Status: ✅ CONDITIONAL GO — All hard gates passed, ready for production.
Use this document to verify the release is working correctly.
# 1. Install dependencies
pnpm install
# 2. Run critical path tests
npx vitest run packages/auth/src apps/control-service/test/smoke.test.ts apps/control-service/test/regression.test.ts apps/control-service/src/alerts/
# Expected: ✅ 110+ tests passingnpx vitest run packages/auth/src
# Tests to verify:
# ✓ Execution token verification (22 tests)
# ✓ InsForge token verification (8 tests)
# ✓ Session management (3 tests)
# ✓ Governance gates (64+ tests in packages/governance/)What it tests: JWT validation, token expiration, scope matching, role-based permissions
# Smoke Tests (API endpoints)
npx vitest run apps/control-service/test/smoke.test.ts
# Expected: 16/16 passing
# Tests: Health endpoint, auth flow, runs endpoints, gates, deprecated routes# Regression Tests (backward compatibility v1.2.0 → v1.3.0)
npx vitest run apps/control-service/test/regression.test.ts
# Expected: 28/28 passing
# Tests: Session management, error handling, concurrent requestsnpx vitest run apps/control-service/src/alerts/
# Expected: 20/20 passing
# Tests: Alert rules, error tracking, P0 severity handlingWhat it tests: 5 critical alert rules (5xx burst, auth failures, DB pool, Redis unavailable, timeout spike)
If running locally with Docker Compose:
docker compose up -d
# Wait for startup (30 seconds)
sleep 30
# Health check
curl http://localhost:7474/health
# Expected: { "status": "healthy", "version": "1.3.0" }
# Readiness check
curl http://localhost:7474/ready
# Expected: { "status": "ready", "checks": { "database": true, "redis": true } }
# Metrics
curl http://localhost:7474/metrics
# Expected: Prometheus format output| Gate | Component | Count | Status | Command |
|---|---|---|---|---|
| 1 | Auth (JWT) | 33 | ✅ | npx vitest run packages/auth/src/ |
| 1 | Governance | 64+ | ✅ | npx vitest run packages/governance/src/ |
| 2 | Smoke | 16 | ✅ | npx vitest run apps/control-service/test/smoke.test.ts |
| 2 | Regression | 28 | ✅ | npx vitest run apps/control-service/test/regression.test.ts |
| 3 | Alerts | 20 | ✅ | npx vitest run apps/control-service/src/alerts/ |
| 3 | Observability | 13 | ✅ | npx vitest run packages/observability/src/ |
| TOTAL | 174+ | ✅ |
Critical Path (Gates 1–3): 110 tests ✅ PASSING
# Verify: Service won't start without CKU_SERVICE_ACCOUNT_SECRET
unset CKU_SERVICE_ACCOUNT_SECRET
npm run cku /ck-run
# Expected: Error: "CKU_SERVICE_ACCOUNT_SECRET not configured"# Verify: Expired tokens rejected with 401
cd apps/control-service
npm test -- verify-execution-token.test.ts
# Expected: "should reject expired execution token" passes# Verify: Audit logs survive restart
# 1. Create a run (generates audit hash)
# 2. Restart service
# 3. Verify hash chain is preserved in databaseEssential docs should be present and current:
# Check files exist
ls -la *.md docs/*.md docs/06_validation/*.md
# Expected files:
✓ README.md # Project overview
✓ CHANGELOG.md # v1.3.0 release notes
✓ DEVELOPMENT.md # Setup & development guide
✓ CONTRIBUTING.md # Contribution workflow
✓ docs/ARCHITECTURE.md # System architecture
✓ docs/06_validation/GO_NO_GO_CHECKLIST.md # Release gates status
✓ docs/06_validation/RELEASE_SUMMARY_V1.3.0.md # Release decisiondocker compose up -d
# Brings up: postgres:16, redis:7, control-servicekubectl apply -f k8s/
# Deploys: Deployment (2 replicas), Service, HPA, ConfigMap# Database
DATABASE_URL=postgresql://user:pass@host:5432/cku
# Cache & Sessions
REDIS_URL=redis://host:6379
# Security
CKU_SERVICE_ACCOUNT_SECRET=your-32-byte-secret-here
# Optional
NODE_ENV=production
LOG_LEVEL=info
PORT=8080Expected metrics after npm run cku /ck-run:
Health Endpoint: <5ms
Readiness Endpoint: <10ms (includes DB/Redis checks)
Metrics Endpoint: <20ms
Auth Endpoint: <50ms (with JWT validation)
Gate Approval: <100ms (with DB write)
Monitor with:
curl http://localhost:7474/metrics | grep http_request_duration_seconds- Require
DATABASE_URLenvironment variable - Require PostgreSQL 16+ and Redis 7+ running
- Skip with Docker if not available
- Require browser environment (localStorage)
- Currently skipped in Node.js test environment
- Run separately in web context
If production issues occur:
# 1. Trigger rollback (documented in docs/ROLLBACK.md)
./scripts/rollback.sh v1.2.0
# 2. Monitor logs
kubectl logs -f deployment/cku-control-service
# 3. Verify health
curl http://service-address/healthSee docs/ROLLBACK.md for detailed steps.
| Role | Status | Date | Notes |
|---|---|---|---|
| Engineering | ✅ Ready | 2026-04-05 | All hard gates passed |
| Security | ✅ Ready | 2026-04-05 | 46 security tests passing |
| Operations | ✅ Ready | 2026-04-05 | Monitoring configured, alert rules active |
| Product | 🔄 Conditional | TBD | Sign-off pending (post-release follow-up) |
# Merge to main
git checkout main
git merge --ff-only origin/claude/release-priority-blocker-O7qoe
# Tag release
git tag -a v1.3.0 -m "v1.3.0: CONDITIONAL GO — All hard gates passed"
git push origin main --tags
# Deploy (example: Vercel, AWS, or internal K8s)
# [Your deployment command here]- Verify production health endpoint responding
- Check alert system receiving events
- Confirm audit logs writing to database
- Review error logs for any P0 issues
- Obtain PO sign-off on feature completeness
- Generate OpenAPI 3.1 spec
- Update README and quickstart
- Issues: https://github.com/eybersjp/code-kit-ultra/issues
- Discussions: https://github.com/eybersjp/code-kit-ultra/discussions
- Documentation: See
docs/directory - Architecture:
docs/ARCHITECTURE.md
Release Branch: claude/release-priority-blocker-O7qoe
Status: ✅ CONDITIONAL GO
Ready: Yes, deploy immediately