17/fugu_release_closeout.json
    receipt: receipt://stack_lab/fugu_release_claim_closeout/latest
    proves:
      - every fugu public claim is mapped to source refs, tests, docs, scanners, QC commands, and receipt refs
      - hidden defects are not allowed in the release claim policy
      - live provider behavior, distributed BEAM placement, production persistence, credential rotation, billing correctness, and 49-node scale remain explicit non-claims
      - open non-release claims point to their required future owner or receipt
      - StackLab root CI remains the release-closeout QC gate for this proof owner
    does_not_prove:
      - live provider behavior
      - distributed BEAM placement
      - production deployment
      - production audit authority
      - artifact source SHA freshness for stale-warning rows
    next_action: use this release closeout as the fugu handoff boundary and start the nshkr_v2 distributed StackLab proof only after the single-node readiness gate is green
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/fugu_release_claim_closeout/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false

  - id: fugu_post_cutover_hardening
    owner_repo: stack_lab
    contract_family: "600 deployment"
    status: implemented
    profile: local_full
    command: mix stack_lab.fugu.post_cutover_hardening --json
    fixture: docs/receipts/gn_ten_phase18/fugu_post_cutover_hardening.json
    receipt: receipt://stack_lab/fugu_post_cutover_hardening/latest
    proves:
      - local post-cutover resource snapshot is recorded without making SLO claims
      - fugu deterministic cost posture remains provider-free with zero live-provider calls
      - covered failure fixture families are mapped to existing StackLab scanners and roundtrips
      - Context ABI extraction is explicitly deferred until v2 distributed parity and public API ergonomics are proven
      - router and GEPA next-work decisions are recorded without auto-promotion claims
    does_not_prove:
      - distributed BEAM placement
      - live provider behavior
      - production persistence
      - provider billing correctness
      - Context ABI community package extraction
    next_action: start the nshkr_v2 distributed StackLab proof only after this hardening receipt and the fugu readiness/closeout receipts are green
    trace_receipt:
      schema: aitrace.single_node_proof_trace.v1
      ref: trace://stack_lab/fugu_post_cutover_hardening/latest
      posture:
        authoritative_audit?: false
        production_deployment_proven?: false