# Validation Posture and Release Boundaries In the current repo snapshot, this document defines what ClawCapsule currently validates, what it does not validate, and how release claims should be bounded. ## 1. Evidence layers Current repo evidence comes from three distinct layers: - executable code and test coverage - runtime-only harness evidence - bounded interpretation documented in evidence notes These layers should not be collapsed into a single stronger claim than the evidence supports. ## 2. Claims that are currently validated The repository currently supports these bounded statements: - the public `/v1` API contract is implemented and exercised by code and integration tests - compile determinism is a current product contract - authority-first event and restore sequencing is implemented and tested - crash recovery, durable-tail repair, idempotency backfill, and fail-closed startup rules are covered by current tests - diagnostics endpoints exist and are operationally separate from compile determinism - the runtime-only 50k control-lane gate is cleared for `split_control` on run `guarded-segmented-runtime-only-50k-validation-20260313-002` The current 50k control-lane gate includes successful control-lane checkpoints at: - `stage_end_020000` - `restart_020000` - `stage_end_050000` - `restart_050000` ## 3. Lane-specific release posture Current storage-lane posture is: - `split_control`: current validated runtime-only reference lane - `guarded_segmented`: implemented challenger lane that has not cleared the current 50k release boundary Important boundary: - these are internal engineering labels, not public API modes - clearing the control lane does not imply an all-path release pass - current repo evidence does not justify promoting `guarded_segmented` ## 4. Claims that should not currently be made The following statements are not supported by current evidence: - all runtime storage paths passed the 50k gate - `guarded_segmented` is release-cleared or ready for default promotion - ClawCapsule has unbounded long-run scaling proof - runtime-only evidence proves model-in-the-loop behaviour - diagnostics `dump-bundle` endurance is equivalent to standard `/v1/compile` endurance - results are proven across other hardware, operating systems, storage media, or future commits without rerun ## 5. How release evidence should be read Current release interpretation should follow this order: 1. this document for claim boundaries 2. `docs/Runtime-Validation-and-Evidence-Note.md` for evidence methodology and conservative wording 3. specific gate artefacts for run-level proof Current primary gate artefact: - `analysis/runtime_only_probe/20260313_runtime_only_50k_split_control_evidence_gate.md` Historical artefacts remain useful but narrower: - earlier negative notes remain historically correct for the runs they describe - later positive control-lane evidence supersedes earlier 50k status only in that bounded lane-specific sense ## 6. Relationship to release posture Current repo release posture is best described as: - v1 runtime contract is current and usable - core correctness, determinism, and recovery behaviour are backed by tests - runtime endurance evidence is presently bounded to the validated `split_control` lane and the recorded configuration - broader all-path or all-environment claims remain out of scope Packaging and plugin release notes may validate their own surfaces, but they do not widen runtime storage-lane endurance claims. ## 7. Outstanding validation gaps The main remaining validation gaps are: - no clean all-storage-path long-run release gate - no current evidence set that clears `guarded_segmented` - no current model-in-the-loop long-run gate that upgrades runtime-only evidence into a broader behavioural claim - no formal storage-lane governance record defining promotion and retirement criteria - no basis for hardware-independent or cross-platform endurance claims beyond narrower packaging and smoke validation ## 8. What is acceptable to say today Acceptable: - ClawCapsule is a deterministic, local-first v1 memory runtime with authority-first persistence semantics. - The current public API and compile contract are implemented. - The current runtime-only 50k gate is cleared for the `split_control` reference lane on the recorded run. Not acceptable: - ClawCapsule has a clean all-path 50k release sign-off. - The segmented challenger lane is validated for broader release. - Current evidence proves indefinite scaling or universal deployment readiness.