Skip to content

qa: end-to-end verify-flow validation on live domain (HITL) — closes out #37/#34 #57

Description

@gkanitz

Context

Launch-readiness item. The verify page is the trust centerpiece of the
public push, and its pieces have landed without one end-to-end validation
against real, freshly produced artifacts on the live domain: #37's
implementation merged via PR #43 (issue never closed), #34's CNAME
(coderepute.dev) is in the repo but registrar/redirect state is
unconfirmed, and #37 shipped while the verify URL was still the interim
grkanitz.github.io (the account has since been renamed to gkanitz, so
any stale constant is now doubly wrong).

Goal

Prove the full trust loop — CI run → attested artifacts → live verify page
→ honest pass/fail — and fix what falls out. Closing this issue (and #37,
#34 with it) is the launch gate for the verification story.

Checklist — agent-executable

  • Grep the codebase for grkanitz and github.io remnants; the verify
    URL constant in the report package must be
    https://coderepute.dev/verify/. Fix and test if stale.
  • docs/verify/ unit tests green (npm test); Rekor fallback fixtures
    still pass.
  • Trigger a fresh CI run of the canonical workflow on this repo
    (workflow_dispatch) producing report.html + report.pdf +
    attestations.
  • gh attestation verify passes for both artifacts, including the
    --signer-workflow canonical-identity check.

Checklist — owner (HITL, live surfaces)

  • https://coderepute.dev/verify/ serves over HTTPS (Pages custom
    domain + Enforce HTTPS on).
  • coderepute.com redirect: confirm registered/configured, or
    explicitly descope it in feat: domain registration and GitHub Pages for verify page (HITL) #34 (decide, don't leave ambiguous).
  • Drag-and-drop the fresh report.html → verifies (attestation found,
    canonical workflow identity shown).
  • Upload the fresh report.pdf → verifies (XMP or URL-param path).
  • Scan the QR from the PDF → lands on the verify page with
    ?repo=&subject= pre-filled.
  • Negative tests: a 1-byte-modified copy of report.html fails with an
    honest message; a .json upload is cleanly rejected (feat: update verify page for HTML and PDF uploads #37's clean
    break); a report from a non-canonical fork shows the honest
    degradation path.

Acceptance criteria

Success: every box above checked; #37 and #34 closed with a comment
pointing here; any failure found is filed as a bug-labeled issue in this
milestone before this issue closes.

Failure — red flags: launch declared with unchecked live-surface boxes;
a negative test passing verification; stale grkanitz/github.io URLs
surviving anywhere in binary output, docs, or QR payloads.

Parallel-work contract

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs-owner-reviewHITL: must not merge without explicit owner approvalready-for-agentTriage complete; ready for an agent to pick up

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions