30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
# Conformance Vectors: Governance Install and Activation v1
|
|
|
|
These vectors verify deterministic governance runtime installation and activation gates.
|
|
|
|
## Vector Set
|
|
|
|
1. `GV-001` install token requires active membership.
|
|
2. `GV-002` install token requires active governance entitlement.
|
|
3. `GV-003` expired install token blocks confirm.
|
|
4. `GV-004` package hash mismatch blocks activation.
|
|
5. `GV-005` runtime version mismatch blocks activation.
|
|
6. `GV-006` valid install confirm yields `governance_active`.
|
|
7. `GV-007` replayed install confirm is idempotent and no duplicate activation side effects.
|
|
8. `GV-008` entitlement revoked after activation forces status `blocked` until entitlement restored.
|
|
9. `GV-009` membership suspended forces status `blocked` regardless of local runtime presence.
|
|
10. `GV-010` unknown entitlement state fails closed and blocks activation.
|
|
11. `GV-011` workspace/org boundary mismatch blocks install token issuance.
|
|
12. `GV-012` availability state `parked` blocks install token issuance and activation.
|
|
13. `GV-013` non-owner principal role blocks governance install/update control paths.
|
|
|
|
## Pass Criteria
|
|
|
|
1. All vectors pass in CI and staging.
|
|
2. Any vector failure blocks release per release gate.
|
|
3. Evidence artifact includes vector id, payload fingerprint, and correlation id.
|
|
|
|
## Fail-Closed Rule
|
|
|
|
Any uncertainty in membership state, entitlement state, install token validity, package hash, signature, or policy hash must block activation by default.
|