Skip to content

Add release/package evidence mapping for SourceOS product packaging surfaces#2

Draft
Copilot wants to merge 7 commits intomainfrom
copilot/add-release-package-evidence
Draft

Add release/package evidence mapping for SourceOS product packaging surfaces#2
Copilot wants to merge 7 commits intomainfrom
copilot/add-release-package-evidence

Conversation

Copy link
Copy Markdown

Copilot AI commented May 7, 2026
edited
Loading

This PR makes homebrew-tap the distribution evidence surface for SourceOS packaging while keeping runtime/policy authority in source repos. It adds explicit release operation coverage, artifact evidence records, and traceability links across all required product surfaces.

  • Release evidence model (operation-plane compatible)

    • Added release-evidence/workspace-operations.json with:
      • required operation types: release.package.prepare, release.formula.update, release.checksum.verify, release.evidence.attach, release.rollback.record
      • integration target links
      • per-surface release evidence records for:
        • SourceOS-Linux/BearBrowser
        • SourceOS-Linux/agent-machine
        • SourceOS-Linux/TurtleTerm
        • SourceOS-Linux/sourceos-devtools
        • SourceOS-Linux/sourceos-syncd
    • Each record includes package formula, checksum record, release note, rollback note, build/test evidence link, source commit reference, and provenance reference.

  • Packaging surfaces updated to carry evidence links

    • Updated caveats in existing package definitions:
      • Formula/agent-machine.rb
      • Formula/bearbrowser.rb
      • Casks/bearbrowser.rb
    • Caveats now expose release evidence/checksum/rollback references directly at install time.

  • Missing product surfaces bootstrapped

    • Added formula scaffolds:
      • Formula/turtleterm.rb
      • Formula/sourceos-devtools.rb
      • Formula/sourceos-syncd.rb
    • These provide packaging entry points and evidence linkage without introducing runtime governance behavior in this repo.

  • Governance boundary documented

    • Added README.md describing evidence mapping and the hard rule: packaging/distribution here must not bypass source-repo contracts, tests, or policy gates.
# Example pattern used in formulas
RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json"

def caveats
  <<~EOS
    Release package evidence:
      #{RELEASE_EVIDENCE_RECORD}
    Checksum record:
      #{RELEASE_EVIDENCE_RECORD}
    Rollback note:
      #{RELEASE_EVIDENCE_RECORD}
  EOS
end

Copilot AI linked an issue May 7, 2026 that may be closed by this pull request
Add release/package operation evidence for SourceOS product surfaces #1
Open
Copilot AI and others added 6 commits May 7, 2026 06:37
@mdheller
Add release evidence mapping and package scaffolds for SourceOS produ…
b99f282 
…ct surfaces

Agent-Logs-Url: https://github.com/SourceOS-Linux/homebrew-tap/sessions/7eb3ee96-a737-4dab-8f12-a8edcc214a49

Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com>
@mdheller
Align BearBrowser cask evidence metadata naming
fceb1bb 
Agent-Logs-Url: https://github.com/SourceOS-Linux/homebrew-tap/sessions/7eb3ee96-a737-4dab-8f12-a8edcc214a49

Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com>
@mdheller
Refine evidence metadata constants and cask variable style
e4bdfdb 
Agent-Logs-Url: https://github.com/SourceOS-Linux/homebrew-tap/sessions/7eb3ee96-a737-4dab-8f12-a8edcc214a49

Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com>
@mdheller
Simplify BearBrowser cask evidence links to inline values
5609a77 
Agent-Logs-Url: https://github.com/SourceOS-Linux/homebrew-tap/sessions/7eb3ee96-a737-4dab-8f12-a8edcc214a49

Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com>
@mdheller
Deduplicate BearBrowser cask evidence link with file-level constant
7fcb171 
Agent-Logs-Url: https://github.com/SourceOS-Linux/homebrew-tap/sessions/7eb3ee96-a737-4dab-8f12-a8edcc214a49

Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com>
@mdheller
Align cask evidence constant scope and structure packageFormula record
4b8306e 
Agent-Logs-Url: https://github.com/SourceOS-Linux/homebrew-tap/sessions/7eb3ee96-a737-4dab-8f12-a8edcc214a49

Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com>
Copilot AI changed the title [WIP] Add release/package operation evidence for SourceOS product surfaces Add release/package evidence mapping for SourceOS product packaging surfaces May 7, 2026
Copilot AI requested a review from mdheller May 7, 2026 06:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdheller mdheller Awaiting requested review from mdheller

Assignees

@mdheller mdheller

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add release/package operation evidence for SourceOS product surfaces

2 participants

@mdheller