Define world-class release gate for Agent Machine

[mdheller]

Context

Agent Machine is now beyond a notes repo: it has contracts, examples, renderers, deployment skeletons, receipts, Homebrew install surfaces, package modules, and validation scripts. We should not let it become janky by accretion.

Objective

Create a release-blocking hardening gate that must pass before Agent Machine is treated as a real SourceOS runtime component rather than a bootstrap prototype.

Release gate checklist

Contract integrity

• All schemas under contracts/ validate as draft 2020-12 JSON Schemas.
• Every example under examples/ validates by kind against its schema.
• Stable contract IDs and versioning rules are documented.
• Promotion path into SourceOS-Linux/sourceos-spec is defined.

Renderer determinism

• AgentPod plan rendering is deterministic.
• DeploymentReceipt rendering is deterministic and schema-validated.
• Quadlet rendering is deterministic and compared against checked-in skeletons.
• Kubernetes rendering is deterministic and compared semantically against checked-in skeletons.
• Generated artifacts never claim authorization.

Deployment safety

• No privileged mode in skeletons.
• No host network in local skeletons.
• Local renderers use loopback-only exposure by default.
• Kubernetes skeletons use ClusterIP and default-deny egress.
• Model mounts are read-only where possible.
• Raw prompts, raw KV-cache contents, private memory, and secrets are forbidden from receipts.

Installer reliability

• Homebrew direct formula installs bootstrap CLI and package source.
• SourceOS tap formula is synced with repo-local formula.
• Missing Python dependency errors are direct and actionable.
• Render command dependency policy is documented.

CI and validation

• make validate passes locally.
• GitHub Actions visibility is confirmed or explicitly remediated.
• CI runs make validate on push and PR.
• YAML, Quadlet, JSON, package import, CLI, render, and formula validation all run.

Runtime integration readiness

• Policy Fabric admission interface/stub exists.
• Agent Registry grant interface/stub exists.
• AgentPlane runtime evidence/receipt interface/stub exists.
• Provider discovery is separate from provider activation.
• Local LVM and TopoLVM storage profiles have receipt plans.

Acceptance criteria

• Create docs/architecture/world-class-release-gate.md.
• Convert this issue checklist into concrete validation tasks or sub-issues.
• Mark which gates are prototype-ready, bootstrap-ready, and release-blocking.
• Do not call Agent Machine production-ready until this issue is closed.

[mdheller]

Bootstrap readiness update:

Added docs/architecture/bootstrap-mvp-readiness.md.

Current status:

• Agent Machine is now a coherent bootstrap runtime-control substrate, not just design notes.
• It remains production-blocked by design.
• Implemented bootstrap surfaces include contracts, examples, deterministic renderers, deployment skeleton comparison, storage receipts, PolicyAdmission, AgentRegistryGrant, AgentPlaneRuntimeEvidence, ActivationDecision, activation evaluator, shell/Python CLI paths, Homebrew install surfaces, troubleshooting, quickstart, and release-gate docs.
• Canonical local validation remains make validate.
• CI visibility remains unresolved and tracked separately in Issue Verify GitHub Actions visibility for Agent Machine validation workflow #2.

Current production blockers remain:

• visible green CI run;
• image digest pinning/provenance gate;
• real Policy Fabric client or endpoint;
• real Agent Registry grant resolver;
• real AgentPlane evidence submission/staging client;
• local LVM provisioning/probe implementation;
• TopoLVM runtime integration beyond skeleton manifests;
• provider discovery and controlled activation implementation;
• M2 Asahi host measurement/provider readiness data;
• release evidence bundle with signed/provenance artifacts;
• rollback, teardown, and wipe workflows.

Do not close this release-gate issue yet. The bootstrap substrate is strong, but production readiness remains blocked.

[mdheller]

Bootstrap status update:

Added BOOTSTRAP_STATUS.md at the repository root.

Summary:

• Agent Machine is now bootstrap-ready pending external validation proof.
• The bootstrap checklist is complete except for:
  • proving make validate green in a real runner;
  • resolving or explicitly documenting GitHub Actions visibility limitations.
• The repository remains production-blocked by design.

Current bootstrap surfaces now include:

• repository boundary ADR;
• Homebrew bootstrap ADR;
• README landing/status/quickstart links;
• docs index;
• quickstart;
• install guide;
• troubleshooting guide;
• bootstrap MVP readiness report;
• world-class release gate;
• contracts/examples for AgentPod, StorageReceipt, PolicyAdmission, AgentRegistryGrant, AgentPlaneRuntimeEvidence, ActivationDecision;
• package-owned renderers/evidence/governance/activation evaluator;
• shell and Python CLI paths;
• make validate integration.

Do not close this issue yet. The release gate remains open until production blockers are resolved.