Add per-requirement public beta evidence templates

[punk6529]

Summary

Closes #195.

This PR adds one checked, public-safe non-local release evidence template for each current public-beta evidence requirement ID under release-artifacts/evidence/public-beta-templates/.

The templates are intentionally record_type: "template" and review_status: "template". They are operator starting points only. They do not mark public beta or production release ready, and release-artifacts/latest/public-beta-evidence.json remains blocked with public-beta and production rows missing until real reviewed fork/testnet/live/audit evidence exists.

Changes

• Add per-requirement public-beta evidence templates plus a shared retained-artifact placeholder.
• Extend the non-local release evidence checker so default validation proves the public-beta template set is complete, unique, and limited to public-beta requirement IDs.
• Add checker tests for missing templates, duplicate templates, and production-only requirement IDs in the public-beta template directory.
• Include nested non-local evidence templates in release-manifest and checksum coverage.
• Update public-beta, non-local evidence, release-readiness, tooling, release-artifact, roadmap, run-state, and changelog docs.

Validation

• python -m py_compile scripts\check_non_local_release_evidence.py scripts\test_non_local_release_evidence.py scripts\check_public_beta_evidence.py scripts\generate_public_beta_blocker_report.py scripts\generate_release_manifest.py scripts\test_release_manifest.py scripts\generate_release_checksums.py
• python scripts\test_non_local_release_evidence.py
• python scripts\check_non_local_release_evidence.py
• python scripts\test_public_beta_evidence.py
• python scripts\check_public_beta_evidence.py
• python scripts\test_public_beta_blocker_report.py
• python scripts\generate_public_beta_blocker_report.py --check
• python scripts\test_release_manifest.py
• python scripts\generate_release_manifest.py --check
• python scripts\test_release_checksums.py
• python scripts\generate_release_checksums.py --check
• python scripts\test_release_readiness.py
• python scripts\check_release_readiness.py
• python scripts\test_changelog_check.py
• python scripts\check_changelog.py
• rg -n "^#|^##|^###" docs\public-beta-evidence.md docs\non-local-release-evidence.md docs\release-readiness.md docs\tooling.md release-artifacts\README.md release-artifacts\evidence\public-beta-templates\README.md ops\ROADMAP.md ops\AUTONOMOUS_RUN.md
• git diff --check
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1

Readiness note

Sanity check after generation: public_beta and production_release both remain blocked; all 8 public-beta rows and all 9 production-release rows remain missing.

Summary by CodeRabbit

• New Features

  • Added checked public‑beta evidence templates as operator starting points to support public‑beta release intake.

• Documentation

  • Clarified runbooks and procedures for creating non‑local/public‑beta evidence from templates and updated tooling guidance and examples.
  • Added README and workflow guidance for template-to-evidence conversion and validation.

• Chores

  • Updated release manifests and checksums to include the new public‑beta templates and related artifacts.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 96711d48-3b57-4240-8952-b0fb931a4e92

📥 Commits

Reviewing files that changed from the base of the PR and between d81f065 and e3034c4.

📒 Files selected for processing (8)

• docs/public-beta-evidence.md
• ops/AUTONOMOUS_RUN.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/check_non_local_release_evidence.py
• scripts/generate_release_manifest.py
• scripts/test_release_manifest.py

✅ Files skipped from review due to trivial changes (3)

• release-artifacts/latest/SHA256SUMS
• docs/public-beta-evidence.md
• ops/AUTONOMOUS_RUN.md

🚧 Files skipped from review as they are similar to previous changes (5)

• scripts/test_release_manifest.py
• release-artifacts/latest/release-manifest.json
• release-artifacts/latest/release-checksums.json
• scripts/check_non_local_release_evidence.py
• scripts/generate_release_manifest.py

---

📝 Walkthrough

Walkthrough

Adds checked per-requirement public-beta evidence templates under release-artifacts/evidence/public-beta-templates/, extends the non-local evidence checker to discover/validate the template set by default, integrates templates into the release manifest/checksums, adds tests for discovery/validation, and updates documentation and ops state.

Changes

Public-beta evidence templates and integration

Layer / File(s)	Summary
Template artifact definitions and documentation release-artifacts/evidence/public-beta-templates/*.json, release-artifacts/evidence/public-beta-templates/*.txt, release-artifacts/evidence/public-beta-templates/README.md, release-artifacts/README.md	Nine requirement-specific JSON templates and a retained-artifact placeholder plus a README document template purpose, redaction policy, and an operator workflow for converting templates into reviewed, no-secret retained evidence.
Checker validation logic for template discovery and enforcement scripts/check_non_local_release_evidence.py	Adds constants for the public-beta template directory and allowed requirement IDs, helpers to enumerate committed templates and compute default evidence paths, and a validator ensuring one template per allowed public-beta requirement with correct template invariants; CLI/main updated to use the computed default set when evidence paths are not provided.
Release manifest and checksum integration scripts/generate_release_manifest.py, release-artifacts/latest/release-manifest.json, release-artifacts/latest/SHA256SUMS, release-artifacts/latest/release-checksums.json	Manifest generation now recursively discovers non-local evidence JSON (including public-beta templates). The release manifest includes new non_local_release_evidence template entries; SHA256SUMS and release-checksums are updated with the new template artifact entries and adjusted digests for changed docs.
Test infrastructure for template validation and manifest integration scripts/test_non_local_release_evidence.py, scripts/test_release_manifest.py	Adds fixture/helper to construct valid public-beta template objects, unit tests verifying template-set completeness/uniqueness and rejection cases, seeds a template into the release fixture, and updates manifest tests to select evidence by evidence_id.
Documentation and operational state updates CHANGELOG.md, docs/non-local-release-evidence.md, docs/public-beta-evidence.md, docs/release-readiness.md, docs/tooling.md, ops/AUTONOMOUS_RUN.md, ops/ROADMAP.md	CHANGELOG and guidance docs updated to describe the per-requirement public-beta templates, require starting evidence updates from matching templates, clarify templates are template-only (not completion evidence), describe checker validation scope, and record PR queue and decision-log state changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• #195: Add per-requirement public beta evidence templates — this PR implements per-requirement public-beta templates, validator checks, manifest/checksum inclusion, and docs as described in the issue.

Possibly related PRs

• 6529-Collections/6529Stream#171: Extends the non-local release evidence checker and test infra; this PR builds on that checker by adding template discovery/validation.
• 6529-Collections/6529Stream#196: Related ops/ROADMAP and AUTONOMOUS_RUN updates; both PRs advance the public-beta blocker/reconciliation workflow.

Poem

🐰 Nine templates sprouted in the garden so fine,
Each requirement now has a starting design,
Placeholders wait for secrets-free care,
Checkers count them steady and fair,
Operators will finish them with cautious flair.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 78.26% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add per-requirement public beta evidence templates' directly matches the main objective of this PR, which adds per-requirement public beta evidence templates.
Linked Issues check	✅ Passed	The PR implements all core requirements from issue #195: per-requirement public-beta evidence templates covering all incomplete requirements, public-safe templates with no secrets, proper validation checks, documentation updates, and release-manifest/checksum coverage.
Out of Scope Changes check	✅ Passed	All changes are directly related to the scope of issue #195. The PR adds templates, validation logic, documentation updates, and release artifact coverage—all explicitly required.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/public-beta-evidence-templates

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/public-beta-evidence.md`:
- Around line 135-140: The numbered steps are out of order: the template step
should come before adding the retained evidence. Edit the steps so that step 2
("Start from the matching template under
`release-artifacts/evidence/public-beta-templates/` when the row maps to a
public-beta requirement") becomes step 1, move the current step 1 ("Add the
retained public evidence file to the repository.") to follow it, and then keep
steps 3 and 4 as-is (updating numbering accordingly) so the workflow clearly
starts from the template before adding retained evidence and computing the
`sha256:` digest.

In `@scripts/check_non_local_release_evidence.py`:
- Around line 224-231: The function public_beta_template_paths currently uses
template_dir.glob("*.json") which only finds top-level files and allows nested
templates to bypass validation; change it to use template_dir.rglob("*.json")
and keep the sorted(...) wrapper to return all JSON template files recursively
(i.e., return sorted(template_dir.rglob("*.json"))) so nested templates under
PUBLIC_BETA_TEMPLATE_DIR are discovered and validated.

In `@scripts/generate_release_manifest.py`:
- Line 816: The loop currently iterates over every JSON under
resolved_non_local_evidence_dir via
recursive_json_files(resolved_non_local_evidence_dir), causing non-metadata JSON
(transcripts/reports) to be treated as non-local evidence; change the iteration
to only consider true non-local evidence metadata by filtering each file before
validating — either (A) restrict filenames (e.g., only files matching a metadata
filename pattern like "*metadata.json" or "*/metadata/*.json"), or (B) open and
parse each candidate and run a small predicate (add
is_non_local_evidence_metadata(json_obj)) that checks for required metadata keys
(e.g., evidence id/source/type) and skip files that don’t match; update the loop
around recursive_json_files(...) to apply this filter and only call the existing
non-local evidence validation logic for files that pass.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e4280b6d-3884-4670-9c6c-553fe5ac628e

📥 Commits

Reviewing files that changed from the base of the PR and between 99b0845 and d81f065.

📒 Files selected for processing (25)

• CHANGELOG.md
• docs/non-local-release-evidence.md
• docs/public-beta-evidence.md
• docs/release-readiness.md
• docs/tooling.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• release-artifacts/README.md
• release-artifacts/evidence/public-beta-templates/README.md
• release-artifacts/evidence/public-beta-templates/explorer-verification-status-template.json
• release-artifacts/evidence/public-beta-templates/external-audit-report-template.json
• release-artifacts/evidence/public-beta-templates/fork-deployment-rehearsal-template.json
• release-artifacts/evidence/public-beta-templates/fork-testnet-ceremony-evidence-template.json
• release-artifacts/evidence/public-beta-templates/fork-testnet-metadata-browser-evidence-template.json
• release-artifacts/evidence/public-beta-templates/fork-testnet-randomizer-operations-evidence-template.json
• release-artifacts/evidence/public-beta-templates/retained-artifact-template.txt
• release-artifacts/evidence/public-beta-templates/testnet-deployment-rehearsal-template.json
• release-artifacts/evidence/public-beta-templates/verified-deployed-addresses-template.json
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/check_non_local_release_evidence.py
• scripts/generate_release_manifest.py
• scripts/test_non_local_release_evidence.py
• scripts/test_release_manifest.py