Skip to content

Trust-Layer Proof Run - 2026-05-28

This proof run records a real repoctx plus PullPass release flow.

The point is simple: context first, validation second, human accountability always. For a solo maintainer, an admin merge can be the valid owner path; the important part is to record that the merge was a human decision rather than an automated pass.

Public Artifacts

Artifact Evidence
repoctx release v0.3.1
PullPass docs patch v0.5.1
PullPass release-discipline PR nugehs/pullpass#4
PullPass release v0.6.0

1. Inspect Repository Context

Command:

repoctx repo /path/to/repoctx --json

Selected output:

{
  "ok": true,
  "package": {
    "name": "repoctx",
    "version": "0.3.1"
  },
  "packageManagers": ["npm"],
  "entrypoints": ["src/cli.js"],
  "importantDirectories": ["src", "tests", "docs", "scripts"],
  "git": {
    "clean": true
  }
}

What this proves:

  • The context foundation is local-first and deterministic.
  • The maintainer can see version metadata, entrypoints, scripts, and git state before editing.
  • repoctx can be used as the first step in a repeatable review workflow.

2. Generate PR Review Context

Command:

repoctx pr /path/to/pullpass \
  --base origin/main \
  --out /path/to/pullpass/.dev-context/pr-review.md

Selected output:

Changed files: 4
Diff: 4 files changed, 7 insertions(+), 3 deletions(-)
Risk: low (2)

Changed domains:
- docs: 3 files
- cmd: 1 file

Risk flags:
- no test files changed

What this proves:

  • repoctx turns a release PR into a reviewable map.
  • The changed surface is small enough for maintainer review.
  • The no-test signal is visible, so the maintainer can decide whether release metadata needs more test coverage or an explicit no-test rationale.

3. Run PullPass Before Merge

Command:

pullpass pr 4 --repo /path/to/pullpass

Selected output:

Verdict: FAIL

PASS Release discipline:
  Version metadata is SemVer and changelog was updated.
  cmd/pullpass/main.go -> 0.6.0

PASS Review conversations:
  No unresolved PR review conversations found.

PASS Branch protection:
  Base branch protection requires reviews, status checks, CODEOWNERS, and conversation resolution.

PASS Status checks:
  All returned status checks passed.

FAIL Review decision:
  A required human review is still missing.

FAIL CODEOWNERS:
  CODEOWNERS approval is missing for one or more changed files.

What this proves:

  • PullPass did not rubber-stamp the PR.
  • The release-discipline gate passed because SemVer metadata and changelog coverage were aligned.
  • The merge-safety gate correctly blocked on missing human and CODEOWNERS approval.

4. Record the Solo-Maintainer Merge

GitHub state after merge:

{
  "state": "MERGED",
  "mergedAt": "2026-05-28T11:17:55Z",
  "mergeCommit": "7c8ed6713055f21ff66e1cd0c7a67c18b4749982",
  "reviewDecision": "REVIEW_REQUIRED",
  "reviews": [],
  "checks": [
    {
      "name": "Quality gates",
      "conclusion": "SUCCESS"
    }
  ]
}

What this proves:

  • The PR was merged by the solo maintainer after CI passed.
  • GitHub still reported REVIEW_REQUIRED, and no review records were attached.
  • In this trust model, that is a valid solo-maintainer admin merge, not an automated green light. It should still be visible in the release evidence so future teams can distinguish owner accountability from reviewer approval.
  • This keeps the public story company-ready: a solo founder can move fast today, while a company can later require separate reviewer approval, CODEOWNERS coverage, and audit evidence without changing the workflow shape.

5. Publish the Release After Verification

Commands:

go test ./...
python3 -m mkdocs build --strict
go run ./cmd/pullpass doctor
go run ./cmd/pullpass local . --base v0.5.1
impact-map /path/to/pullpass \
  "publish PullPass v0.6.0 release after merged release discipline PR" \
  --diff-base v0.5.1
repoctx repo /path/to/pullpass --json

Selected output:

go test ./...                         PASS
python3 -m mkdocs build --strict      PASS
pullpass doctor                       pullpass 0.6.0 ok
PullPass local gate                   WARN, review state local-only
Release discipline                    PASS
repoctx inspection                    clean main at 7c8ed67

What this proves:

  • The release was tagged after tests, docs, local gate checks, impact validation, and repo inspection.
  • PullPass v0.6.0 is the feature release for release discipline.
  • The evidence trail separates automated checks from solo-maintainer or team-review decisions.

Repeatable Rule

For future release PRs:

  1. Generate repoctx context before editing.
  2. Keep the PR small and reviewable.
  3. Run repoctx PR review context.
  4. Run PullPass before merge.
  5. If PullPass fails and a solo maintainer still merges, record the owner decision; if a team exists, require the normal reviewer or CODEOWNERS approval path.
  6. Run release verification from merged main.
  7. Tag and publish only after the release evidence is clean.

Company Adoption Path

This same flow scales from a solo-maintainer repo to a company engineering process:

Stage Merge Accountability
Solo maintainer Owner can admin-merge after CI and PullPass evidence, with the owner decision recorded
Small team Require one reviewer plus CODEOWNERS approval for sensitive paths
Company team Require CODEOWNERS, status checks, resolved conversations, and an auditable release note
Regulated or high-risk team Add policy profiles for auth, payments, data, deployment, secrets, and incident response

The workflow stays the same. The approval bar rises as more people and more risk enter the system.

Bashbop Pilot Extension

The same trust-layer pattern was then applied to a real multi-repo product pilot across API and mobile code.

Verified:

  • Mobile auth and Dashboard/profile smoke were tested on an Android emulator.
  • A Dashboard API contract mismatch was found and fixed.
  • Native mobile profile save was blocked by CSRF session behavior, then fixed with a mobile-client request marker and a browser-origin guardrail test.
  • Focused API and mobile checks passed for the patched auth/profile path.
  • Direct authenticated profile image upload returned a sanitized R2-backed media URL.
  • Direct authenticated AI event draft, guided event draft, and logout/session cleanup returned the expected status codes and response shapes.
  • Full Android UI proof was captured for profile photo picker/crop/upload/save, AI event creation, guided event creation, logout confirmation, post-logout relaunch, and the Dashboard auth gate.
  • Final Android log review found no fatal exception, JavaScript type/reference error, or ReactNativeJS crash pattern; one non-fatal ReactHost soft exception was recorded during relaunch focus.

Company-facing evidence posture:

  • The Bashbop pilot is usable as final demo evidence for the trust-layer packet.
  • Keep the public packet sanitized: no local machine paths, cookies, tokens, passwords, or secret-bearing payloads.