Add release evidence issue backlog artifact

[punk6529]

Summary

• Generate release-artifacts/latest/release-evidence-issue-backlog.json and .md from the release evidence packet index, with one no-secret issue-ready entry per incomplete public-beta or production-release evidence requirement.
• Wire backlog generation and drift checks into Makefile, shell/PowerShell wrappers, GitHub Actions, release-manifest coverage, checksum coverage, release-artifact downstream handling, and release-readiness validation.
• Update release docs, changelog, roadmap, and autonomous run state while preserving blocked readiness claims and avoiding automatic issue creation.

Closes #212.

Validation

• python -m py_compile scripts/generate_release_evidence_issue_backlog.py scripts/test_release_evidence_issue_backlog.py scripts/generate_release_manifest.py scripts/test_release_manifest.py scripts/check_release_readiness.py scripts/test_release_artifacts.py
• python scripts/test_release_evidence_issue_backlog.py
• python scripts/generate_release_evidence_issue_backlog.py --check
• python scripts/test_release_manifest.py
• python scripts/generate_release_manifest.py --check
• python scripts/test_release_checksums.py
• python scripts/generate_release_checksums.py --check
• python scripts/test_release_artifacts.py
• python scripts/generate_release_artifacts.py --check
• python scripts/test_release_readiness.py
• python scripts/check_release_readiness.py
• python scripts/test_changelog_check.py
• python scripts/check_changelog.py
• bash -n scripts/check.sh
• PowerShell parser check for scripts/check.ps1
• rg -n "^#|^##|^###" ops/ROADMAP.md ops/AUTONOMOUS_RUN.md docs/release-readiness.md docs/public-beta-evidence.md release-artifacts/README.md docs/tooling.md
• git diff --check (passes with the known Windows LF-to-CRLF warning for scripts/check.ps1)
• make check (passes with existing Solidity compiler and Foundry trace warning noise only)

Summary by CodeRabbit

• New Features

  • Added a release evidence issue backlog that generates issue-ready entries from incomplete requirements, including titles, labels, bodies and validation commands.

• Documentation

  • Updated release and ops documentation to describe the new issue-backlog artifacts, regeneration/check commands, and their role in release readiness.

• Chores

  • Expanded verification/check targets and CI to run additional release-evidence generation and validation checks.
  • Updated release manifest and checksums to include the new backlog artifacts.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[punk6529]

@coderabbitai review

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a deterministic release-evidence issue-backlog generator and tests, wires generator/check into Makefile and CI, records new JSON/Markdown artifacts in the release manifest and checksums, updates release-readiness/tooling/docs, and commits the generated Markdown backlog artifact.

Changes

Release Evidence Issue Backlog Feature

Layer / File(s)	Summary
Issue backlog generator module scripts/generate_release_evidence_issue_backlog.py	Loads packet index, validates schema/policy, filters incomplete rows, enforces template-only rules, builds deterministic issue titles/labels/bodies and completion gates, secret-scans, renders deterministic JSON and Markdown, provides write and --check CLI modes.
Generator behavior and validation tests scripts/test_release_evidence_issue_backlog.py	Adds unit/integration tests that dynamically import the generator, create deterministic packet fixtures, validate generation, detect drift, and assert failures for template-only policies, schema mismatches, secret-like operator notes, and unknown phase/status values.
Makefile and CI wiring Makefile, .github/workflows/ci.yml, scripts/check.sh, scripts/check.ps1	Adds Make targets release-evidence-issue-backlog and release-evidence-issue-backlog-check, includes backlog-check in make check and release-manifest prerequisites, and runs tests and --check in CI and platform check scripts.
Manifest, checksum, and artifact tests scripts/generate_release_manifest.py, scripts/test_release_artifacts.py, scripts/test_release_manifest.py, release-artifacts/latest/SHA256SUMS, release-artifacts/latest/release-checksums.json, release-artifacts/latest/release-manifest.json	Declares backlog filenames in manifest generator, adds JSON/MD entries to manifest with SHA256/size, updates fixture writers and deterministic manifest tests, and updates checksum files.
Release artifacts committed release-artifacts/latest/release-evidence-issue-backlog.md, release-artifacts/README.md	Commits deterministic Markdown backlog with per-entry issue-ready bodies and updates README to list JSON/MD backlog artifacts.
Release-readiness and tooling scripts/check_release_readiness.py, scripts/generate_release_artifacts.py, docs/tooling.md, docs/release-readiness.md, docs/public-beta-evidence.md	Extends readiness checker to require backlog phrase/commands/links, excludes backlog files from downstream-file comparisons, and documents regenerate/--check command sequences in tooling and release-update checklists.
Docs, changelog, and ops records CHANGELOG.md, ops/AUTONOMOUS_RUN.md, ops/ROADMAP.md	Adds changelog Unreleased entry and updates operational run-state and roadmap to record backlog work, verification metadata, and Gate G evidence requirements.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• Add release evidence packet index and checker #207: Shares the packet-index-based artifact generation/validation scope used as input for this backlog generator.
• Reconcile production blocker report merge state #206: Both update durable ops run-state documents (AUTONOMOUS_RUN/ROADMAP) to reflect merged PRs and queue progress.

Possibly related PRs

• 6529-Collections/6529Stream#211: Records the prior merged PR and is referenced in ops/ROADMAP and AUTONOMOUS_RUN updates in this change.
• 6529-Collections/6529Stream#163: Related release-readiness machinery; this PR extends check phrases/commands/links for the new backlog artifact.
• 6529-Collections/6529Stream#209: Provides packet-index artifacts/checker that this generator consumes and validates against.

Poem

🐰 A rabbit hops through packet rows,

turning missing bits to tidy prose.
JSON hums and Markdown sings,
checksums nod to the changes it brings.
Now issues wait in neat little stacks — hooray for tidy tracks!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main change: adding a release evidence issue backlog artifact to the repository.
Linked Issues check	✅ Passed	The PR fully implements all requirements from issue #212: generates JSON/Markdown backlog, includes all required entry fields, preserves template-only semantics, wires into checks/manifest/checksums, and avoids creating issues automatically.
Out of Scope Changes check	✅ Passed	All changes are scoped to the release evidence backlog feature: new scripts, documentation updates, workflow configuration, and generated artifacts. No unrelated modifications detected.
Docstring Coverage	✅ Passed	Docstring coverage is 86.05% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/release-evidence-issue-backlog

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/tooling.md (1)

22-84: ⚠️ Potential issue | 🟡 Minor

Add release evidence issue backlog scripts to docs/tooling.md command sequences

• docs/tooling.md’s “make check” command list (lines 22-84) omits python scripts/test_release_evidence_issue_backlog.py and python scripts/generate_release_evidence_issue_backlog.py --check, even though the Makefile’s check target depends on release-evidence-issue-backlog-check.
• docs/tooling.md’s “Release Artifacts” regeneration commands (lines 291-333) also omit the issue backlog steps (add python scripts/generate_release_evidence_issue_backlog.py to the refresh list, and python scripts/test_release_evidence_issue_backlog.py + python scripts/generate_release_evidence_issue_backlog.py --check to the --check list).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/tooling.md` around lines 22 - 84, Summary: docs/tooling.md omits the
release evidence issue backlog scripts from the "make check" and "Release
Artifacts" command lists; add them. Fix: in the "make check" command sequence
add the two commands python scripts/test_release_evidence_issue_backlog.py and
python scripts/generate_release_evidence_issue_backlog.py --check (place them
with the other python test/generate checks), and in the "Release Artifacts"
regeneration commands add python
scripts/generate_release_evidence_issue_backlog.py to the refresh list and
ensure python scripts/test_release_evidence_issue_backlog.py plus python
scripts/generate_release_evidence_issue_backlog.py --check are present in the
--check list so the docs match the Makefile dependency.

🧹 Nitpick comments (1)

scripts/test_release_evidence_issue_backlog.py (1)

287-351: ⚡ Quick win

Add a regression test for missing nested row keys to enforce typed failures.

Current negative-path coverage is strong, but it does not verify behavior when required nested keys (for example template.path) are missing. Add a case asserting ReleaseEvidenceIssueBacklogError so malformed packet rows don’t regress to uncaught KeyError.

Example test to add

+    def test_rejects_missing_nested_required_fields(self) -> None:
+        """Missing nested row keys fail with typed backlog error."""
+        with tempfile.TemporaryDirectory() as temp_dir:
+            root = Path(temp_dir)
+            bad_row = packet_row(generator.PUBLIC_BETA_PHASE, "external_audit_report")
+            del bad_row["template"]["path"]
+            write_json(root / generator.DEFAULT_PACKET_INDEX, packet(bad_row))
+
+            with self.assertRaises(generator.ReleaseEvidenceIssueBacklogError):
+                generator.build_backlog(
+                    root,
+                    generator.DEFAULT_PACKET_INDEX,
+                    generator.DEFAULT_JSON_OUTPUT,
+                    generator.DEFAULT_MARKDOWN_OUTPUT,
+                )

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/generate_release_evidence_issue_backlog.py`:
- Around line 154-160: The code currently directly indexes nested packet fields
in completion_gate, issue_body, and build_backlog, which can raise uncaught
KeyError; update each function to validate required top-level and nested fields
with require_string/require_bool/require_dict (and require_dict for nested maps)
before any direct indexing (e.g., replace usages like packet["foo"]["bar"] or
row["baz"] with validated values from require_* calls), and ensure any
missing/invalid fields propagate the library's controlled error type so main
continues to handle ReleaseEvidenceIssueBacklogError rather than letting raw
KeyError escape.

---

Outside diff comments:
In `@docs/tooling.md`:
- Around line 22-84: Summary: docs/tooling.md omits the release evidence issue
backlog scripts from the "make check" and "Release Artifacts" command lists; add
them. Fix: in the "make check" command sequence add the two commands python
scripts/test_release_evidence_issue_backlog.py and python
scripts/generate_release_evidence_issue_backlog.py --check (place them with the
other python test/generate checks), and in the "Release Artifacts" regeneration
commands add python scripts/generate_release_evidence_issue_backlog.py to the
refresh list and ensure python scripts/test_release_evidence_issue_backlog.py
plus python scripts/generate_release_evidence_issue_backlog.py --check are
present in the --check list so the docs match the Makefile dependency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ad7ca4ec-91dd-474a-aafb-23761b14489f

📥 Commits

Reviewing files that changed from the base of the PR and between 767dd61 and 9f20c46.

📒 Files selected for processing (24)

• .github/workflows/ci.yml
• CHANGELOG.md
• Makefile
• docs/public-beta-evidence.md
• docs/release-readiness.md
• docs/tooling.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• release-artifacts/README.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-evidence-issue-backlog.json
• release-artifacts/latest/release-evidence-issue-backlog.md
• release-artifacts/latest/release-manifest.json
• scripts/check.ps1
• scripts/check.sh
• scripts/check_release_readiness.py
• scripts/generate_release_artifacts.py
• scripts/generate_release_evidence_issue_backlog.py
• scripts/generate_release_manifest.py
• scripts/test_release_artifacts.py
• scripts/test_release_evidence_issue_backlog.py
• scripts/test_release_manifest.py
• scripts/test_release_readiness.py

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ops/AUTONOMOUS_RUN.md`:
- Around line 174-176: Choose one canonical state (either "pre-push, local ready
to push" or "pushed, CI passed on head") and make the Status snapshot
consistent: if you choose pre-push, change the Status line to something like "PR
`#213` open; local fixes validated and ready to push (commit 9f20c46...);
CI/CodeRabbit pending" and leave the Remote review block as-is; if you choose
the pushed state, change the Status line to "PR `#213` open; pushed; CI passed on
head 9f20c46..." and update the Remote review block to remove or mark
CI/CodeRabbit as passed. Ensure references to PR `#213`, commit
9f20c468eb2f8cce5a42d22080773945fc0cfe46 and the "Remote review" block are
updated accordingly so the two sections do not contradict each other.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e08cbeac-0871-4445-a8dc-98bcf4b841e8

📥 Commits

Reviewing files that changed from the base of the PR and between 9f20c46 and 6ac85e8.

📒 Files selected for processing (7)

• docs/tooling.md
• ops/AUTONOMOUS_RUN.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/generate_release_evidence_issue_backlog.py
• scripts/test_release_evidence_issue_backlog.py

✅ Files skipped from review due to trivial changes (1)

• docs/tooling.md

🚧 Files skipped from review as they are similar to previous changes (3)

• release-artifacts/latest/SHA256SUMS
• scripts/generate_release_evidence_issue_backlog.py
• release-artifacts/latest/release-manifest.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Normalize the PR #213 status snapshot.

This reads as both “CI already passed on 9f20...” and “ready to push,” while the earlier Remote review block still says CI/CodeRabbit are pending. Please make this section consistently describe either the pre-push local state or the pushed CI-passed head so the durable log doesn’t drift.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ops/AUTONOMOUS_RUN.md` around lines 174 - 176, Choose one canonical state
(either "pre-push, local ready to push" or "pushed, CI passed on head") and make
the Status snapshot consistent: if you choose pre-push, change the Status line
to something like "PR `#213` open; local fixes validated and ready to push (commit
9f20c46...); CI/CodeRabbit pending" and leave the Remote review block as-is; if
you choose the pushed state, change the Status line to "PR `#213` open; pushed; CI
passed on head 9f20c46..." and update the Remote review block to remove or mark
CI/CodeRabbit as passed. Ensure references to PR `#213`, commit
9f20c468eb2f8cce5a42d22080773945fc0cfe46 and the "Remote review" block are
updated accordingly so the two sections do not contradict each other.