Add production release evidence templates

[punk6529]

Summary

Closes #199.

Adds a public-safe production-release evidence template set for every production-release requirement row while keeping all readiness states blocked/missing until real reviewed evidence exists.

Changes

• Add release-artifacts/evidence/production-release-templates/ with one checked JSON template per production-release requirement and a shared retained-artifact placeholder.
• Extend scripts/check_non_local_release_evidence.py so the default check validates both public-beta and production-release template sets for completeness, uniqueness, and phase-correct requirement IDs.
• Add focused non-local evidence tests for committed production templates, missing templates, duplicate templates, and public-beta-only IDs in the production template directory.
• Extend the release-manifest fixture to prove nested production-release templates are included in non-local evidence coverage.
• Update public-beta, non-local evidence, release-readiness, tooling, release-artifacts, changelog, roadmap, and autonomous run-state docs.
• Regenerate release-artifacts/latest/release-manifest.json, release-artifacts/latest/SHA256SUMS, and release-artifacts/latest/release-checksums.json.

Validation

• python -m py_compile scripts\check_non_local_release_evidence.py scripts\test_non_local_release_evidence.py scripts\generate_release_manifest.py scripts\test_release_manifest.py scripts\generate_release_checksums.py
• python scripts\test_non_local_release_evidence.py
• python scripts\check_non_local_release_evidence.py
• python scripts\test_release_manifest.py
• python scripts\generate_release_manifest.py
• python scripts\generate_release_checksums.py after manifest refresh
• python scripts\generate_release_manifest.py --check
• python scripts\test_release_checksums.py
• python scripts\generate_release_checksums.py --check
• python scripts\test_public_beta_evidence.py
• python scripts\check_public_beta_evidence.py
• python scripts\test_public_beta_blocker_report.py
• python scripts\generate_public_beta_blocker_report.py --check
• python scripts\test_release_readiness.py
• python scripts\check_release_readiness.py
• python scripts\test_changelog_check.py
• python scripts\check_changelog.py
• rg -n "^#|^##|^###" docs\public-beta-evidence.md docs\non-local-release-evidence.md docs\release-readiness.md docs\tooling.md release-artifacts\README.md release-artifacts\evidence\production-release-templates\README.md ops\ROADMAP.md ops\AUTONOMOUS_RUN.md
• git diff --check
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1

Summary by CodeRabbit

Release Notes

• New Features

  • Production-release evidence templates now available for ceremonies, deployments, verification, randomizer operations, post-audit remediation, address books, signatures, and git tags.

• Documentation

  • Enhanced release evidence guides with production-release template locations, usage instructions, and checklist workflows.

• Tests

  • Added validation checks ensuring complete production-release template coverage across all requirements.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f3f8e5b2-60b3-4f36-9c87-80f056a82710

📥 Commits

Reviewing files that changed from the base of the PR and between 728eb71 and a47870d.

📒 Files selected for processing (25)

• CHANGELOG.md
• docs/non-local-release-evidence.md
• docs/public-beta-evidence.md
• docs/release-readiness.md
• docs/tooling.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• release-artifacts/README.md
• release-artifacts/evidence/production-release-templates/README.md
• release-artifacts/evidence/production-release-templates/live-ceremony-evidence-template.json
• release-artifacts/evidence/production-release-templates/live-deployment-manifest-template.json
• release-artifacts/evidence/production-release-templates/live-explorer-verification-template.json
• release-artifacts/evidence/production-release-templates/live-randomizer-operations-evidence-template.json
• release-artifacts/evidence/production-release-templates/post-audit-remediation-template.json
• release-artifacts/evidence/production-release-templates/production-address-books-template.json
• release-artifacts/evidence/production-release-templates/production-broadcast-retention-template.json
• release-artifacts/evidence/production-release-templates/production-signatures-template.json
• release-artifacts/evidence/production-release-templates/retained-artifact-template.txt
• release-artifacts/evidence/production-release-templates/signed-git-tag-template.json
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/check_non_local_release_evidence.py
• scripts/test_non_local_release_evidence.py
• scripts/test_release_manifest.py

---

📝 Walkthrough

Walkthrough

This PR adds nine production-release evidence templates covering live ceremony, deployment manifests, explorer verification, randomizer operations, post-audit remediation, address books, broadcast retention, signatures, and signed Git tags. It extends the non-local release evidence checker to validate both public-beta and production-release template sets, adds test fixtures and coverage, updates documentation and operational state, and regenerates release artifacts with checksums.

Changes

Production-Release Evidence Templates

Layer / File(s)	Summary
Production-Release Template Artifacts release-artifacts/evidence/production-release-templates/README.md, *-template.json, retained-artifact-template.txt	Nine production-release evidence templates (live ceremony, deployment manifest, explorer verification, randomizer operations, post-audit remediation, production address books, broadcast retention, production signatures, signed Git tag) and a retained-artifact placeholder are added with schema identifiers, environment/chain metadata, retained artifact paths/hashes, redaction policies listing sensitive fields, source placeholders, and template-only notices clarifying non-completion status.
Checker Script Enhancements for Production Templates scripts/check_non_local_release_evidence.py	Add PRODUCTION_RELEASE_TEMPLATE_DIR and PRODUCTION_RELEASE_TEMPLATE_REQUIREMENTS constants; introduce shared template_paths() and validate_template_set() helpers to enumerate and validate per-requirement template sets; add validate_production_release_template_set() and production_release_template_paths() wired into default validation flow; update CLI help to mention production-release templates.
Test Fixtures and Production Template Validation Tests scripts/test_non_local_release_evidence.py, scripts/test_release_manifest.py	Add valid_production_release_template() test fixture builder; add tests asserting production template set covers all required IDs exactly once with template status; add negative tests rejecting missing/duplicate/misidentified templates; extend seed_release_tree and manifest test to include production-signatures template fixture.
User and Operator Documentation Updates docs/public-beta-evidence.md, docs/non-local-release-evidence.md, docs/release-readiness.md, docs/tooling.md, release-artifacts/README.md	Update documentation to clarify production-release templates live under release-artifacts/evidence/production-release-templates/, are template-only (not completion evidence), and must be replaced with reviewed evidence before release. Extend non-local checker docs to cover both public-beta and production-release template validation.
Release Manifest, Checksums, and Changelog Updates release-artifacts/latest/release-manifest.json, release-artifacts/latest/release-checksums.json, release-artifacts/latest/SHA256SUMS, CHANGELOG.md	Add nine production-release template entries to release manifest with paths, hashes, evidence IDs, and embedded redaction policies. Update SHA256 checksums for all new template files and regenerated manifest/checksums files. Refresh hashes for updated governance documents. Add changelog entry documenting added production-release evidence templates.
Operational State and Roadmap Updates ops/AUTONOMOUS_RUN.md, ops/ROADMAP.md	Update AUTONOMOUS_RUN.md to record queue item 103 active status with implementation branch, PR/CI details, and local validation transcript; update PR #200 merge evidence and decision log. Refresh ROADMAP.md verification metadata, maturity baseline, docs/evidence coverage, Gate G tracking, and release checklist to include per-requirement production-release templates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• #199: This PR fully addresses the acceptance criteria by adding nine production-release evidence templates, extending the checker to validate template completeness and uniqueness, ensuring templates remain template-only without altering readiness claims, updating docs and release artifacts, and implementing focused test coverage.

Possibly related PRs

• 6529-Collections/6529Stream#197: Both PRs modify the non-local release evidence checker/test suite to validate per-requirement template sets—PR #197 for public-beta templates and this PR extending the same mechanism to production-release templates.
• 6529-Collections/6529Stream#171: This PR extends the non-local release evidence checker introduced in PR #171 to add production-release template-set validation and corresponding test fixtures.

Poem

🐰 From templates nine, production paths grow,
With redaction guards and placeholders below,
The checker ensures each requirement's place,
No secrets slip through this evidence space,
Release day waits for reviewed, real trace! 🎖️

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: addition of production release evidence templates, which is the core purpose of this PR.
Linked Issues check	✅ Passed	All requirements from issue #199 are met: 9 per-requirement production-release templates added, template-only status maintained, validation extended to both template sets, docs updated, manifests regenerated, and all acceptance criteria fulfilled.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #199: templates, validation scripts, documentation updates, and manifest regeneration. No unrelated modifications detected.
Docstring Coverage	✅ Passed	Docstring coverage is 91.67% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/production-release-evidence-templates

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.