Evidence matrix

Public proof coverage by surface.

A buyer-readable map of what is proved, where the evidence lives, what CI gate runs it, and what still needs credentials or enterprise rollout work.

Verify proof Trust registry

Updated

2026-06-10

Surfaces

Passed

Gated

Surface	Status	Last run	Evidence	Proof	CI gate	Next owner action
Golden customer journeyProduction Profile	Scheduled	2026-06-10 release gate; daily schedule	Signup, login, policy publish, SDK key rotation, runtime proof, scanner upload, DB sandbox, proof export/share, public readback, CLI verify, readiness, and Admin readback.	Open proof	Workflow	Keep production secrets configured and review the daily artifact.
Production UI smokeWebsite	Scheduled	2026-06-10 release gate; daily schedule	Public pages, Profile page, Admin page, Worker health, public verifier, static trust registry, and Worker trust registry.	Open proof	Workflow	Keep Profile/Admin smoke credentials configured.
Public proof verifierProof trust chain	Passed	2026-06-10	Browser and CLI verifier recompute payload digest, ECDSA signature when present, hash chain, stop point, and completeness lanes.	Open proof	Workflow	Verify new proof schemas before publishing them.
Proof trust registryProof trust chain	Passed	2026-06-10	Accepted schema versions, timestamp policy, key-rotation policy, public key source, and sample packet locations.	Open proof	Workflow	Publish actual ECDSA public key through the Worker registry when production signing is configured.
Customer API lifecycleAPI	Passed	2026-06-10	Customer API catalog, readiness route, key rotation, old-key rejection, non-secret key metadata, rate-limit advertisement, and Admin readback.	Open proof	Workflow	Keep the buyer-flow smoke strict for Admin readback in production.
Real DB sandbox hardeningDatabase	Scheduled	2026-06-10 strict CI gate requires a real Postgres URL secret	Native Postgres sandbox hardening, source-isolation checks, cleanup leakage checks, Droplet backup/restore ops, and production buyer-flow DB create/transaction/proof/destroy.	Open proof	Workflow	Keep a production-like Postgres target secret configured for strict hardening runs.
Enterprise RBAC and auditEnterprise	Documented	2026-06-10	Backend admin roles, bootstrap org/workspace/user bindings, append-only audit events, admin login throttling, customer workspace readback, and export story.	Open proof	Workflow	Add SSO, SCIM, and SIEM export implementation before claiming full enterprise identity.
Customer onboarding diagnosticsCLI	Passed	2026-06-10	imladri doctor checks local services, DB target wiring, customer API catalog, rate limits, readiness, SDK metadata, public verifier, and trust registry.	Open proof	Workflow	Run `imladri doctor --customer` before buyer handoff.
LangChainSDK adapter	Passed	2026-06-10	4/4 lanes passed; real-package smoke covers langchain, langchain-core/@langchain/core, LangGraph, and langsmith with zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
OpenAI Agents SDKSDK adapter	Passed	2026-06-10	4/4 lanes passed across openai-agents and @openai/agents; real-package smoke covers Agent.tools execution with zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
Vercel AI SDKSDK adapter	Passed	2026-06-10	2/2 lanes passed; real-package smoke covers ai and zod with 3 allowed body calls, action-alias mapping, forwarded toolCallId metadata, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
LlamaIndexSDK adapter	Passed	2026-06-10	4/4 lanes passed; real-package smoke covers llama-index-core and llamaindex FunctionTool.call with zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
LangGraphSDK adapter	Passed	2026-06-10	6/6 LangGraph lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
HaystackSDK adapter	Passed	2026-06-10	4/4 Haystack lanes passed; real-package smoke covers haystack-ai component.run plus Pipeline.run with 2 allowed body calls and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
AutoGenSDK adapter	Passed	2026-06-10	4/4 AutoGen lanes passed.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
Generic HTTPSDK adapter	Passed	2026-06-10	3/3 generic lanes passed across Python and TypeScript wrappers.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
MCPMCP	Passed	2026-06-10	4 MCP lanes passed; hosted remote HTTP MCP is an optional additional proof lane when configured.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
CrewAISDK adapter	Passed	2026-06-10	4/4 CrewAI lanes passed; real-package smoke covers crewai with 3 allowed body calls and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
PydanticAISDK adapter	Passed	2026-06-10	2/2 PydanticAI lanes passed; real-package smoke covers pydantic-ai with 2 allowed body calls and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
Semantic KernelSDK adapter	Passed	2026-06-10	4/4 Semantic Kernel lanes passed; real-package smoke covers semantic-kernel with 2 allowed body calls and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
MastraSDK adapter	Passed	2026-06-10	4/4 Mastra lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
DSPySDK adapter	Passed	2026-06-10	2/2 DSPy lanes passed; shared batch proof covers metadata.name, action_aliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
DifyHosted workflow	Passed	2026-06-10	4/4 Dify lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep hosted probe URL/token credentials configured for live hosted proof.
FlowiseHosted workflow	Passed	2026-06-10	4/4 Flowise lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep hosted probe URL/token credentials configured for live hosted proof.
n8nSDK adapter	Passed	2026-06-10	4/4 n8n lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
Zapier AI ActionsHosted workflow	Passed	2026-06-10	4/4 Zapier AI lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep hosted probe URL/token credentials configured for live hosted proof.
BotpressHosted workflow	Passed	2026-06-10	4/4 Botpress lanes passed; shared batch proof covers metadata.name, actionAliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep hosted probe URL/token credentials configured for live hosted proof.
RasaSDK adapter	Passed	2026-06-10	2/2 Rasa lanes passed; shared batch proof covers metadata.name, action_aliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
smolagentsSDK adapter	Passed	2026-06-10	2/2 smolagents lanes passed; shared batch proof covers metadata.name, action_aliases, strict preflight, and zero blocked-path body calls.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
Hosted CI ProofHosted CI	Passed	2026-06-10	2/2 hosted CI vendor lanes passed: GitLab and Vercel.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.
LiteLLMSDK adapter	Credential gated	2026-06-10	Use generic wrapper coverage until a dedicated LiteLLM adapter lane exists.	Open proof	Workflow	Keep wrapper certification passing and upload target proof to Profile when used by a customer.