Release Evidence designed

Production promotion should be based on one immutable source SHA and a durable evidence packet. The release branch is a promotion branch, not a development surface.

Evidence Packet Contents

• Contract validation and breaking-change report.
• Backend, frontend, integration, migration, and workflow test results.
• Security scan results and approved exceptions with owner and expiry.
• SBOM, image signing, provenance, and artifact trust evidence.
• UAT persona evidence or approved exception per required journey.
• Authz, tenant/project isolation, terminal/token replay, and node-agent evidence.
• Rollback proof, release approver, and residual-risk record.

Promotion Discipline

Fix on the source branch, merge to master, promote one exact SHA to release/platform-control, and deploy from the frozen release candidate.

Related Custody Model

Release evidence is one part of a larger custody posture. Financial changes, privileged mutations, runtime proof, and rollback proof all need the same correlation-first discipline. See Evidence, Audit, Billing, And Release Custody.

Canonical sources

• doc/governance/Platform_Control_Release_Promotion_Policy.mdraw
• doc/operations/GPUaaS_Security_CD_Current_State_Gap_Roadmap_v1.mdraw
• doc/Release_Go_NoGo_Checklist.mdraw