Skip to content

Release-consistency campaign: roll the five-track standard across all repos #98

Description

@avrabe

This is the coordination hub for the org-wide release-consistency campaign. Every release-cutting repo has its own rollout issue (index below). The standard is encoded in the release-artifact-pipeline skill (plugin v0.10.0).

🔀 Coordinate here — don't diverge silently

If the standard doesn't fit your repo — you need a deviation, different sequencing, a track is N/A for good reason, or you want to sync on how a track appliescomment on this issue. Decisions about the standard are made here, in the open, and flow back to the per-repo issues and the skill. The per-repo issues are the work; this issue is the contract. (This uses the existing issue-based coordination mechanism — a more interactive agent-coordination channel is being designed separately.)

The standard (maintainer decisions)

  • Track A — native binaries: cosign + SHA256SUMS + CycloneDX SBOM + SLSA (synth-canonical). Broadly done.
  • Track B — distribution: crates.io for everything Rust; npm for every CLI/tool; more channels later.
  • Track C — wasm: sigil + cosign signing and a witness MC/DC gate and a scry gate — same bar as the binary. The sigil step is blocked on friction: wsc can't sign its own wasm32-wasip2 output — blocks org-wide sigil-sign-wasm standard sigil#164 (wasip2 parser); add cosign now, sigil as it clears.
  • Track D — Pages: witness-viz/scry-viz verification dashboard.
  • Track E — rivet extraction: test-level verifies links (relay pattern) + a rivet-driven verification gate.

Per-repo rollout index

Repo Issue Primary gaps
sigil (prereq) pulseengine/sigil#164 🔑 wasip2 parser — gates all sigil-sign-wasm rollout
loom pulseengine/loom#227 C: witness+scry (optimizer w/ no wasm verif); B: crates.io+npm; E
meld pulseengine/meld#302 C: witness+scry; B: crates.io+npm; E: 0 rivet links
gale pulseengine/gale#96 C: witness+scry on kernels, SLSA misses .wasm, sigil TODO; D
spar pulseengine/spar#297 C: witness+scry (no wasmtime check); B: crates.io+npm
relay pulseengine/relay#222 C: manual witness→CI gate (witness#145), add scry
wohl pulseengine/wohl#50 C: witness→CI, ship signed wasm, scry; E: add gate
kiln pulseengine/kiln#356 A+B: no release at all; C: witness+scry, re-enable Kani
jess pulseengine/jess#91 C: witness+scry CI gates (wasm firmware, runs neither)
rivet pulseengine/rivet#557 B: add crates.io (npm-only today)
sigil pulseengine/sigil#165 A: SBOM; B: npm; C: wire witness gate + scry
synth pulseengine/synth#426 B: add npm wrapper
scry pulseengine/scry#59 E: 0 verifies links despite live MC/DC + 111 tests + 12 proofs
witness pulseengine/witness#115 E: 2/55 extraction; B: crates.io + npm
mcp pulseengine/mcp#100 A+B: manual unsigned publish→signed CI; E: 0 links

The sweep matrix

Repo Ships wasm Dist Track A sigil wasm witness scry verifies Pages
rivet no GH+npm n/a n/a n/a 65/193
sigil comp+cli GH+crates+OCI ⚠️ −SBOM self best-effort harness not-run ~75
witness reporter GH ✅ self 2/55
scry comp GH+crates ✅ gate ✅ self 0
synth no(→native) GH+crates feature-only n/a n/a 141
gale kernels GH ✅(.o not wasm) ✗ TODO 642 demo
meld in/out GH 0 rivet
loom optimizer GH ~6
spar comp GH+VSCode ~59
relay comp GH manual 320 (120/128)
wohl comp(unshipped) GH CI-not-shipped manual 42
mcp no crates(manual!)+GH n/a n/a n/a 0
kiln none static docs

Verification-extraction exemplars to copy: relay (test-level), gale/synth (volume). Laggards: scry, witness, loom, meld, mcp.

Field reports that surfaced this: #88#95. Three (#89 relay, #92 gale, #93 synth) are now stale on their headline numbers — those gaps closed mid-campaign.

Metadata

Metadata

Assignees

No one assigned

    Labels

    release-standardOrg-wide release-consistency campaign (five-track standard); coordination hub #98

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions