#Production Readiness Evidence Pack
Version: 0.51.0 release Updated: 2026-06-04 Applies to: ranvier, ranvier-core, ranvier-runtime, ranvier-http, ranvier-audit, CLI, Studio Server, docs/web Category: Guides
This report packages the M401-M408 backend hardening work into a production-adopter evidence view. It is not a 1.0 release-candidate declaration. It separates proven current capability from beta, experimental, and unresolved 1.0-entry work.
#1. Current Decision
| Decision | Result | Reason |
|---|---|---|
| Continue the 0.51.0 production hardening line | Go | Core/runtime/http gates, CLI gates, Studio Server dogfooding, docs/web sync, and release gates are reproducible. |
| Start a formal 1.0 readiness discussion | Conditional Go | The required evidence shape now exists, but blockers must be assigned before an RC plan is credible. |
| Ship a 1.0 release candidate | No-Go | Published crate baseline, warning policy, persistence semantics, and full publish preflight are not yet closed at RC quality. |
#2. Version And Support Matrix
| Surface | Current baseline | Support state | Production claim |
|---|---|---|---|
| Ranvier Rust workspace | 0.51.0 release | Published stable 0.x line | Core identity and selected adapters are validated; v1.0 RC is not open. |
| Latest published crates.io line | 0.51.0 | Stable published line | CLI templates target this line by default. |
| CLI | 0.8.0 | Active | Local check/test and projection/template smoke pass against local 0.51.0 core. |
| Studio Server | 0.19.0 | Active successor to Studio Desktop | Dogfoods local Ranvier 0.51.0 crates; backend/frontend smoke pass. |
| Studio Desktop | 0.2.0 frozen | Frozen | Not a forward production-readiness gate. |
| Web/docs | publish branch | Active | Docs sync, check, and build gates must pass after guide changes. |
| VSCode extension | independent 0.0.x line | Release-ready tooling track | Version is intentionally not locked to Ranvier core. |
#3. Stable API Tier
The stable identity surface is:
Transition<I, O>Outcome<T, E>BusSchematic- core Axon composition and execution entry points
- supported HTTP ingress and low-level
RanvierServiceegress mapping
Runtime retry, timeout, DLQ, Saga compensation, persistence, Inspector, OpenAPI, compliance, and guard helpers remain supported but not all are frozen at stable tier. See api_stability_contract_v1.md for the tier policy.
#4. Runtime Failure Semantics
Production failure must be represented as one of:
Outcome::Fault(E)for business or recoverable transition failure;- typed error values and RFC 7807 HTTP problem responses at adapter boundaries;
- structured operational events for manual intervention and audit logging;
- explicit fail-fast only for configured bootstrap or invariant failures.
M402 removed unclassified production panic surfaces, and M407 moved runtime audit logging behind the core AuditLogger port so operational audit extensions do not become hidden runtime dependencies.
#5. Security And Operational Defaults
Current production-default posture:
- Studio Server fails closed in
RANVIER_MODE=produnless auth token and CORS policy are explicit, or an insecure local exception is acknowledged. - Inspector is opt-in from runtime and must not be enabled as an unauthenticated public production surface.
CorsGuard::permissive()is a development convenience, not a production default.XorEncryptionremains deprecated and excluded from production guidance.- audit logging is available through
ranvier-audit, while runtime depends only on the core audit logger port.
#6. Evidence Matrix
| Evidence | Command | Result |
|---|---|---|
| Release local gate | powershell -ExecutionPolicy Bypass -File scripts\release_gate_bundle.ps1 -Profile all -LocalChecksOnly -NoAllowDirty |
Pass, 8/8 local checks |
| HTTP API smoke | cargo test -p ranvier-http readiness_liveness_split_supports_custom_checks -- --exact |
Pass |
| Persistence smoke | cargo test -p ranvier-runtime persistence::tests::append_and_load_roundtrip -- --exact |
Pass |
| Audit adapter smoke | cargo test -p ranvier-audit tests::audit_logger_records_core_intervention_events -- --exact |
Pass |
| CLI projection smoke | powershell -ExecutionPolicy Bypass -File scripts\smoke_projection_from_example.ps1 from cli/ |
Pass |
| CLI template smoke | cargo test templates_metadata_covers_all_generators from cli/ |
Pass |
| Studio Server backend | release local gate studio-server cargo check and studio-server cargo test |
Pass |
| Studio Server frontend | npm run build, npm test from studio-server/frontend/ |
Pass |
Detailed evidence is stored in docs/05_dev_plans/evidence/m408_readiness_evidence_20260604.md and docs/05_dev_plans/evidence/release_gate_bundle_all_20260604_051335.{log,json}.
#7. Example And Reference Support
Supported examples are a product surface, but support is tiered:
| Tier | Claim |
|---|---|
| Reference | Production-shaped patterns that should stay buildable and documented. |
| Supported demo | Maintained examples that validate a supported API or operational behavior. |
| Lab/experimental | Useful learning or exploration artifacts; not production claims. |
| Archived/frozen | Historical context only; not a forward gate. |
M406 rationalized example tiers and removed stale production-signal ambiguity. Future deletion or promotion should be based on M408 evidence gates, not on example count alone.
#8. 1.0 Entry Gate
Required green gates before opening a 1.0 RC plan:
- publishable crate clippy and minimal feature builds pass without warnings treated as blockers;
- clean-checkout release local gate passes from the root workspace;
- full publish dry-run and crates.io wave planner pass for the target version;
- API tier review is complete crate by crate, with stable/beta/experimental markings reflected in docs;
- persistence recovery semantics are documented with production limitations and migration behavior;
- security/deprecation policy has named owners and current dates;
- docs and web mirrors are synchronized and buildable.
Current unresolved blockers:
| Blocker | Why it blocks 1.0 RC |
|---|---|
| Full 1.0 API tier freeze is not complete | Stable/beta/experimental markings still need crate-by-crate owner sign-off before RC. |
| Workspace warning policy must stay enforced beyond publishable crates | RC gate should keep examples either warning-clean or explicitly classified by support tier. |
| Persistence remains beta in API contract | Long-running workflow semantics need final production limits before stable freeze. |
| Full publish dry-run was not executed in M408 | Local gate is enough for M408 evidence, not enough for RC publication. |
| External observability and security audit cadence is not yet automated | RC governance needs recurring proof, not one-off evidence. |
Acceptable experimental exclusions for 1.0 discussion:
- Inspector customization, streaming helpers, LLM helpers, HTTP/3, multipart, htmx, and selected advanced extension features may remain beta or experimental if the docs say so clearly.
- Studio Desktop may remain frozen while Studio Server owns forward visualization work.
- Lab examples may remain excluded from production-support claims.
#9. Reproduce
From a fresh checkout with initialized submodules:
git submodule update --init --recursive
cd ranvier
powershell -ExecutionPolicy Bypass -File scripts\release_gate_bundle.ps1 -Profile all -LocalChecksOnly -NoAllowDirty
cargo test -p ranvier-http readiness_liveness_split_supports_custom_checks -- --exact
cargo test -p ranvier-runtime persistence::tests::append_and_load_roundtrip -- --exact
cargo test -p ranvier-audit tests::audit_logger_records_core_intervention_events -- --exact
cd ..\cli
powershell -ExecutionPolicy Bypass -File scripts\smoke_projection_from_example.ps1
cargo test templates_metadata_covers_all_generators
cd ..\studio-server\frontend
npm run build
npm test