SDK Evidence Path evidence
Use this page when an internal app developer or reviewer needs to understand how the App SDK path is proven without reading the GitHub docs directly.
Current Proof
The current non-mutating proof is contract-mode SDK smoke for the reference apps:
APP_SDK_SMOKE_APP_SLUG=jupyterlab scripts/ops/app_sdk_launch_connect_decommission_smoke.sh
APP_SDK_SMOKE_APP_SLUG=vllm-openai scripts/ops/app_sdk_launch_connect_decommission_smoke.sh
The smoke validates:
| Area | What is proven |
|---|---|
| Manifest contract | supported fixture expresses profile, artifact, resources, storage, network, execution, outputs, and validation fields |
| Launch | SDK can submit the app launch request with project context and idempotency key |
| Connect | SDK can read app instance details and discover active route endpoints |
| Decommission | SDK can call the app decommission path |
The emitted evidence includes invariant IDs:
APP-CONTRACT-001APP-LAUNCH-001APP-CONNECT-001APP-DECOMMISSION-001
Evidence Files
Local runs write JSON under:
tmp/app-sdk-smoke/
Expected files:
jupyterlab-launch-connect-decommission.json
vllm-openai-launch-connect-decommission.json
Each file records the app slug, manifest path, contract mode, checks, endpoint summary, invariant IDs, and explicit live-runtime follow-up flags.
What Is Still Not Proven
Contract-mode smoke does not prove live runtime behavior. L2 operational proof still requires live launch/connect/decommission evidence in kind or dev.
| Gap | Needed evidence |
|---|---|
| Runtime status | app instance reaches expected runtime state in a real environment |
| Route readiness | browser/API connect endpoint becomes reachable without query-string tokens |
| Failure handling | app-auth failure, upstream unavailable, missing route, unavailable artifact, and timeout render product-owned errors |
| Platform evidence | launch/connect/decommission output is attached to platform evidence/status |
| Audit/billing/artifact posture | audit rows, billing attribution or explicit non-billable decision, and artifact trust state are visible |
Use the guarded live smoke only against an approved kind/dev target:
APP_SDK_LIVE_SMOKE_ALLOW_MUTATION=1 scripts/ops/app_sdk_live_launch_connect_decommission_smoke.sh
Without APP_SDK_LIVE_SMOKE_ALLOW_MUTATION=1, the script exits before creating
resources. With mutation enabled, it submits the app launch, waits for an active
connect route, and attempts app decommission cleanup before exit.
Visibility Assumption
This page is internal for now because it links readiness state and local evidence paths. The public or partner version should keep the SDK workflow and manifest model, but omit internal Fairway state, local temp paths, and incomplete operational-proof claims.