Payload evidence
The CLI RPM payload has disposable Fedora VM validation with install, command, removal, and absence evidence.
Release Gate, Artifact Manifest, and Preflight Boundary
Installer readiness boundary
Latticra has narrow disposable VM evidence for the no-effect CLI payload, a local artifact manifest fixture, a no-effect preflight guard, a preview-only install plan, a release artifact promotion gate, a release worktree cleanliness audit, a release toolchain availability audit, a release artifact evidence template, SBOM status, an SBOM evidence template, an SBOM evidence intake validator, transcript status, a transcript evidence template, a transcript evidence intake validator, lifecycle validation status, a lifecycle evidence intake validator, recovery failure-mode status, a recovery evidence intake validator, multi-VM validation status, and a multi-VM evidence intake validator that currently block release. That is not production installer readiness, Fedora distribution readiness, daily-driver readiness, immutable Fedora readiness, or a release artifact claim.
Installer Rule
A validated payload is not a production installer.
The current evidence proves a narrow package lifecycle in a disposable Fedora VM for /usr/bin/latticra and /usr/share/doc/latticra/README.md, plus a no-effect guard, preview-only plan renderer, promotion gate, release worktree cleanliness audit, release toolchain availability audit, release artifact evidence template, SBOM status, SBOM evidence template, SBOM evidence intake validator, transcript status, transcript evidence template, transcript evidence intake validator, lifecycle validation status, lifecycle evidence intake validator, recovery failure-mode status, recovery evidence intake validator, multi-VM validation status, and multi-VM evidence intake validator. Production installer readiness still requires a clean tracked release worktree, complete release build/query toolchain evidence, reproducible artifacts, checksums, signatures, reviewed SBOMs, reviewed install and uninstall transcripts, reviewed upgrade and rollback evidence, reviewed recovery evidence, and reviewed multi-VM validation.
Manifest fixture
A committed local artifact manifest fixture records payload shape while checksums, signatures, and SBOM evidence remain blocked.
Preflight guard
A no-effect guard classifies supported and blocked scenarios while preserving zero install authority.
Production contract
The readiness contract lists the gates required before the production installer readiness flag can ever become true.
Target gates
Daily-driver, immutable Fedora, production host, and Fedora distribution claims require separate reviewed evidence.
Release blocker
The promotion gate refuses release until tagged artifact, checksum, signature, reproducibility, public-key, verification, SBOM, transcript, lifecycle, recovery, multi-VM, and review evidence exist.
release_artifact_staging_directory is present only as an empty tracked parent path for a future candidate.
release_signing_identity_reference is present only as a no-effect fingerprint-shape validator, not key custody or signing evidence.
release_worktree_cleanliness_audit is present only as a no-effect tracked-status report with a stdout-only dirty inventory; it does not stage, reset, clean, revert, or write inventory evidence.
release_toolchain_availability_audit is present only as a no-effect command-visibility report; it does not install or run release build/query tools.
release_artifact_evidence_template is present only as a stdout template for future release evidence; it does not write or accept evidence.
release_artifact_candidate_preflight is present only as a no-effect checker for local tag, tool, worktree, and signing-reference visibility.
sbom_evidence_intake_validator is present only as a no-effect checker for future SBOM evidence.
transcript_evidence_intake_validator is present only as a no-effect checker for future reviewed transcript evidence.
lifecycle_evidence_intake_validator is present only as a no-effect checker for future reviewed lifecycle evidence.
recovery_evidence_intake_validator is present only as a no-effect checker for future reviewed recovery evidence.
multi_vm_evidence_intake_validator is present only as a no-effect checker for future reviewed multi-VM evidence.
Current Evidence
The strongest current claim is CLI payload validation in a disposable VM.
The validated payload remains small: a no-effect CLI binary and README documentation. The fixture manifest records that shape for review, the preflight/preview lane blocks unsupported scenarios, and the promotion, artifact staging directory, release signing identity reference, worktree cleanliness audit, toolchain availability audit, artifact candidate preflight, release artifact evidence template, SBOM, SBOM evidence template, SBOM evidence intake, transcript, transcript evidence template, transcript evidence intake, lifecycle, lifecycle evidence intake, recovery, recovery evidence intake, multi-VM status, and multi-VM evidence intake lanes keep the missing release evidence visible.
VM payload evidence
manifest fixture
preflight guard
plan preview
promotion gate
artifact staging
signing reference
worktree audit
toolchain audit
artifact preflight
evidence template
SBOM status
SBOM template
SBOM intake
transcript status
transcript template
transcript intake
lifecycle status
lifecycle intake
recovery status
recovery intake
multi-VM status
multi-VM intake
not production
Current Snapshot
The readiness flags stay deliberately narrow.
These fields are the public shorthand for the current installer boundary.
Gate Matrix
Production readiness requires release-grade evidence.
The current project can preserve its narrow installer evidence and still block public release wording until the production gates are satisfied.
Allowed now
Reference the disposable Fedora VM CLI payload evidence, local artifact manifest fixture, and current non-production status records.
Fixture only
The local manifest fixture may record payload shape and blocked readiness fields, but it is not a generated release artifact or production package.
Required before release
Reproducible artifact, checksum, signature, documented public key, SBOM, supported and unsupported targets, preflight guard, consent, install transcript, uninstall transcript, rollback path, recovery runbook, and multi-VM validation.
Blocked claims
Production installer readiness, Fedora approval, Fedora distribution readiness, daily-driver readiness, immutable Fedora readiness, update safety, recovery safety, security hardening, and OS replacement.
Local Commands
Run readiness checks without releasing anything.
These guards inspect contracts, fixture posture, and evidence records. They do not build, sign, publish, install, uninstall, upgrade, or rollback a production installer.
Production boundary
sh scripts/test-production-installer-readiness-contract.sh
sh scripts/test-local-installer-artifact-manifest-contract.shManifest fixture
sh scripts/test-local-artifact-manifest-fixture.sh
sed -n '1,120p' fixtures/artifact/local-artifact-manifest.txtPreflight guard
sh scripts/test-production-installer-preflight-guard-contract.sh
sh scripts/production-installer-preflight-guard.sh supported-disposable-fedoraPlan preview
sh scripts/test-production-installer-plan-preview-contract.sh
sh scripts/production-installer-plan-preview.sh supported-disposable-fedoraArtifact integrity
sh scripts/test-production-installer-artifact-integrity-status-contract.sh
sh scripts/production-installer-artifact-integrity-status.shPromotion gate
sh scripts/test-production-installer-release-artifact-promotion-gate-contract.sh
sh scripts/production-installer-release-artifact-promotion-gate.shArtifact staging directory
sh scripts/test-production-installer-release-artifact-staging-directory-contract.sh
sed -n '1,120p' artifacts/release/README.mdSigning identity reference
sh scripts/test-production-installer-release-signing-identity-reference-contract.sh
sh scripts/production-installer-release-signing-identity-reference.shWorktree cleanliness audit
sh scripts/test-production-installer-release-worktree-cleanliness-audit-contract.sh
sh scripts/production-installer-release-worktree-cleanliness-audit.shToolchain availability audit
sh scripts/test-production-installer-release-toolchain-availability-audit-contract.sh
sh scripts/production-installer-release-toolchain-availability-audit.shArtifact candidate preflight
sh scripts/test-production-installer-release-artifact-candidate-preflight-contract.sh
sh scripts/production-installer-release-artifact-candidate-preflight.shArtifact evidence template
sh scripts/test-production-installer-release-artifact-evidence-template-contract.sh
sh scripts/production-installer-release-artifact-evidence-template.shSBOM status
sh scripts/test-production-installer-sbom-status-contract.sh
sh scripts/production-installer-sbom-status.shSBOM evidence template
sh scripts/test-production-installer-sbom-evidence-template-contract.sh
sh scripts/production-installer-sbom-evidence-template.shTranscript status
sh scripts/test-production-installer-transcript-status-contract.sh
sh scripts/production-installer-transcript-status.shTranscript evidence template
sh scripts/test-production-installer-transcript-evidence-template-contract.sh
sh scripts/production-installer-transcript-evidence-template.shTranscript evidence intake
sh scripts/test-production-installer-transcript-evidence-intake-validator-contract.shLifecycle status
sh scripts/test-production-installer-lifecycle-validation-status-contract.sh
sh scripts/production-installer-lifecycle-validation-status.shLifecycle evidence intake
sh scripts/test-production-installer-lifecycle-evidence-intake-validator-contract.shRecovery status
sh scripts/test-production-installer-recovery-failure-mode-status-contract.sh
sh scripts/production-installer-recovery-failure-mode-status.shRecovery evidence intake
sh scripts/test-production-installer-recovery-evidence-intake-validator-contract.shMulti-VM status
sh scripts/test-production-installer-multi-vm-validation-status-contract.sh
sh scripts/production-installer-multi-vm-validation-status.shMulti-VM evidence intake
sh scripts/test-production-installer-multi-vm-evidence-intake-validator-contract.shPayload evidence
sh scripts/test-fedora-vm-cli-payload-validation-evidence-status.sh
sh scripts/test-fedora-vm-cli-transcript-contract.shSource Records
Read these before repeating an installer claim.
Production installer readinessEvidence gates required before production installer readiness can ever be claimed.
Installer artifact manifestRequired manifest fields, payload declaration, checksum, signature, SBOM, target, and non-claim boundaries.
Local artifact fixtureCommitted fixture for the no-effect CLI RPM payload without generated release artifact claims.
Preflight guard contractNo-effect production-installer guard for supported and blocked target scenarios while readiness remains closed.
Plan preview contractPreview-only install plan rendering for the supported disposable-Fedora fixture without install authority.
Artifact integrity statusFixture-manifest measurement and missing release-artifact checksum/signature blockers.
Release artifact promotion gateNo-effect promotion decision that blocks release until tagged artifact, checksum, signature, verification, reproducibility, and review evidence exists.
Release artifact staging directoryTracked empty parent path for a future release artifact candidate without generated artifacts or evidence.
Release signing identity referenceNo-effect fingerprint-shape validator without secret-key inspection, signing, verification, or key-custody claims.
Release worktree cleanliness auditNo-effect tracked-status report and stdout-only dirty inventory for the release artifact candidate blocker without staging, resetting, cleaning, or reverting files.
Release toolchain availability auditNo-effect command-visibility report for release build/query tool blockers without installing or running those tools.
Release artifact candidate preflightNo-effect preflight for tag, tracked worktree, RPM tooling, checksum tooling, GPG visibility, and signing-reference blockers.
Release artifact evidence templateStdout-only template for future artifact evidence without writing, accepting, or promoting evidence.
Installer SBOM statusNo-effect SBOM status that records missing SBOM artifact, component inventory, dependency review, vulnerability review, license review, and review evidence.
SBOM evidence templateStdout-only template for future SBOM evidence without generating, writing, accepting, attaching, or promoting evidence.
Installer transcript statusNo-effect transcript status that records missing install, uninstall, post-removal absence, review, package-manager, and host-mutation evidence.
Transcript evidence templateStdout-only template for future dry-run transcript evidence without installing, writing, accepting, or promoting evidence.
Installer transcript evidence intakeNo-effect validator for future reviewed install, uninstall, post-removal absence, and transcript evidence bundles.
Installer lifecycle validation statusNo-effect lifecycle status that records missing upgrade, rollback, reinstall idempotence, review, package-manager, and host-mutation evidence.
Installer lifecycle evidence intakeNo-effect validator for future reviewed upgrade, rollback, reinstall idempotence, and lifecycle evidence bundles.
Installer recovery failure-mode statusNo-effect recovery status that records missing runbook, failure-mode register, recovery drill, rollback drill, operator receipt, review, package-manager, and host-mutation evidence.
Installer recovery evidence intakeNo-effect validator for future reviewed recovery runbook, failure-mode register, recovery drill, rollback drill, operator receipt, and recovery evidence bundles.
Installer multi-VM validation statusNo-effect multi-VM status that records missing fresh VM, repeat VM, existing-install, remove-and-reinstall, unsupported-target, non-root, root-boundary, checksum, package-signature, review, package-manager, and host-mutation evidence.
Installer multi-VM evidence intakeNo-effect validator for future reviewed fresh VM, repeat VM, existing-install, remove-and-reinstall, unsupported-target, non-root, root-boundary, checksum, package-signature, and multi-VM evidence bundles.
Fedora VM CLI evidenceDisposable VM CLI payload validation, install and removal evidence, and readiness non-claims.
VM transcript contractRequired package lifecycle, command, removal, and absence transcript fields.
Supply-chain gatesSBOM, artifact integrity, signing authority, update delivery, and release-publication blockers.
Signed-updater delivery gateClosed Panel update-delivery gate, local-checkout updater lane, and no production update claims.
Secure configuration and change managementInstaller configuration authority boundaries, secure baseline records, rollback planning, and hardening non-claims.
Backup and recovery resilienceRestore testing, rollback planning, production installer recovery blockers, and recovery non-claims.
Local validationPanel install evidence, package guards, disposable VM gates, and validation non-claims.
WorkbenchPanel, Console, Nadia, and local authority boundaries.
Evidence modelPromotion levels, claim boundaries, and exact source records.