b444284be5
Archive completed sprint documentation and deliverables: ## SPRINT_3500 - Proof of Exposure (PoE) Implementation (COMPLETE ✅) - Windows filesystem hash sanitization (colon → underscore) - Namespace conflict resolution (Subgraph → PoESubgraph) - Mock test improvements with It.IsAny<>() - Direct orchestrator unit tests - 8/8 PoE tests passing (100% success) - Archived to: docs/implplan/archived/2025-12-23-sprint-3500-poe/ ## SPRINT_7100.0001 - Proof-Driven Moats Core (COMPLETE ✅) - Four-tier backport detection system - 9 production modules (4,044 LOC) - Binary fingerprinting (TLSH + instruction hashing) - VEX integration with proof-carrying verdicts - 42+ unit tests passing (100% success) - Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/ ## SPRINT_7100.0002 - Proof Moats Storage Layer (COMPLETE ✅) - PostgreSQL repository implementations - Database migrations (4 evidence tables + audit) - Test data seed scripts (12 evidence records, 3 CVEs) - Integration tests with Testcontainers - <100ms proof generation performance - Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/ ## SPRINT_3000_0200 - Authority Admin & Branding (COMPLETE ✅) - Console admin RBAC UI components - Branding editor with tenant isolation - Authority backend endpoints - Archived to: docs/implplan/archived/ ## Additional Documentation - CLI command reference and compliance guides - Module architecture docs (26 modules documented) - Data schemas and contracts - Operations runbooks - Security risk models - Product roadmap All archived sprints achieved 100% completion of planned deliverables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
44 lines
1.1 KiB
Markdown
44 lines
1.1 KiB
Markdown
# Release engineering
|
|
|
|
Release engineering turns main into signed, reproducible, airgap friendly
|
|
artifacts. Builds must be deterministic and verifiable offline.
|
|
|
|
Release philosophy
|
|
- Every commit on main is releasable.
|
|
- Builds are reproducible and offline friendly.
|
|
- All artifacts ship with SBOMs and signatures.
|
|
|
|
Versioning and branches
|
|
- main: nightly images
|
|
- release/X.Y: stabilization branch
|
|
- tags X.Y.Z: signed releases
|
|
|
|
Pipeline stages (high level)
|
|
- Lint, unit tests, build, container tests
|
|
- SBOM generation and provenance
|
|
- Signing and publishing
|
|
- End to end tests and notifications
|
|
|
|
Artifact signing
|
|
- Cosign for containers and bundles
|
|
- DSSE envelopes for attestations
|
|
- Optional Rekor anchoring when available
|
|
|
|
Offline update kit (OUK)
|
|
- Monthly bundle of feeds and tooling
|
|
- Signed tarball with hashes and offline token
|
|
|
|
Release checks
|
|
- Verify SBOM attachment and signatures
|
|
- Run release verifier scripts
|
|
- Smoke test offline kit
|
|
|
|
Hotfixes
|
|
- Branch from latest tag, minimal patch, retag and publish
|
|
|
|
Related references
|
|
- docs/13_RELEASE_ENGINEERING_PLAYBOOK.md
|
|
- docs/ci/*
|
|
- docs/devops/*
|
|
- docs/release/* and docs/releases/*
|