Open-core layer

Deploy manifest intake

GitCaster now publishes safe local deployment manifests for app, miniapp, website, and developer-tool release planning. This is a public-alpha intake layer for dry-run validation, dependency retirement markers, and proof blockers before managed promotion.

Schema sourceFixtureEvidence JSONStatus table

Public artifacts

These files let contributors plan releases without touching managed infrastructure.

public-alpha

Schema package

Typed local dry-run manifest schema, validator, and tests.

packages/deploy-manifests

Local fixture

A safe app deploy plan with all managed promotion gates blocked.

examples/deploy/local-deploy-manifest.example.json

Strict checker

Deterministic validation and public evidence generation.

scripts/deploy/check-deploy-manifest-intake-public-alpha.cjs

Evidence

Proof file generated by the local public-alpha checker.

launch/evidence/deploy-manifest-intake-public-alpha.json

Public JSON

Website-readable summary of the accepted local plan and blockers.

apps/web/public/gitcaster-deploy-manifest-intake.json

Validation rules

The manifest checker accepts local planning and rejects unsupported platform claims.

local dry-run

Only loopback preview URLs are accepted.

Managed runtime, native storage, native domain, custody, billing, rollback, and production claims must remain false.

Retired hosted providers can be listed only as not required for the native path.

Secret-like fields and values are rejected before any runtime action.

Every stronger label needs an explicit proof artifact.

Blocked promotion gates

Promotion remains evidence-gated until operators provide receipts and smoke proof.

blocked_external

Managed runtime

blocked_external

Deploy receipt, smoke proof, and rollback proof are required first.

Native storage

blocked_external

Publish receipt, public read proof, and rollback proof are required first.

Native domain

blocked_external

Registry receipt and browser smoke proof are required first.

Custody

blocked_external

Signer custody reference and redacted receipt are required first.

Billing

blocked_external

Subscription policy and abuse-control proof are required first.

Production readiness

blocked_external

Release candidate, audit, node health, storage, deploy, domain, and rollback evidence are required first.

Verification command

The checker builds the package, validates the fixture, writes public JSON, and emits evidence.

deterministic
pnpm run deploy-manifest:check