Complete GovEngine roadmap hardening

CHANGELOG.md

@@ -57,6 +57,12 @@ GovEngine follows conservative pre-1.0 versioning while the API boundary is stil
   lifecycle smoke evidence in docs without expanding live-execution claims.
 - Strengthened public-truth and documentation hygiene guards in
   `scripts/validate_public_truth.py` and tests.
+- Added read-only operator verifier scripts for runner receipt bindings and
+  development JSONL audit ledgers, with bounded outputs, stable exit codes, and
+  focused CLI tests.
+- Added the next-alpha release readiness gate, downstream compatibility smoke
+  design, and final roadmap audit decision without publishing, tagging, or
+  adding host runtime imports.
 - Added governed-runtime smoke-chain coverage in standalone tests.
 - Removed Signposter control-plane artifacts (`docs/roadmaps/`,
   `DOCUMENTATION_HYGIENE.md`) from the tracked public surface.

PUBLISHING.md

@@ -13,6 +13,9 @@ Current published PyPI line: `govengine==0.12.2a0` (`0.12.2-alpha`) with `sclite
 - [ ] `python scripts/validate_alpha_readiness.py` passes for alpha release lines.
 - [ ] `python -m pytest -q` passes.
 - [ ] `python scripts/validate_clean_package_install.py --venv /tmp/govengine-clean-release --dev --sclite-source /path/to/SCLite --no-editable` passes from a new virtual environment path, including its isolated installed-package retirement smoke.
+- [ ] `scripts/verify_runner_receipt_binding.py` and `scripts/verify_audit_ledger.py` are treated as read-only verifier smoke helpers if their records are used as release evidence; they must not generate runner requests, append ledger records, or expose raw payloads.
+- [ ] Maintainer/security review confirms there are no open P0/P1 security findings. Passing tests alone is not release approval when a P0/P1 finding is open.
+- [ ] Downstream smoke evidence is classified before release: SCLite released-line is required, SCLite main is optional/coordinated unless targeted, and Ravenclaw/Tecrax host contract smokes remain external host-owned checks.
 - [ ] Build artifacts are generated from a clean tree.
 - [ ] No generated `build/`, `dist/`, `*.egg-info`, caches, private state, or Ravenclaw workspace files are committed unless intentionally package metadata.
 
@@ -73,3 +76,20 @@ python -m venv /tmp/govengine-wheel-smoke
 ```
 
 Do not upload to PyPI or create public tags until the operator explicitly approves the release action.
+
+## Downstream compatibility smoke gates
+
+GovEngine release checks may validate downstream compatibility, but production
+code must stay host-neutral:
+
+- Required: SCLite released-line smoke in a clean environment using the
+  supported `sclite-core` package range.
+- Optional/coordinated: SCLite main smoke during dependency waves. Treat it as
+  an early warning unless the release target explicitly updates the supported
+  dependency line.
+- External/manual: Ravenclaw, Tecrax, or other host contract smokes. Those
+  checks prove package consumption and host adapter compatibility without
+  adding host imports to GovEngine.
+
+These smokes support a release decision. They do not publish, tag, upload,
+enable live execution, or make production-readiness claims.

docs/API_STABILITY_MATRIX.md

@@ -14,7 +14,7 @@ GovEngine is still alpha. This matrix is not a production readiness claim, and i
 
 | Stability | Source | Exports | Boundary note |
 | --- | --- | --- | --- |
-| alpha | govengine.admission | `AuditLedgerAppendResult`, `AuditLedgerEntry`, `AuditLedgerPort`, `AuditLedgerVerificationResult`, `GovAdmissionDecision`, `GovApprovalRequest`, `GovAuditRecord`, `GovPolicyDecision`, `JsonlAuditLedgerAdapter`, `RuntimeAdmissionResult`, `admission_decision_from_host_gate`, `audit_ledger_entry_digest`, `compose_runtime_admission_result`, `normalize_admission_artifact_refs`, `validate_admission_decision`, `validate_approval_request`, `validate_audit_record`, `validate_audit_ledger_append_result`, `validate_audit_ledger_entry`, `validate_audit_ledger_verification_result`, `validate_policy_decision`, `validate_runtime_admission_result` | Neutral admission/policy/runtime-admission records, bounded audit-ledger port contracts, a JSONL hash-chain development adapter, bounded reference normalization, and gate-summary composition only; host owns policy meaning, approval workflow, live backend behavior, production audit persistence/concurrency, raw evidence storage, SCLite canonicalization, and production trust/key boundaries. |
+| alpha | govengine.admission | `AuditLedgerAppendResult`, `AuditLedgerEntry`, `AuditLedgerPort`, `AuditLedgerVerificationResult`, `GovAdmissionDecision`, `GovApprovalRequest`, `GovAuditRecord`, `GovPolicyDecision`, `JsonlAuditLedgerAdapter`, `RuntimeAdmissionResult`, `admission_decision_from_host_gate`, `audit_ledger_entry_digest`, `audit_ledger_verification_public_summary`, `audit_record_public_summary`, `compose_runtime_admission_result`, `normalize_admission_artifact_refs`, `runtime_admission_public_summary`, `validate_admission_decision`, `validate_approval_request`, `validate_audit_record`, `validate_audit_ledger_append_result`, `validate_audit_ledger_entry`, `validate_audit_ledger_verification_result`, `validate_policy_decision`, `validate_runtime_admission_result`, `validate_runtime_admission_proof_inputs` | Neutral admission/policy/runtime-admission records, bounded audit-ledger port contracts, a JSONL hash-chain development adapter, bounded reference normalization, public-safe projection helpers, proof-input completeness checks, and gate-summary composition only; host owns policy meaning, approval workflow, live backend behavior, production audit persistence/concurrency, raw evidence storage, SCLite canonicalization, and production trust/key boundaries. |
 | alpha | govengine.api | `GovApiError`, `GovApiResult` | Lightweight result/error helpers. |
 | alpha | govengine.boundary | `BoundaryReport`, `DomainProfileConformance`, `DomainProfileContract`, `KernelBoundary`, `boundary_surface_index`, `domain_profile_conformance`, `kernel_boundary_contract`, `kernel_boundary_report`, `known_profile_contracts`, `ravenclaw_profile_contract`, `validate_domain_profile_contract`, `validate_domain_profile_conformance` | Kernel/profile/runtime/SCLite ownership contracts; Ravenclaw contract remains fixture/profile metadata. |
 | alpha | govengine.context | `GovEngineContext`, `GovEnginePaths`, `host_compat_context`, `ravenclaw_context` | Host path/context records; Ravenclaw context remains compatibility fixture metadata. |
@@ -24,6 +24,7 @@ GovEngine is still alpha. This matrix is not a production readiness claim, and i
 | alpha | govengine.deconfliction | `ArtifactChangeOrder`, `ArtifactConflict`, `ConflictDetector` | Digest/state conflict helpers only. |
 | alpha | govengine.events | `EventEnvelope`, `GovEvent`, `validate_event_envelope`, `validate_gov_event` | Transport-neutral event metadata; no carrier payload authority. |
 | alpha | govengine.execution.gate | `DryRunRunner`, `ExecutionGate`, `ExecutionGateInput`, `RunnerProfile` | Dry-run/default-deny execution gate helpers; no live backend ownership. |
+| alpha | govengine.execution.runner_protocol | `runner_receipt_public_summary` | Public-safe runner receipt summary over bounded binding refs and digest counts only; no raw stdout/stderr publication and no execution authority. |
 | alpha | govengine.execution.supervision | `GovRunnerLease`, `GovSupervisionDecision`, `GovSupervisionPlan`, `LocalSubprocessRunnerReadiness`, `evaluate_local_subprocess_runner_readiness`, `runner_lease_from_request`, `supervision_plan_from_runner_request`, `validate_runner_lease`, `validate_runner_receipt_binding`, `validate_runner_receipt_for_request`, `validate_supervised_runner_request`, `validate_supervision_decision`, `validate_supervision_plan` | Runner request, lease, supervision, readiness, and receipt boundary helpers; live subprocess execution remains not applicable until the missing host-owned safety prerequisites are closed. |
 | alpha | govengine.execution_backend | `CommandResult`, `GovExecutionBackend` | Host-neutral backend protocol/result helpers. |
 | alpha | govengine.lifecycle | `ArtifactLifecycleController`, `TransitionGate`, `TransitionPolicy` | Lightweight lifecycle gate/controller helpers; SCLite remains lifecycle authority. |
@@ -32,7 +33,7 @@ GovEngine is still alpha. This matrix is not a production readiness claim, and i
 | alpha | govengine.planning | `GovPlanIntentContract`, `GovTaskContract`, `PlannerPort`, `task_contract_from_host_task`, `validate_plan_intent_contract`, `validate_planner_port`, `validate_task_contract` | Planner-to-runtime contract shapes; no planner implementation ownership. |
 | alpha | govengine.profiles | `CapabilityDeclaration`, `DomainProfile`, `EvidenceRuleDeclaration`, `PlanningStageRegistry`, `PolicyHookDeclaration`, `ProfileConformanceReport`, `ResourceTypeRegistry`, `RunnerProfileDeclaration`, `TaskFamilyRegistry`, `profile_conformance_report`, `ravenclaw_security_profile`, `tecrax_infra_ops_profile`, `validate_domain_profile`, `validate_profile_conformance` | Contract-only domain profile SDK and fixtures; host owns domain semantics. |
 | alpha | govengine.replay | `GuardedBundleRuntimeDecision`, `GuardReplayDecision`, `GuardReplayRecord`, `InMemoryReplayClaimStore`, `ReplayClaimStore`, `evaluate_guard_replay`, `guard_replay_record_from_guard`, `record_guard_replay`, `record_guard_replay_file`, `verify_guard_and_record_replay` | Guarded SCLite root replay freshness over host-supplied store plus a claim-once port and deterministic in-memory development adapter; no HMAC/key ownership, database ownership, or production concurrency guarantee. |
-| alpha | govengine.review | `GovEvidenceClaim`, `GovEvidenceQualification`, `GovEvidenceRequirement`, `GovReviewResult`, `qualify_evidence_claim`, `validate_evidence_claim`, `validate_evidence_qualification`, `validate_evidence_requirement`, `validate_evidence_review_chain`, `validate_review_result` | Receipt-bounded evidence review records; SCLite review bundle authority is not duplicated. |
+| alpha | govengine.review | `GovEvidenceClaim`, `GovEvidenceQualification`, `GovEvidenceRequirement`, `GovReviewResult`, `evidence_claim_public_summary`, `qualify_evidence_claim`, `review_result_public_summary`, `validate_evidence_claim`, `validate_evidence_qualification`, `validate_evidence_requirement`, `validate_evidence_review_chain`, `validate_review_result` | Receipt-bounded evidence review records and public-safe summaries; SCLite review bundle authority is not duplicated and raw evidence stays host-owned. |
 | alpha | govengine.roles | `GovRoleAdapters` | Adapter binding record; no Ravenclaw/OpenClaw dependency. |
 | alpha | govengine.runtime_shell | `GovControlAction`, `GovQueueLane`, `GovQueueSnapshot`, `GovRuntimeSnapshot`, `GovSchedulerTick`, `control_action_from_host_action`, `queue_snapshot_from_lanes`, `validate_control_action`, `validate_queue_snapshot`, `validate_runtime_snapshot`, `validate_scheduler_tick` | Host-provided runtime shell projection; no scheduler/storage/live-execution authority. |
 | alpha | govengine.sclite_contracts lazy exports | `GovSCLiteLifecycleVerifier`, `review_bundle_state`, `review_bundle_transition_decision`, `review_sclite_bundle`, `verify_lifecycle_manifest` | Lazy SCLite bridge exports; SCLite owns lifecycle and review verification. |
@@ -47,7 +48,7 @@ GovEngine is still alpha. This matrix is not a production readiness claim, and i
 Current summary:
 
 - stable exports: 0
-- alpha exports: 180
+- alpha exports: 187
 - fixture exports: 4
 - deprecated exports: 0
 - internal-exposed exports: 0

docs/ROADMAP_COMPLETION_AUDIT.md

@@ -0,0 +1,147 @@
+# GovEngine Roadmap Completion Audit
+
+Date: 2026-06-14.
+
+Scope: close the active GovEngine hardening roadmap at the repository level
+without using Signposter, mutating issues, publishing packages, enabling live
+execution, or moving host-specific behavior into GovEngine.
+
+## DAG Reduction
+
+The open issue graph is larger than a linear implementation plan and several
+issue chains duplicate the same runtime boundary. The first pass over-reduced
+the graph to the tail. The corrected repository batch collapses the eligible
+GOV nodes into these implementation clusters:
+
+- guarded replay and SCLite delegation/import boundaries;
+- approved execution fail-closed normalization;
+- runtime admission schema/versioning, proof-input checks, and public
+  summaries;
+- runner receipt, review, and audit public projections;
+- inspect-only admission bounds and stable failure exits;
+- read-only runner receipt and audit-ledger verifier scripts;
+- API stability matrix, public truth, release gates, downstream smoke guidance,
+  and security integration documentation.
+
+`GOV-S001` is intentionally not executed in this repository batch. It is a
+cross-repo SCLite transition task whose acceptance criteria require Signposter
+status, scheduler, worktree, and dry-run lifecycle commands. That path is not
+eligible under the current operator boundary.
+
+## Completed Evidence
+
+Implemented code and tests:
+
+- `approved_execution_steps()` now rejects malformed execution steps,
+  missing tools, and missing/non-list args instead of silently dropping them.
+- runtime admission, audit records, audit ledger entries, guard replay records,
+  runner requests, and runner receipts carry explicit schema-version handling
+  with legacy compatibility where needed.
+- `validate_runtime_admission_proof_inputs()` checks that an allowed admission
+  carries guarded-strict, replay-freshness, trust, ticket, runner-profile,
+  receipt-obligation, and bounded artifact-reference inputs without claiming to
+  verify SCLite, signatures, policy meaning, or execution authority.
+- `runtime_admission_public_summary()`,
+  `runner_receipt_public_summary()`, `audit_record_public_summary()`,
+  `audit_ledger_verification_public_summary()`,
+  `evidence_claim_public_summary()`, and `review_result_public_summary()`
+  expose bounded public projections without raw evidence/output metadata.
+- `scripts/inspect_runtime_admission.py` remains read-only and now rejects
+  oversized inputs before parsing.
+- SCLite integration tests assert the production import allowlist and guarded
+  replay delegation into `sclite.secure.verify_secure_bundle()`.
+- `scripts/verify_runner_receipt_binding.py` verifies existing request,
+  receipt, admission, and ticket references through
+  `validate_runner_receipt_binding()`. It never generates runner requests,
+  executes work, stores raw evidence, or contacts targets.
+- `scripts/verify_audit_ledger.py` verifies an existing development JSONL audit
+  ledger through `JsonlAuditLedgerAdapter.read()` and `.verify()`. It never
+  appends or rewrites ledger files.
+- `tests/test_operator_verifier_scripts.py` covers successful receipt binding,
+  tampered receipt binding, valid ledger verification, one-field ledger tamper,
+  malformed JSONL, and deleted-line detection.
+
+Documentation and release gates:
+
+- `docs/SECURITY_INTEGRATION.md` records the required security integration
+  order, production non-claims, and development-only helpers.
+- `docs/API_STABILITY_MATRIX.md` classifies the new public projection and
+  proof-input helpers.
+- `scripts/validate_public_truth.py` now requires the security integration
+  document as part of the MVP public docs.
+- `docs/VALIDATION.md` now records exact CLI shapes, JSON inputs, bounded
+  outputs, forbidden behavior, stable exit codes, next-alpha readiness checks,
+  no-open-P0/P1 security finding requirement, and downstream smoke ownership.
+- `PUBLISHING.md` now requires release reviewers to classify SCLite released
+  line, SCLite main, and host contract smokes without importing host runtimes
+  into GovEngine.
+- `CHANGELOG.md` records the new verifier and release-readiness work under
+  Unreleased.
+
+## Boundary Audit
+
+Confirmed retained non-claims:
+
+- no live runner, daemon, scheduler, queue, sandbox, or worker loop was added;
+- no PKI, CA, KMS, HSM, key storage, or credential management was added;
+- no SCLite schema, canonicalization, lifecycle, scoped-ticket, or review
+  verdict logic was cloned;
+- no Ravenclaw, Tecrax, carrier, credential, target, command, raw prompt, raw
+  stdout/stderr, or raw evidence behavior entered GovEngine production code;
+- audit ledger verification remains a development JSONL smoke over bounded
+  records, not a production persistence, locking, retention, or concurrency
+  implementation;
+- receipt verification remains a binding check over supplied references, not
+  execution authority.
+
+## Validation Evidence
+
+Local validation required before merge:
+
+```bash
+ruff check .
+env PYTHONDONTWRITEBYTECODE=1 python3 scripts/validate_public_truth.py
+env PYTHONDONTWRITEBYTECODE=1 python3 scripts/validate_alpha_readiness.py
+env PYTHONDONTWRITEBYTECODE=1 python3 -m pytest -q -p no:cacheprovider
+git diff --check
+```
+
+Package/release validation required before any tag or upload:
+
+```bash
+python scripts/validate_clean_package_install.py \
+  --venv /tmp/govengine-clean-release \
+  --dev \
+  --sclite-source /path/to/SCLite \
+  --no-editable
+python -m build
+python -m twine check dist/*
+```
+
+CI evidence is the repository workflow `.github/workflows/pytest.yml`: it runs
+public truth, alpha readiness, full pytest across Python 3.11, 3.12, and 3.13,
+plus package dry-run build, `twine check`, wheel install, and isolated
+`pip check`. Branch or PR CI should be treated as required merge evidence.
+
+## Remaining Risks
+
+- Beta readiness is not an automatic claim. A human maintainer must approve any
+  beta, RC, 1.0, PyPI upload, public tag, or production-readiness statement.
+- A P0/P1 security finding blocks release even when local tests pass.
+- Downstream Ravenclaw/Tecrax smoke failures are host integration risks and
+  should be fixed in host adapters or contract boundaries, not by importing
+  host behavior into GovEngine core.
+- SCLite main compatibility is useful during coordinated dependency waves but
+  should not block unrelated GovEngine patch releases unless the target release
+  updates the SCLite dependency line.
+
+## Decision
+
+GovEngine is ready for a maintainer-reviewed next-alpha stabilization PR after
+local validation and branch/PR CI pass. It is not yet beta-ready without a
+human gate confirming security issue state, downstream smoke policy, release
+scope, and package publication intent.
+
+First eligible next roadmap task after this batch: maintainer review of the
+next-alpha stabilization PR and explicit decision on whether to run the SCLite
+transition outside this GovEngine batch.