Reference

Runtime Proof Evidence

Read readiness, dependency exercise, fault controls, and unproved boundaries honestly.

referenceautomation buildersintermediatestable2026-05-30

Use this when readiness is not enough

ota proof runtime proves one selected workflow on a clean runtime boundary.

Its evidence model separates what became reachable from what crossed a dependency seam and what was tested under a declared fault.

  • ok reports execution and readiness success only
  • proof_verdict is the terminal proof-breadth verdict
  • not_proved[] names the claims that remain outside the evidence
  • generic ota up and ordinary receipts do not inherit proof evidence they did not execute
Run marker-bound proof with one controlsh
ota proof runtime --workflow app-proof --negative-control dependency-unavailable --json .

Evidence ladder

  • reachable means Ota owned structured readiness for the selected declared service seam
  • exercised requires a runner-issued marker that a finite observer recovered through the dependency; caller-side traces or a green task are insufficient
  • fault_tested requires a separate declared control, a matching same-obligation failure attestation, and the expected classified failure; an arbitrary non-zero exit is invalid
  • every marker-bound seam retains dependency_output_shaping_not_proved, because seam causality does not prove that the dependency shaped every application output correctly

Contract shape

Declare proof ownership on the workflow that actually executes the runtime path.

The producer belongs to the normal selected closure. The observer and negative control are finite proof tasks, not parallel authorities.

Marker and negative-control declarationsyaml
workflows:  app-proof:    setup:      task: proof:marker-produce    run:      task: app    proof:      seam_observations:        - id: dependency-marker          dependency: dependency          producer_task: proof:marker-produce          task: proof:marker-observe          marker_env: OTA_PROOF_DEPENDENCY_MARKER      negative_controls:        - id: dependency-unavailable          dependency: dependency          obligation: dependency-marker          task: proof:dependency-unavailable          intervention:            kind: dependency_endpoint_override          expected_failure: dependency_unavailable

Read the JSON in this order

proof-runtime.json

Published machine-readable runtime proof schema.

When to use it

Use this to validate proof verdicts, seam evidence, negative controls, and unproved boundaries in CI or agent integrations.

Link

  • read ok for execution/readiness status, then read proof_verdict before making any proof claim
  • inspect proof_scope and every not_proved[] entry before treating the selected lane as broader repo evidence
  • inspect dependency_evidence[] for the level, obligation identity, observation origin, and evidence class
  • treat top-level negative_control as canonical boundary-attested evidence; the nested dependency control is a derived projection and must carry the same attestation digest
  • validate automation against the published proof-runtime.json schema rather than scraping terminal text