Validation profile
Covenant is validated as local-first infrastructure for autonomous software engineering systems. The profile below describes the operating surfaces, evidence model, and live boundary checks used to keep the daemon, CLI, policy, memory, audit, and provenance layers accountable.
Operating surfaces
- Rust workspace with daemon, CLI, IPC, HTTP, runtime, memory, permissions, audit, identity, peer-auth, MCP, A2A, budget, and local settlement crates.
- Local workflows for intent dispatch, capabilities, peers, memory, audit, A2A, tools, receipts, chain status, and verification.
- Trusted-local subprocess execution, fail-closed sandbox-required manifests, and opt-in Linux gVisor validation where host prerequisites are met.
- Autonomy task records, transition events, project memory, live coverage matrix, identity guards, and commit-scoped provenance envelopes.
Evidence
Validation records the commit, supported host assumptions, command results, capability status, live coverage, runtime security boundary, provenance envelope, and any audit-root attestation generated for the candidate.
Alpha candidates use the read-only release evidence helper to capture the commit, branch, dirty-file count, recommended gates, and non-claims. Evidence is accepted only after the listed gates are run and recorded in a release bundle.
node agent-os/scripts/alpha-release-evidence.mjs
bash agent-os/scripts/validate.sh --quick
node agent-os/scripts/validate-autonomy.mjs
node agent-os/scripts/validate-live-coverage.mjs
node agent-os/scripts/validate-git-identity.mjs
node agent-os/scripts/provenance.mjs verify-all
pnpm --dir landing build
git diff --checkRelated
- Alpha release contract — source alpha boundary and release evidence bundle.
- Security model — current trust boundary.
- Live coverage — real-boundary validation matrix.
- Provenance — release evidence path.