cryptad-platform-apps

star 1

Work on Cryptad's app platform: Platform API v1/contract, AppHost runtime/rollback, signed app bundles/catalogs, trusted app-review receipts, Trust Graph Local RC, app-update lifecycle, durable app data, app-data backup/restore, content subscriptions, app-network budgets, local app-service discovery/dependencies/grant bundles, app-owned static UI, browser sessions, the browser SDK, the app UI design system/linter, developer CLI, app permissions/audit, sandbox providers, operator beta dashboard/support evidence, live-network beta certification evidence, legacy plugin freeze, and legacy admin retirement routing.

crypta-network By crypta-network schedule Updated 6/13/2026
play_arrow Run Skill in Manus View GitHub

name: cryptad-platform-apps description: "Work on Cryptad's app platform: Platform API v1/contract, unified operator consent, AppHost runtime/rollback, signed app bundles/catalogs, app-store submission review, trusted app-review receipts, third-party developer beta program, production security response runbooks, Trust Graph Local RC, Social Inbox RC, app-update lifecycle, durable app data, app-data backup/restore, content subscriptions, app-network budgets, multi-node beta soak evidence, local app-service discovery/dependencies/grant bundles, app-owned static UI, browser sessions, the browser SDK, the app UI design system/linter, developer CLI, app permissions/audit, sandbox providers, operator beta dashboard/support evidence, operator RC recovery/support workflows, live-network beta certification evidence, legacy plugin freeze, and legacy admin retirement routing."

Cryptad platform apps

Use this skill before touching app-platform code, docs, or tests.

Read first

Load only the docs needed for the change:

  • App ecosystem beta entry point: docs/app-platform-developer-portal.md
  • Offline beta tutorials: docs/app-platform-beta-tutorials.md
  • Beta limitations and safety boundaries: docs/app-platform-beta-known-limitations.md
  • Beta program, submission, feedback, and closeout runbook: docs/app-platform-beta-program.md
  • Third-party developer beta program: docs/third-party-developer-beta-program.md
  • Third-party app submission checklist: docs/third-party-app-submission-checklist.md
  • Third-party app compatibility support window: docs/platform-api-compatibility-support-window.md
  • Third-party Hello Stable SDK example: docs/examples/third-party-hello-stable.md
  • Platform API and shell surface: docs/platform-api-surface.md
  • Platform API compatibility contract: docs/platform-api-contract.md
  • Platform API 1.0 stable baseline reference: docs/platform-api-1.0-stable-reference.md
  • Signed bundles and first-party app tasks: docs/app-distribution.md
  • Standalone app developer CLI: docs/app-dev-cli.md
  • Signed catalogs: docs/app-catalogs.md
  • Ecosystem security advisories and denylists: docs/ecosystem-security-advisories.md
  • Production security response runbook: docs/production-security-response-runbook.md
  • App-store submission and review workflow: docs/app-store-submission-and-review-workflow.md
  • App-review governance: docs/app-review-governance.md
  • App update lifecycle and rollback: docs/app-update-lifecycle.md
  • App upgrade data migrations: docs/app-upgrade-data-migrations.md
  • User consent and permission upgrade UX: docs/user-consent-and-permission-upgrade-ux.md
  • Durable app data: docs/app-data-store.md
  • App-data backup/restore portability: docs/app-data-backup-restore-portability.md
  • Local app-service discovery and grants: docs/app-service-discovery-and-grants.md
  • App-owned static UI routes and bootstrap JSON: docs/app-owned-ui.md
  • App UI design-system assets and offline UI lint: docs/app-ui-design-system.md
  • Browser SDK behavior: docs/platform-sdk-js.md
  • Feed Reader and content-fetch reference app: docs/feed-reader-reference-app.md
  • Social Inbox RC reference app: docs/social-inbox-reference-app.md
  • Trust Graph Local RC reference app and local trust-service API: docs/trust-graph-preview.md
  • Network-scale content/subscription budget: docs/network-scale-soak-and-subscription-budget.md
  • App secret and identity vault: docs/app-secret-and-identity-vault.md
  • AppHost runtime/log/token boundary: docs/apphost-runtime-hardening.md
  • App-token permission matrix and audit model: docs/app-permissions-and-audit.md
  • Legacy admin replacement map and usage counters: docs/legacy-retirement-plan.md
  • Legacy plugin freeze policy: docs/legacy-plugin-freeze-policy.md
  • Legacy plugin migration guide: docs/legacy-plugin-migration-guide.md
  • Operator beta dashboard and redacted support bundle: docs/operator-beta-dashboard.md
  • Operator RC recovery and support workflow: docs/operator-rc-recovery-and-support-workflow.md
  • App-platform release evidence: docs/release-certification.md
  • Production beta release pipeline: docs/production-beta-release-pipeline.md
  • Multi-node beta soak and upgrade drill: docs/multi-node-beta-soak-and-upgrade-drill.md

Ownership map

  • :platform-api owns the transport-neutral Platform API v1 router, route families, deterministic compatibility contract, Platform API 1.0 stable baseline metadata, app-token authorization decisions, browser-session authorization decisions, capabilities, app-vault route handlers, generated app-document queue staging, bounded content fetch routing, shared app-network budget service/store, durable content subscriptions, durable app data, app-data backup/restore planning and commit routes, unified consent previews/decisions/audit stores, internal update snapshots, local Trust Graph Local RC route handlers, local app-service discovery/dependency/grant-bundle routes and adapters, bounded app audit logs, and the local app-update lifecycle service plus scheduler above AppHost, catalog, vault, app-data, content, trust, and runtime primitives, plus the host/operator-only beta dashboard, subscription recovery wrappers, typed operator RC recovery action planning/execution, safe network-budget snapshots, support-bundle preview metadata, and redacted support-bundle assembly.
  • :platform-apphost owns installed app layout, manifest parsing, app process lifecycle, per-launch CRYPTAD_APP_TOKEN, runtime status, process-log capture/redaction, and restart attempts, durable previous-bundle rollback records, plus sandbox policy/status reporting, Linux bubblewrap provider selection, and positive data/cache quota enforcement.
  • :platform-app-ui owns static route/path/content-type/header helpers for /apps/{appId}/ and isolated per-app loopback origin metadata, launch-proof bootstrap, and short-lived browser session issuance/verification for static app Platform API calls.
  • :platform-sdk-js owns crypta-platform.js, the dependency-free browser helper staged into first-party static app bundles, including queue/content/feed/vault/trust/app-data/app-service helpers.
  • :platform-design-system owns canonical local app UI CSS/JS assets and safe asset metadata/copy helpers used by scaffolds, first-party staging, UI lint, and release evidence.
  • :platform-appvault owns app secret and identity vault storage records, metadata/grant value types, local wrapping-key provider, bounded profile/trust statement signing helpers, audit/redaction helpers, and deterministic vault tests.
  • :platform-appdist owns local signed bundle digests, signatures, trusted-key verification, deterministic bundle packaging, manifest sandbox/quota/app-data schema migration fields, API target-stability metadata, and first-party signing/verification tooling.
  • :platform-appcatalog owns signed catalog parsing, catalog writing, catalog source/artifact verification, crypta: catalog-source URI handling, safe ZIP extraction, and verified staging into AppHost install/update flows, plus optional review/API compatibility target-stability metadata, first-party maintenance metadata, catalog security advisory lifecycle/version denylists, production security response drill metadata, submission package writing/verification/pre-review/redaction, independent app-review receipts, trusted reviewer-key loading, review policy modes, and review trust decisions used by app update review, reviewer-key lifecycle parsing, local review transparency logging, governance snapshots, and review-history API support.
  • :platform-trustgraph owns the Trust Graph Local RC statement model, strict JSON parser, canonical payload and signature helpers, process-local anchor/store abstractions, lifecycle status records, and deterministic direct-anchor scoring. It is a local RC library, not a peer protocol or full Web of Trust implementation.
  • :platform-devtools owns the standalone crypta-app CLI for scaffolding, validating, signing, packaging, verifying, catalog-authoring, app-store submission package/pre-review/candidate commands, API contract snapshotting, compatibility verification, stable-only hello-stable third-party templates and review-note scaffolds, mock dev serving with deterministic Platform API contract fixtures, offline app tests, developer key generation, and dry-run publication planning or explicit live USK publication for developer-owned staged bundles, including crypta-app ui lint and review receipt sign/verify helpers.
  • :platform-web-shell owns /app/node/ browser shell assets, bootstrap, app/catalog/update/review operator views, the operator beta dashboard/support-bundle panel, the Operator RC Recovery surface, subscription recovery controls, app-data backup/restore controls, app-service dependency/grant-bundle review UI, security response status rendering, and explicit legacy security/diagnostic fallback actions.
  • :adapter-http-legacy-admin hosts the current /api/v1/, /app/node/, /apps/{appId}/ compatibility bridge, isolated app-UI loopback origin server, Platform API form-password guard, operator recovery/subscription form-password guards, legacy admin retirement notices, Wave 5 final-surface policy, replacement/fallback routing, and diagnostics counters.
  • :apps:queue-manager stages the first-party queue-control static UI bundle.
  • :apps:publisher stages the legacy-publisher replacement static UI bundle.
  • :apps:site-publisher stages the first-party content reference static UI bundle.
  • :apps:profile-publisher stages the first-party identity-profile reference static UI bundle.
  • :apps:social-inbox stages the first-party Social Inbox RC static UI bundle for beta social/mail-like threading, multi-source subscriptions, local read/filter/export state, and operator-approved Trust Graph score annotations through app-service grants.
  • :apps:feed-reader stages the first-party feed reader/subscription reference static UI bundle.
  • :apps:trust-graph stages the first-party Trust Graph Local RC static UI bundle, including local anchor lifecycle controls, import previews, recovery/export/import affordances, and the local trust.score app-service provider.

Guardrails

  • Never expose CRYPTAD_APP_TOKEN through browser bootstrap JSON, Web Shell bootstrap, app summaries, runtime/log/audit API responses, diagnostics, toString(), or error text.
  • Browser static UI prefers isolated per-app loopback origins, with /apps/{appId}/ retained as a same-origin compatibility fallback. Browser origin isolation is not a process sandbox or app-token authority; server-side Platform API permission checks remain authoritative.
  • Static app browser session tokens are local browser credentials for installed static UI calls. They are not AppHost launch tokens, must not expose CRYPTAD_APP_TOKEN, and should stay out of persistent browser storage.
  • App-originated Platform API requests must authenticate with a live app process token or app browser session and pass the central capability matrix. Deny app principals by default.
  • Material install, update, app-data migration, backup-before-update, app-service grant, and Trust Graph import-preview decisions must use unified consent snapshots when required. Approval is bound to the exact snapshot digest, stale approvals must fail closed, and consent audit evidence must stay path-free and token-free.
  • Platform API 1.0 is the stable app-facing baseline named stableBaseline.name=1.0, frozen at contract version 19 and distinct from the current integer contract version. Later contract bumps must not expand or shrink that baseline unless the change deliberately defines a new baseline.
  • Stable baseline membership is bounded to app-facing stable descriptors introduced no later than contract version 19 and backed by the baseline capability set. Do not silently promote app-vault, app-service, Trust Graph Local RC, internal, or operator-only routes into the 1.0 stable surface.
  • App manifests and catalog descriptors use api.targetStability=stable|experimental. Stable targets may use only Platform API 1.0 baseline capabilities; experimental app-facing use still requires api.experimentalCapabilitiesAccepted=true; internal and operator-only capabilities are rejected for third-party app compatibility even with experimental acceptance.
  • vault.identities.manage is host/operator-only identity management. Keep it out of requestable third-party app capability guidance, scaffolds, manifests, and stable baseline examples.
  • Contract JSON parsing must remain backward compatible for pre-freeze version 19 snapshots that omit stableBaseline. Contract versions after 19 must include stable-baseline metadata, and the parsed metadata must match descriptor membership instead of being silently recomputed.
  • App-facing POST /api/v1/content/fetch is bounded foreground content retrieval only. It must require content.fetch, cap bytes and timeouts, allow only Crypta/Freenet content-key forms, and reject file:, arbitrary HTTP(S), loopback/LAN URLs, and absolute local paths before calling the runtime fetch port.
  • Shared app-network budgets are required for app-initiated network work: foreground content fetch, subscription manual refresh, subscription scheduler poll, Trust Graph direct import, and Trust Graph import-by-URI. Use AppNetworkBudgetService with reserved internal scopes for global and host/operator counters; do not add per-feature counters that bypass the shared global content-fetch budget. Full runtime should fail closed when durable budget state is unavailable.
  • Durable content subscriptions are bounded USK follow metadata plus scheduled refresh requests. Manual refresh and scheduler polls consume shared app-network budget after queue-pressure checks. They must not become a crawler, arbitrary HTTP client, queue-HTML parser, raw content archive, or source of private insert URIs.
  • Durable app data is app-owned state only. It must remain scoped to the authenticated caller app, enforce bounded namespaces/keys/values/imports, and keep raw values, request bodies, store roots, app data directories, private insert URIs, tokens, and local paths out of public JSON, audit, docs, and release evidence.
  • App-data backup/restore is host/operator-only and is not an app-facing contract bump by itself. Restore previews and support evidence must stay metadata-only: no raw backup payloads, raw app data values, form passwords, private insert URIs, tokens, store roots, or absolute local paths.
  • App-generated document insert routes accept generated document bytes, not local source paths. Keep raw generated documents, raw feed/profile/trust bodies, private insert URIs, raw signatures, and request bodies out of audit entries, logs, and release evidence.
  • Trust Graph Local RC is local RC scoring and bounded statement import/sign/publish support. Direct import and pasted import preview consume Trust Graph import budget; import-by-URI and URI preview consume both Trust Graph import budget and the shared content-fetch budget. URI previews must fetch one root crypta.trust.statement.v1 document so import-preview-uri and import-uri agree. Pasted previews may summarize arrays or { "statements": [...] } wrappers, but commits must send one direct statement document. Do not claim full Web of Trust compatibility, old plugin compatibility, global moderation, background crawling, daemon-core identity sharing, or protocol/network behavior changes. Trust evidence must stay bounded and redacted; do not record raw trust documents from real users.
  • App-service discovery and grants are local Platform API mediation only. Do not add generic RPC, arbitrary localhost proxying, bearer tokens apps can pass around, remote discovery, daemon-core plugin ABIs, cross-app app-data access, or provider run/cache/store path exposure. Invocation must check the authenticated app principal, declared capabilities, current provider descriptor, active grant, scope, and context at call time.
  • App-service dependency graphs and grant bundles must remain bounded operator-mediated metadata. Revalidate signed consumer manifests and current provider descriptors before approval, renewal, or invocation. Evidence and Web Shell summaries must not include raw service request bodies, raw subject URIs, raw Trust Graph data, provider app data, tokens, private keys, private insert URIs, raw signatures, backup payloads, or local paths.
  • Social Inbox RC is a first-party beta reference app for social/mail-like local workflows. It may manage multiple bounded USK sources, local read/unread state, local mute/block filters, redacted exports, author profile summaries, and Trust Graph score annotations only through app-service grants. Do not present it as encrypted mail transport, Freetalk/Sone/Freemail compatibility, full WoT, network moderation, or a daemon-core message protocol.
  • The legacy in-process plugin system is frozen and removed. Do not add network.crypta.pluginmanager, plugin toadlets, old plugin ABIs, old WebOfTrust/Freetalk/Sone/Freemail shims, or FCP plugin command execution. Legacy plugin FCP command names may only map to deterministic unsupported responses through the existing unsupported-command handler.
  • Audit entries are bounded and process-local. Do not add query strings, request bodies, form passwords, tokens, absolute filesystem paths, or large payloads.
  • Static UI routes must serve only immutable installed-bundle files. Reject traversal, encoded path separators, symlink/reparse escapes, reserved sidecars, and host-dependent MIME inference.
  • Static app UI design-system assets must stay local to the bundle. Do not add CDN dependencies or remote CSS/JS allowances; use crypta-app ui lint for offline CSP, SDK/bootstrap, accessibility, permission-disclosure, and design-system checks.
  • Signed catalogs and bundles must verify before install/update. Unsigned live-node installs require the explicit development-only escape hatch.
  • Trusted app-review receipts are independent reviewer evidence. Do not treat publisher advisory review.status, app signing keys, or catalog signing keys as reviewer trust.
  • App-store submission packages are review inputs, not install approvals. Keep package bodies, rationale documents, maintainer/source metadata, pre-review findings, transparency events, and catalog candidates deterministic and redacted; consent previews may summarize review metadata but must not include raw package bodies, local paths, keys, or tokens.
  • Third-party developer beta artifacts are non-production unless explicitly promoted through the normal signed bundle, review, catalog, consent, and compatibility gates. The checked-in hello-stable sample and generated review/*.md files must stay stable-only by default, use only non-production reviewer material in tests, write generated ZIPs/reports outside the bundle root, and avoid private insert URIs, private keys, bearer/session tokens, raw fetched content, raw app data, raw rationale bodies, local absolute paths, and production signing or reviewer material.
  • Reviewer governance is local trusted-key configuration plus a local tamper-evident transparency log. Do not present catalog-listed reviewer keys as automatically trusted, and do not describe the local transparency log as a global public log.
  • crypta: catalog sources still require signed catalog verification. They do not make catalog artifacts trusted, and catalog entry bundle artifacts remain limited to the schemes documented in docs/app-catalogs.md.
  • Production security response is catalog/app/reviewer governance only. Keep emergency advisories, exact-version denylists, reviewer-key/receipt revocations, catalog signing-key rotation evidence, replacement guidance, and safe uninstall/update labels compact and operator-facing. Do not expose raw incident artifacts, raw catalog bytes, private insert URIs, tokens, private keys, raw fetched content, raw app data, command lines containing secrets, CI secret values, or local absolute paths through API responses, Web Shell text, support bundles, release notes, or certification evidence.
  • App-update lifecycle state, including app-data migration summaries, must stay path-free and token-free. Do not expose catalog scratch directories, staged bundle paths, migration command paths, rollback directories, launch tokens, browser sessions, form passwords, private signing keys, private insert URIs, raw migration logs, or raw app-data values through API responses, Web Shell text, logs, audit entries, or certification output.
  • The default app-update policy is manual. Do not introduce silent third-party auto-update; policy stage may stage eligible verified candidates, and apply_when_stopped may apply only when the app is already stopped and all review/compatibility gates pass.
  • App-update routes under /api/v1/apps/{appId}/updates are mutating local-management routes when they check, stage, apply, rollback, or update policy. Browser/host requests must pass the form-password guard. App principals need the published app/catalog capabilities; do not let apps.manage alone trigger catalog refresh or artifact staging.
  • Rollback normally restores only the immutable installed bundle. It must preserve AppHost-managed data/cache/run ownership boundaries and must not claim broad mutable app-data rollback. The narrow exception is the app-update migration path, where AppUpdateService may create and restore an internal, app-scoped, short-lived durable app-data snapshot; do not expose it as user-facing backup/restore or cross-app portability.
  • Operator routes under /api/v1/operator are host/operator-only local management and support routes. They are not part of the app-facing Platform API compatibility contract, must deny app principals, and should not bump the integer contract version. Support bundles and dashboard summaries must exclude raw bodies, private insert URIs, app/session/process tokens, form passwords, local paths, command lines, and app-private values.
  • Operator RC recovery routes must stay typed and allowlisted. Clients request an OperatorRecoveryPlan for a known OperatorRecoveryActionId, then execute that exact action with the matching one-time planToken; destructive actions require explicit confirmation. Do not add generic route proxying, arbitrary method/path execution, broad shell commands, token-persistent dashboards, or support bundles that include plan tokens, raw backup payloads, raw Trust Graph statements, private insert URIs, raw app data, command lines, or local paths.
  • Positive AppHost data/cache quotas must block launch or restart when usage is over limit or an enforced area cannot be measured completely. Quotas and current sandbox providers are operational controls, not hard OS isolation.
  • Bubblewrap sandbox status is public only as provider/support-level metadata. Do not expose the configured bwrap executable path, generated wrapper command line, bind mount source paths, app tokens, or host private configuration.
  • Legacy admin retirement changes must update both the code map (LegacyAdminRetirementRegistry) and docs/legacy-retirement-plan.md.
  • Legacy admin Wave 5 is the production-beta final admin surface. It adds no new removed-by-default route ids, keeps Wave 1-4 removals stable, marks legacy admin maintenance-only, and retains FProxy browse/content rendering, content filter, startup/recovery, support, and exact emergency fallback surfaces. Do not add new daily legacy-admin surfaces; route new operator workflows through Web Shell, Platform API, or first-party apps.
  • Release-certification evidence must not expose private signing keys, app process tokens, browser-session tokens, form passwords, raw request bodies, raw feed bodies, raw trust documents, raw diagnostic exports, raw app-data backup payloads, private insert URIs, non-localhost endpoint metadata, or unsanitized local paths. Optional live AppHost smoke reads the form password from CRYPTAD_CERT_FORM_PASSWORD; do not pass it as a command-line argument. Dedicated live-network beta certification must stay localhost-only, env/protected-file driven for secrets, and disabled for normal PR/nightly/offline release-candidate runs unless explicitly requested.

Release certification smoke

  • tools/release-certification/app_platform_smoke.py is the app-platform evidence collector for release certification. It validates first-party staged bundles, static UI/SDK coherence, design-system adoption, strict UI lint JSON evidence, crypta-app init/validate/pack/dev/test, Platform API contract snapshots, Platform API 1.0 stable-baseline and target-stability evidence, app-vault capability evidence, generated document insert evidence, bounded content-fetch/subscription evidence, durable app-data and app-data backup/restore evidence, app-network budget and network-scale soak evidence, signed bundle evidence, signed catalog/live USK publication evidence, first-party beta catalog metadata, app-store submission/pre-review evidence, third-party developer beta docs, template, sample flow, checklist, compatibility, feedback, plugin-migration, and redaction evidence, trusted app-review receipt evidence, sandbox-provider evidence, app-update lifecycle/scheduler/rollback and app-data migration contract evidence, Site Publisher/Profile Publisher/Social Inbox RC/Feed Reader/Trust Graph Local RC reference-app evidence, unified consent evidence, app-service registry/grant/dependency/grant-bundle/redaction evidence, legacy plugin freeze evidence, app-review governance and local transparency-log evidence, public-beta security hardening evidence, operator beta dashboard/recovery/support-bundle evidence, operator RC recovery/support workflow evidence, production security response runbook evidence, legacy-admin retirement Wave 1-5/final-surface state, and optional localhost-only live AppHost lifecycle evidence.
  • tools/release-certification/live_network_beta_smoke.py is the explicit release-manager live-network beta evidence collector. It validates a prepared localhost node, live catalog source/key metadata, app-principal browser-session workflows, content/feed/profile/trust fixtures, optional app-service scoring, timing metadata, cleanup, and redaction without leaking secrets or becoming a normal CI dependency.
  • tools/release-certification/app_platform_docs_check.py is the deterministic docs evidence collector for the app ecosystem beta portal, tutorials, beta program, issue templates, internal Markdown links, and docs redaction checks.
  • pr mode must stay fast and offline-safe. It must not require a live node, signing keys, Hyphanet downloads, or production credentials.
  • release-candidate mode treats missing required signed bundle/catalog/app-platform evidence as failing unless a release-manager waiver is recorded by the aggregator.
  • Stable API release evidence must include stable capability names, stable endpoint identities, stable endpoint required-capability sets, and stable endpoint app-process/app-browser access flags. Production history checks fail closed on stable removals, required-capability changes, access regressions, missing current metadata, or missing previous metadata when history is required.
  • Keep app smoke self-tests Python-only and deterministic. Use fixtures or fake CLI helpers instead of network or Java dependencies for regression coverage where possible.

Validation

Use $cryptad-build-test for Gradle rules and timeouts. Common focused checks:

./gradlew :platform-api:test
./gradlew :platform-apphost:test
./gradlew :platform-app-ui:test
./gradlew :platform-appdist:test
./gradlew :platform-appcatalog:test
./gradlew :platform-trustgraph:test
./gradlew :platform-design-system:test
./gradlew :platform-appvault:test
./gradlew :platform-devtools:test
./gradlew :platform-sdk-js:test
./gradlew :platform-web-shell:test
./gradlew :adapter-http-legacy-admin:test
./gradlew :apps:queue-manager:test
./gradlew :apps:publisher:test
./gradlew :apps:site-publisher:test
./gradlew :apps:profile-publisher:test
./gradlew :apps:social-inbox:test
./gradlew :apps:feed-reader:test
./gradlew :apps:trust-graph:test
./gradlew stageFirstPartyApps
python3 tools/release-certification/app_platform_docs_check.py --self-test
python3 tools/release-certification/security_response_runbook.py verify
python3 tools/release-certification/app_platform_smoke.py --self-test
python3 tools/release-certification/network_scale_soak.py --self-test
python3 tools/release-certification/multi_node_beta_soak.py --self-test
python3 tools/release-certification/live_network_beta_smoke.py --self-test

When changing route contracts or bridge wiring, also run the relevant root router/toadlet tests with ./gradlew :test --tests *PlatformApiRouterTest --tests *PlatformApiToadletTest.

When changing crypta-app command wiring or distribution behavior, also run ./gradlew :platform-devtools:installDist and smoke the generated platform-devtools/build/install/crypta-app/bin/crypta-app --help launcher.

When changing signed bundle/catalog, live USK publication, app-review receipts, static UI, design-system assets, UI lint, SDK, Platform API contract, stable-baseline metadata, manifest or catalog target-stability behavior, AppHost lifecycle, app-vault capabilities, generated document inserts, content fetch/subscriptions, shared app-network budgets, network-scale soak evidence, durable app data, app-data backup/restore, app-service dependencies/grant bundles, Trust Graph Local RC, Social Inbox RC, app-update lifecycle/scheduler/rollback, sandbox-provider evidence, operator beta dashboard/support-bundle behavior, production security response runbook/verifier behavior, live-network beta certification behavior, third-party developer beta docs/template/sample/submission evidence, reference content/profile/social/feed/trust apps, app platform beta docs evidence, operator RC recovery/support behavior, or legacy-admin retirement evidence behavior, also run:

python3 tools/release-certification/app_platform_docs_check.py --self-test
python3 tools/release-certification/security_response_runbook.py verify
python3 tools/release-certification/app_platform_smoke.py --self-test
python3 tools/release-certification/network_scale_soak.py --self-test
python3 tools/release-certification/multi_node_beta_soak.py --self-test
python3 tools/release-certification/live_network_beta_smoke.py --self-test
python3 tools/release-certification/production_beta_release.py --self-test
tools/release-certification/run-release-certification.sh --mode pr --skip-gradle --skip-git-metadata
Install via CLI
npx skills add https://github.com/crypta-network/cryptad --skill cryptad-platform-apps
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
crypta-network
crypta-network Explore all skills →