This bundle is the compact attachable evidence page for the Sigra Hex 1.0.0 launch. It routes to canonical proof and states proof boundaries; it does not duplicate the full release runbook, UAT matrix, or demo walkthrough.
What this bundle covers
- Release gate status and waiver rules.
- Docs warnings-as-errors posture.
- UAT-to-CI coverage boundaries.
- Published-consumer upgrade smoke posture.
- Demo screenshot and evaluator proof.
- Known limitations and proof boundaries.
- Post-publish facts that cannot exist before the real Hex release.
- HexDocs and source-link truth.
Evidence table
| Evidence area | Canonical source | Status before publish | Post-publish action |
|---|---|---|---|
| Release gate matrix | Release runbook v1.0 (docs/release-runbook-v1-0.md) | Gate list, ref rules, required evidence, and waiver fields are defined | Fill release-ref run URLs and waiver rows, if any |
| Existing evidence router | GA evidence and audit posture (docs/ga-evidence.md) | Existing router defines canonical release-evidence surfaces and pinned-link policy | Keep this launch bundle aligned with the existing evidence router |
| Docs warnings-as-errors | Release runbook dry-run and package inspection (docs/release-runbook-v1-0.md) | mix docs --warnings-as-errors is a required publish blocker | Attach release-ref command or CI log |
| UAT-to-CI mapping | UAT versus CI coverage (docs/uat-ci-coverage.md) | Machine-vs-human proof boundaries are documented | Link final release-ref CI jobs where applicable |
| Upgrade smoke | Upgrading to v1.0 (guides/introduction/upgrading-to-v1.0.md) and upgrade proof | CI / upgrade_smoke plus scripts/ci/upgrade-smoke.sh define the published-consumer lane | Attach release-ref upgrade_smoke run URL |
| Demo screenshot proof | Demo Showcase (guides/introduction/demo-showcase.md) | Committed screenshots and seeded personas document evaluator proof and limitations | Keep screenshots tied to the release tag |
| Known limitations | Sigra 1.0 contract, Demo proof boundary, and this page | Non-goals and residual proof boundaries are explicit | Re-check launch copy did not add unsupported claims |
| Hex visibility | Release runbook post-publish visibility | Placeholder only | Replace POST_PUBLISH_HEX_VISIBILITY_URL after Hex shows 1.0.0 |
| HexDocs/source-link truth | Release runbook post-publish visibility and mix.exs source_ref: "v#{@version}" | Placeholder only | Replace POST_PUBLISH_HEXDOCS_VERSION_URL after docs and source links resolve |
| GitHub Release | Release runbook evidence commands | Placeholder only | Replace POST_PUBLISH_GITHUB_RELEASE_URL after the release exists |
| Release-ref CI URLs | Release runbook evidence checklist | Placeholder only | Replace POST_PUBLISH_RELEASE_REF_CI_URLS with final run URLs |
| Waivers | Release runbook gate matrix | No waiver is assumed by this bundle | Any waiver must record gate, reason, approver, evidence URL, and expiry |
Post-publish placeholders
These tokens are intentionally exact. Do not replace them until the real public release fact exists:
POST_PUBLISH_HEX_VISIBILITY_URLPOST_PUBLISH_HEXDOCS_VERSION_URLPOST_PUBLISH_GITHUB_RELEASE_URLPOST_PUBLISH_RELEASE_REF_CI_URLS
Pinned release-link policy
For release proof hosted outside the Hex package tarball, use pinned v1.0.0 links instead of main blob URLs. In other words: do not use main blob URLs for release evidence. This applies to GitHub-hosted planning artifacts, run logs, screenshots, and any release evidence that would otherwise drift after the release.
Hex package contents and HexDocs pages can use their own package-version URLs once published. GitHub source proof should point at the release tag.
What this does not prove
This launch evidence does not prove:
- Compliance certification.
- Live provider certification.
- Host deployment warranty.
- Hosted control plane behavior.
- A guarantee over generated-host local modifications after an application changes emitted code.
- Exhaustive behavior of real mail clients, live OAuth providers, tenant-specific policy, or every host deployment topology.
Those boundaries are compatible with the Sigra 1.0 release. They keep the evidence bundle honest about what is machine-proven, what is release-proven, and what remains host-owned.