Add production release blocker report

[punk6529]

Summary

Closes #203.

This PR adds a production-focused release blocker report generated from the existing public beta evidence manifest and production release evidence templates.

It wires the new report into:

• local make check and scripts/check.ps1 gates
• CI py_compile and evidence checks
• release manifest and checksum coverage
• release artifact packaging tests
• release readiness validation
• documentation and durable autonomous run state

The new report links each production requirement back to its checked template path and preserves the current readiness posture. This does not change Solidity, deployment behavior, or any release-readiness claim.

Validation

• python -m py_compile scripts/generate_production_release_blocker_report.py scripts/test_production_release_blocker_report.py scripts/generate_release_manifest.py scripts/test_release_manifest.py scripts/check_release_readiness.py
• python scripts/test_production_release_blocker_report.py
• python scripts/generate_production_release_blocker_report.py --check
• python scripts/test_release_artifacts.py
• python scripts/test_release_manifest.py
• python scripts/test_release_readiness.py
• python scripts/check_release_readiness.py
• python scripts/generate_public_beta_blocker_report.py --check
• python scripts/generate_release_manifest.py
• python scripts/generate_release_checksums.py
• python scripts/test_public_beta_blocker_report.py
• python scripts/generate_public_beta_blocker_report.py --check
• python scripts/test_release_checksums.py
• python scripts/generate_release_checksums.py --check
• python scripts/check_public_beta_evidence.py
• python scripts/check_non_local_release_evidence.py
• python scripts/test_changelog_check.py
• python scripts/check_changelog.py
• python scripts/test_audit_package.py
• python scripts/check_audit_package.py
• python scripts/test_architecture_threat_model.py
• python scripts/check_architecture_threat_model.py
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1
• git diff --check

Summary by CodeRabbit

• New Features

  • Added a generated production release blocker report to surface production-readiness blockers.

• Documentation

  • Updated release and tooling docs to describe the production blocker report, its verification, and release-artifact placement.

• Chores

  • Integrated generation and check of the production blocker report into CI and release workflows and manifests.

• Tests

  • Added end-to-end tests to validate deterministic generation, check mode, and template linkage for the report.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[punk6529]

@coderabbitai review

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 33c42cd4-cf95-4ab9-97d1-3c62a76ef273

📥 Commits

Reviewing files that changed from the base of the PR and between 822c38b and df5ef83.

📒 Files selected for processing (7)

• ops/AUTONOMOUS_RUN.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/production-release-blockers.md
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/generate_production_release_blocker_report.py
• scripts/test_production_release_blocker_report.py

✅ Files skipped from review due to trivial changes (2)

• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/production-release-blockers.md

🚧 Files skipped from review as they are similar to previous changes (3)

• release-artifacts/latest/release-checksums.json
• scripts/generate_production_release_blocker_report.py
• ops/AUTONOMOUS_RUN.md

---

📝 Walkthrough

Walkthrough

Adds a deterministic production-focused blocker report: a new generator CLI with --check, comprehensive tests and fixtures, a committed Markdown artifact, CI/Makefile/WIndows wrapper wiring, release-manifest and checksum entries, and documentation updates that reference generation/check commands and artifact locations.

Changes

Production Release Blocker Report

Layer / File(s)	Summary
Production Release Blocker Report Generator scripts/generate_production_release_blocker_report.py	Core CLI that loads evidence manifest, canonicalizes production requirements, validates template mappings, renders deterministic Markdown status summary and requirement tables, and supports --check mode for committed file drift detection.
Generator Test Suite scripts/test_production_release_blocker_report.py	Comprehensive unittest with fixture builders that verify production-only filtering, template-link coverage, ordering/grouping, determinism, error handling (missing templates, secret-like data), and check-mode failure messaging.
Generated Production Blocker Report release-artifacts/latest/production-release-blockers.md	Committed deterministic Markdown report marking production release as blocked, enumerating incomplete production evidence rows with template links, validation commands, and provenance metadata.
Build System & CI Integration Makefile, .github/workflows/ci.yml, scripts/check.ps1, scripts/check_release_readiness.py, scripts/generate_release_artifacts.py	New Makefile targets and phony declaration, CI workflow checks and logging steps, PowerShell wrapper additions, and release-readiness checker extended to require generator/test commands and the committed artifact link.
Release Manifest & Checksum Tracking scripts/generate_release_manifest.py, release-artifacts/latest/release-manifest.json, release-artifacts/latest/release-checksums.json, release-artifacts/latest/SHA256SUMS	Generator constant and new production_release_blocker_report manifest entry, corresponding checksum and size entries in release-checksums.json and SHA256SUMS, and updated governance-doc checksums.
Release Artifact & Manifest Test Updates scripts/test_release_artifacts.py, scripts/test_release_manifest.py	Test fixtures extended to write production-release-blockers.md and manifest tests assert presence and correct sha256/path for production_release_blocker_report in both default and custom directories.
Documentation, Changelog, & Operations Updates release-artifacts/README.md, docs/tooling.md, docs/public-beta-evidence.md, docs/release-readiness.md, README.md, CHANGELOG.md, ops/AUTONOMOUS_RUN.md, ops/ROADMAP.md	Docs updated with generation/check commands, artifact description/location, release-readiness and tooling guidance, changelog entry, and durable ops/runbook state/worklog reflecting the new artifact.

Sequence Diagram

sequenceDiagram
  participant CI as CI pipeline (.github/workflows/ci.yml)
  participant Make as Makefile / make check
  participant CLI as generate_production_release_blocker_report.py
  participant Evidence as release-artifacts/latest/public-beta-evidence.json
  participant Templates as release-artifacts/evidence/production-release-templates
  participant Manifest as scripts/generate_release_manifest.py

  CI->>Make: run check targets
  Make->>CLI: invoke generator (--check)
  CLI->>Evidence: load & canonicalize evidence
  CLI->>Templates: resolve/validate production templates
  CLI->>Manifest: emit file_record entry (consumed later)
  CLI->>CI: write or compare committed release-artifacts/latest/production-release-blockers.md

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• Reconcile production release template merge state #202: Updates to ops/ROADMAP.md and ops/AUTONOMOUS_RUN.md overlap with this PR's operational state and roadmap edits.

Possibly related PRs

• 6529-Collections/6529Stream#106: Related release-manifest generation work extended here with a new artifact entry.
• 6529-Collections/6529Stream#163: Related checker updates to scripts/check_release_readiness.py that this PR further extends.
• 6529-Collections/6529Stream#193: Related public-beta blocker report work that parallels CI/Makefile/check integrations.

"I hopped through files with nimble feet,
templates linked and checks complete.
No secrets spilled, just blocked in view —
a rabbit's nod to work made true. 🐇"

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: adding a production release blocker report, which is the primary objective of this PR.
Linked Issues check	✅ Passed	All coding requirements from issue #203 are met: production blocker report generation from evidence manifest [#203], production-only requirement filtering [#203], template linking [#203], check-mode drift detection [#203], comprehensive test coverage [#203], and wiring into gates/manifest/docs [#203].
Out of Scope Changes check	✅ Passed	All changes directly support production blocker report functionality: generator/test scripts, documentation updates, CI/Makefile integration, manifest/checksum updates, and durable state management. No unrelated modifications detected.
Docstring Coverage	✅ Passed	Docstring coverage is 84.21% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/production-release-blocker-report

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/generate_production_release_blocker_report.py`:
- Around line 148-164: The loop that builds rows for PRODUCTION_REQUIREMENTS
must emit rows grouped by status; after filtering by statuses (inside the for
over PRODUCTION_REQUIREMENTS) collect matching requirement entries into a temp
list of tuples (status, requirement_id, row data) then sort that list using
STATUS_ORDER for the status key (and requirement_id as secondary tie-breaker)
before appending to rows — update the code around the for loop that reads
PRODUCTION_REQUIREMENTS/PRODUCTION_PHASE to perform this two-step
filter-then-sort-then-extend behavior (use template_paths and normalize_path as
before when creating row data); also add a unit test in
scripts/test_production_release_blocker_report.py that constructs a mixed-status
set of production requirements and asserts the produced rows are grouped by
STATUS_ORDER (and deterministic by requirement id) to lock the behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ff28e586-7da4-4c2f-8033-33e078088f24

📥 Commits

Reviewing files that changed from the base of the PR and between de5df8e and 822c38b.

📒 Files selected for processing (22)

• .github/workflows/ci.yml
• CHANGELOG.md
• Makefile
• README.md
• docs/public-beta-evidence.md
• docs/release-readiness.md
• docs/tooling.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• release-artifacts/README.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/production-release-blockers.md
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/check.ps1
• scripts/check_release_readiness.py
• scripts/generate_production_release_blocker_report.py
• scripts/generate_release_artifacts.py
• scripts/generate_release_manifest.py
• scripts/test_production_release_blocker_report.py
• scripts/test_release_artifacts.py
• scripts/test_release_manifest.py