Skip to content

docs(pointer): surface artifact-bound evidence in audit#69

Merged
rogu3bear merged 1 commit into
mainfrom
docs/north-star-manual-evidence-binding
May 12, 2026
Merged

docs(pointer): surface artifact-bound evidence in audit#69
rogu3bear merged 1 commit into
mainfrom
docs/north-star-manual-evidence-binding

Conversation

@rogu3bear

Copy link
Copy Markdown
Owner

Summary

  • make the North Star audit checklist explicitly name artifact-bound human release evidence
  • call out that final manual evidence must match the same DMG digest, commit, release tag, mounted app identity, app version/build, and executable SHA-256
  • cover the stricter audit checklist in IdentityTests

Scope

  • original macOS app North Star audit only
  • no website surface
  • no public distribution metadata

Verification

  • swift test --package-path apps/macos --filter IdentityTests/testNorthStarAuditGateBuildsPromptToArtifactChecklist
  • make -C apps/macos north-star-audit NOTARY_PROFILE="notarization" (expected failure after printing the stricter checklist and passing app/root guards)
  • swift test --package-path apps/macos
  • ./scripts/check-monorepo-references.sh && ./scripts/check-website-boundary.sh && ./scripts/check-distribution-boundary.sh && ./scripts/check-compatibility-boundary.sh && ./scripts/check-local-first.sh && ./scripts/check-app-ui-contract.sh
  • git diff --check

Known Remaining Release Blockers

  • notarization profile credentials are still required
  • signed DMG still needs notarization and stapling
  • Gatekeeper acceptance must pass for app and DMG
  • stable release metadata and final manual evidence must be produced only after the Gatekeeper-accepted candidate exists

@kilo-code-bot

kilo-code-bot Bot commented May 12, 2026

Copy link
Copy Markdown

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)
  • apps/macos/Scripts/north-star-audit.sh - 0 issues
  • apps/macos/Tests/PointerDesignerTests/IdentityTests.swift - 0 issues

Reviewed by grok-code-fast-1:optimized:free · 98,776 tokens

@rogu3bear rogu3bear merged commit 7f742b6 into main May 12, 2026
3 checks passed
@rogu3bear rogu3bear deleted the docs/north-star-manual-evidence-binding branch May 12, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant