Gates & evidence

Gates are truth. Completion in Midcore is "PASS gates" — machine-verifiable checks, not opinion or narrative. Every gate run is recorded in an evidence ledger that forms the proof trail for releases.

What are gates?

Gates are deterministic checks defined in .maestro/gates.yaml. They include contract validation, tests, lint, security scans, RBAC and tenancy checks, SBOM and provenance, and deployment readiness. There are 33+ gates; which ones run depends on your delivery tier and scope.

bash

midcore gates run
# or as part of agent/compile flow

Evidence ledger

The evidence ledger is an append-only store (e.g. JSONL) under .maestro/evidence/. Each entry records gate ID, timestamp, scope, command, inputs/outputs, and result (PASS / FAIL / WARN / SKIP). Readiness is computed from passing vs required gates and missing entries. Evidence is never edited or deleted — only appended.

Append-only

Never modify or delete evidence ledger entries. They are the audit trail for compliance and reproducibility.

Tiers comparison

Tier	Gates	Description	Hardening
Prototype	Baseline set	Demo and early validation	Relaxed; waivers allowed
Pilot	Standard set	Buyer-visible proof and baseline posture	Most hardening required
Production	Full set	Proof-carrying deployment, no hidden risks	All hardening mandatory

What counts as evidence

Gate results (PASS / FAIL / WARN / SKIP) for each gate run
Timestamps and scope (what was under verification)
Command or script that was run and its outcome
No narrative or free-form text — only structured, machine-verifiable entries

Hardening rounds

For production-ready delivery, eight hardening rounds run in order: Scope Lock & Contracts, Identity & Tenancy, Audit & Evidence, Secrets & Key Hygiene, Build Integrity, Data Correctness, Integration Integrity, Launch Readiness. Each round can trigger specific gates and evidence entries.

Key takeaways

Gates are truth: completion is "PASS gates", not narrative.
The evidence ledger is append-only; never edit or delete entries.
Delivery tier (prototype / pilot / production) determines how many gates run and how much hardening is required.
Evidence is gate results, timestamps, scope, and command outcomes — machine-verifiable only.

Gates reference · gates.yaml · Outcome Compiler · How Midcore works

Gates & evidence

What are gates?

bash

midcore gates run
# or as part of agent/compile flow

Evidence ledger

Append-only

Never modify or delete evidence ledger entries. They are the audit trail for compliance and reproducibility.

Tiers comparison

Tier	Gates	Description	Hardening
Prototype	Baseline set	Demo and early validation	Relaxed; waivers allowed
Pilot	Standard set	Buyer-visible proof and baseline posture	Most hardening required
Production	Full set	Proof-carrying deployment, no hidden risks	All hardening mandatory

What counts as evidence

Gate results (PASS / FAIL / WARN / SKIP) for each gate run
Timestamps and scope (what was under verification)
Command or script that was run and its outcome
No narrative or free-form text — only structured, machine-verifiable entries

Hardening rounds

Key takeaways

Gates are truth: completion is "PASS gates", not narrative.
The evidence ledger is append-only; never edit or delete entries.
Delivery tier (prototype / pilot / production) determines how many gates run and how much hardening is required.
Evidence is gate results, timestamps, scope, and command outcomes — machine-verifiable only.

Gates reference · gates.yaml · Outcome Compiler · How Midcore works

Gates & evidence

What are gates?

Evidence ledger

Tiers comparison

What counts as evidence

Hardening rounds

Key takeaways

Related documentation

Gates & evidence

What are gates?

Evidence ledger

Tiers comparison

What counts as evidence

Hardening rounds

Key takeaways

Related documentation