Gates & evidence

Gates are truth. Completion in Midcore is "PASS gates" — machine-verifiable checks, not opinion or narrative. Every gate run is recorded in an evidence ledger that forms the proof trail for releases.

What are gates?

Gates are deterministic checks defined in .maestro/gates.yaml. They include contract validation, tests, lint, security scans, RBAC and tenancy checks, SBOM and provenance, and deployment readiness. There are 33+ gates; which ones run depends on your delivery tier and scope.

midcore gates run
# or as part of agent/compile flow

Evidence ledger

The evidence ledger is an append-only store (e.g. JSONL) under .maestro/evidence/. Each entry records gate ID, timestamp, scope, command, inputs/outputs, and result (PASS / FAIL / WARN / SKIP). Readiness is computed from passing vs required gates and missing entries. Evidence is never edited or deleted — only appended.

Tiers comparison

What counts as evidence

• Gate results (PASS / FAIL / WARN / SKIP) for each gate run
• Timestamps and scope (what was under verification)
• Command or script that was run and its outcome
• No narrative or free-form text — only structured, machine-verifiable entries

Hardening rounds

For production-ready delivery, eight hardening rounds run in order: Scope Lock & Contracts, Identity & Tenancy, Audit & Evidence, Secrets & Key Hygiene, Build Integrity, Data Correctness, Integration Integrity, Launch Readiness. Each round can trigger specific gates and evidence entries.

Key takeaways

• Gates are truth: completion is "PASS gates", not narrative.
• The evidence ledger is append-only; never edit or delete entries.
• Delivery tier (prototype / pilot / production) determines how many gates run and how much hardening is required.
• Evidence is gate results, timestamps, scope, and command outcomes — machine-verifiable only.

Related documentation

Gates reference · gates.yaml · Outcome Compiler · How Midcore works