01
Draft coverage
Coverage plan is ready to circulate internally.
Deployment readiness
Heavier rollout gates live under Readiness.
This page is now a readiness detail view, not a public top-level destination. Teams can prepare one production-bound boundary path while production rollout remains an explicit, reviewable operator step.
StartPrepare one path.
ReadinessCheck can continue / blocked / missing.
Readiness dataMachine-readable posture.
02
Security review
Security reviewer can approve deployment scope.
03
Staging validation
Staging behavior matches the generated coverage plan.
04
Production deployment
Boundary path is live and signed-result verification remains stable.
Deployment gates
What must be true before production.
Draft coverage
Platform or risk owner
ExitCoverage plan is ready to circulate internally.
Draft coverage
Platform or risk owner
Exit
Coverage plan is ready to circulate internally.
- One primary boundary path is mapped.
- Authority context and authority source are named.
- Generated boundary object is reviewed by platform/risk stakeholders.
- Expansion moves are captured as draft coverage, not custom one-off work.
Security review
Security owner and Craton operator
ExitSecurity reviewer can approve deployment scope.
Security review
Security owner and Craton operator
Exit
Security reviewer can approve deployment scope.
- Production database and self-service draft database are separated.
- API keys, signing keys, and database URLs are configured through environment variables.
- Readiness data confirms production_write_from_self_service=false.
- No credentials or private keys are exposed in docs, UI, API output, or logs.
Staging validation
Integration engineer
ExitStaging behavior matches the generated coverage plan.
Staging validation
Integration engineer
Exit
Staging behavior matches the generated coverage plan.
- Integration payload is tested against staging or non-critical environment.
- Signed result contains commitment_id, kid, sig_alg, signature, and verdict.
- Public key route can verify signed result material independently.
- Self-service smoke test and boundary smoke test pass against the selected environment.
Production deployment
Named business owner plus platform owner
ExitBoundary path is live and signed-result verification remains stable.
Production deployment
Named business owner plus platform owner
Exit
Boundary path is live and signed-result verification remains stable.
- Production partner, unit, gate, system, and authority scope are approved.
- Rollback owner and incident channel are confirmed.
- SLA and support expectations are documented.
- Deployment is performed as an explicit operator action, not by the draft request itself.
Operating rule
Self-service
Compose, preview, save, and request review for the first deployment stage.
Production
Activated only after owner, environment, security, SLA, smoke test, rollback, and support gates pass.
Boundary
No self-service draft action writes to formal runtime boundary tables or changes receipt verification logic.