Procurement Ticket Pack rail
Procurement approval is not a claim — it is an attachable, replayable evidence pack. This page publishes the latest signed Ticket Pack pointer and the one‑command verification path.
Public authority note: PROD is the canonical public truth. DEMO is demonstration-only, and READY_TO_SIGN is a candidate HOLD rail until signatures publish.
v51.6 adds rollback guard: monotonic sequence + DSSE prev_pointer_sha256 chaining + CI cache compare (fail‑closed).
Appendix — DEMO compatibility rail
External reviewers can reproduce GO end-to-end with demo keys only.
- Download DEMO Evidence Bundle
- Unzip and run:
python3 public_verify_deploy_txn_v51.py --site-root . --trust-mode demoExpected: GO when the dedicated DEMO bundle is verified with --trust-mode demo. PROD bundles use --trust-mode prod. Mixed bundle/mode pairings are intentional HOLD/FAIL.
Verify the signed deploy status artifact (optional)
gpg --import trust/deployments/demo/pgp.asc gpg --verify trust/deployments/demo/MVG_DEPLOY_STATUS_LATEST.json.asc \ trust/deployments/demo/MVG_DEPLOY_STATUS_LATEST.json
UI is display-only. Signed records are authoritative.
🏛️ Production rail (PROD — authoritative)
Authoritative production deployment rail. Requires MVG operator‑held deploy signatures.
- Download PROD Evidence Bundle
- Unzip and run:
python3 public_verify_deploy_txn_v51.py --site-root . --trust-mode prodExpected: GO (exit 0). Candidate rail: READY_TO_SIGN ⇒ HOLD (exit 2) by design.
If any signature is missing or invalid, verification returns HOLD (fail‑closed). This prevents partial deploys, cache drift, or UI tampering from being mistaken as a successful deployment.
Canonical pointers
- DEMO: MVG_DEPLOY_TXN_LATEST.json (signed pointer)
- PROD: MVG_DEPLOY_TXN_LATEST.json (authoritative when signed)