73 lines
6.6 KiB
Plaintext
73 lines
6.6 KiB
Plaintext
version: 3
|
|
goal_summary: "Publish a stable distribution contract and deterministic artifact pipeline with validated checksums, consumer-facing metadata, and CI enforcement to make reuse by external projects repeatable and low-risk."
|
|
steps[5]:
|
|
- id: "sm-1"
|
|
title: Finalize a canonical distribution contract and compatibility surface
|
|
purpose: "Create a versioned, explicit contract that external projects can trust for install, pinning, and upgrade behavior."
|
|
notes: Define what consumers can depend on before changing packaging code.
|
|
inputs[3]: "Existing ask to enable cross-project consumption",Current supported Rust targets and runtime assumptions,Current release/versioning model
|
|
outputs[3]: A new distribution ADR or docs/distribution.md,"Machine-readable contract file (e.g., JSON/YAML)","Compatibility matrix for Rust version, OS, arch, and binary/runtime expectations"
|
|
dependencies[0]:
|
|
verification[1]:
|
|
- label: Contract review
|
|
commands[2]: "Verify contract includes entrypoints, versioning, naming, retention, and checksum policy",Check contract is versioned and immutable for released artifacts
|
|
cleanup_requirements[1]{label,description}:
|
|
Contract drift prevention,Require contract updates to include a changelog entry when compatibility assumptions change.
|
|
status: done
|
|
attempts: 1
|
|
- id: "sm-2"
|
|
title: Implement one deterministic release layout and builder orchestrator
|
|
purpose: Generate all distributable outputs from a single script into a fixed path and filename schema.
|
|
notes: "No redesign needed; execute this immediately as the first active workstream and keep outputs constrained to a single canonical contract-first generator. Controller recovered this step from stale active state and returned it to todo."
|
|
inputs[4]: Distribution contract,Existing build profile configuration,Release target matrix,Release/version manifest schema
|
|
outputs[4]: Single deterministic `dist/` generator entrypoint,Canonical artifact path format and index manifest (version/target/platform keyed),Stable directory naming policy and versioned path template,Deterministic provenance snapshot included in generated index
|
|
dependencies[1]: "sm-1"
|
|
verification[1]:
|
|
- label: Path determinism check
|
|
commands[2]: Run generator twice from a clean tree and diff outputs,Assert artifact paths and filenames are pure functions of version + target + toolchain + source inputs
|
|
cleanup_requirements[1]{label,description}:
|
|
Legacy cleanup,"Document/remove old ad-hoc release paths and disable ambiguous aliases."
|
|
status: done
|
|
attempts: 1
|
|
- id: "sm-3"
|
|
title: Add reproducible packaging plus integrity metadata
|
|
purpose: "Bundle binaries/assets consistently and attach machine-verifiable metadata for downstream integrity checks."
|
|
notes: Focus execution on deterministic archive layout + checksum/provenance emission so downstream consumers can reproduce exact bytes. Controller recovered this step from stale active state and returned it to todo.
|
|
inputs[3]: Canonical output layout,Cargo/binary build inputs,Target/toolchain metadata
|
|
outputs[3]: Versioned package archive (tar/zip),SHA256 manifest and optional signature metadata,"Build provenance fields (version,target,profile,build timestamp,toolchain,git rev)"
|
|
dependencies[1]: "sm-2"
|
|
verification[1]:
|
|
- label: Artifact integrity check
|
|
commands[2]: Verify archive manifest matches emitted tree,Validate checksum file against generated artifact using standard tooling
|
|
cleanup_requirements[1]{label,description}:
|
|
Reproducibility hardening,"Strip non-deterministic fields from archives (timestamps, local paths, unordered metadata order) and document required reproducible tooling constraints. "
|
|
status: done
|
|
attempts: 1
|
|
- id: "sm-4"
|
|
title: Expose stable consumer integration interface and examples
|
|
purpose: Make consumption path predictable with one recommended model and explicit alternatives.
|
|
notes: "Define a single canonical, immutable distribution entrypoint (`dist/index.json`), version+target+profile resolution examples, and explicit migration/deprecation guidance; avoid additional active aliases. Controller recovered this step from stale active state and returned it to todo."
|
|
inputs[3]: Generated artifacts and checksums,"Machine-readable distribution contract/schema",Generated manifests and metadata
|
|
outputs[3]: Consumer integration guide for external projects,"Machine-readable release index for discovery and download","Compatibility-safe fallback/legacy path note, limited duration and explicit deprecation timeline"
|
|
dependencies[1]: "sm-3"
|
|
verification[1]:
|
|
- label: Consumption validation
|
|
commands[3]: Resolve immutable artifact by version+target from `dist/index.json` and assert only one canonical artifact path is documented,"Verify README/docs examples use index-based resolution and hash verification before execution",Confirm checksum verification command is included in quickstart
|
|
cleanup_requirements[1]{label,description}:
|
|
Alias minimization,Ensure only one active install/path alias remains for canonical artifacts and document sunset date for any temporary compatibility path.
|
|
status: done
|
|
attempts: 1
|
|
- id: "sm-5"
|
|
title: Enforce distribution contract in CI and maintenance workflow
|
|
purpose: Make distribution drift and nondeterminism observable so releases remain safely consumable by external projects.
|
|
notes: "Activate this final hardening step: wire release generation, reproducibility, manifest/schema validation, docs sync, and compatibility/retention/deprecation checks into existing CI quality gates. Controller recovered this step from stale active state and returned it to todo."
|
|
inputs[3]: Distribution scripts,Current CI workflow,Release contract docs
|
|
outputs[3]: CI distribution gate job with deterministic artifact and checksum enforcement,Automated contract/manifest/compatibility validation in pipeline,"Operational release guardrails for ownership handoff, deprecation, and retention policy"
|
|
dependencies[1]: "sm-4"
|
|
verification[1]:
|
|
- label: Release gate check
|
|
commands[4]: "Run tests, lint, and build before dist steps","Execute deterministic build + checksum validation and fail on byte-drift","Validate machine-readable distribution contract (compatibility matrix, migration/deprecation, checksum policy)",Ensure docs sync is validated in the same release gate
|
|
cleanup_requirements[1]{label,description}:
|
|
Operational hygiene,"Document and gate explicit version ownership transfer, deprecation workflow, and minimum compatibility retention window in CI/docs."
|
|
status: done
|
|
attempts: 2 |