Safety drills

The operator drill pack is now browsable.

This page makes the release-adjacent safety drills legible without exposing private operator evidence. It shows the drill families, the public-safe subset, the incident scenarios, and the release gate shape that keeps the line honest.

View JSON drills Release gates
What exists

Drill inventory

The drill pack spans secrets, recovery, supply chain, commerce ingress, and operations.

  • token_rotation: operator_controlled_secret_rotation
  • backup_restore: supabase_runtime_state_recovery
  • dependency_audit: package_dependency_visibility
  • npm_provenance: release_artifact_traceability
  • webhook_signing: external_money_in_gateway_integrity
  • incident_rehearsal: operator_response_memory
Inspectable subset

Public-safe drills

A small subset of drills can be discussed publicly without exposing private evidence.

  • dependency_audit: no unresolved production vulnerability is accepted without an explicit risk note
  • npm_provenance: published package contents match intended files and release tag
Stay bounded

Private drills

The remaining drills stay private because the evidence belongs in operator systems, not public pages.

  • token_rotation: old token rejected, new token accepted, protected ledger and observability routes still work
  • backup_restore: restored ledgers match expected counts and no production endpoint is pointed at the restore target
  • webhook_signing: valid fixture grants once; invalid fixture is rejected; idempotent replay does not double-grant
  • incident_rehearsal: operator can identify surface, isolate blast radius, choose mitigation, and write closure note
What we rehearse

Incident scenarios

The incident scenarios keep the system honest when something bends.

  • hidden_grant_failed: external money-in gateway received funds but xytara credit bridge did not record a grant
  • settlement_delayed: settlement remains pending or ready_for_submission beyond expected window
  • adapter_regression: provider-backed adapter starts returning simulated, failed, or degraded execution results
  • proof_mismatch: xoonya proof verification fails for a result package or external proof import
Why this matters

Release gate

The drill pack is a launch-hygiene artifact. It explains what must be documented before a synchronized release cut.

  • Required drill ids: 6
  • Evidence manifest template: naxytra-security-reliability-drill-evidence-v1
  • Pass condition: all required drills have an owner, cadence, command, done signal, and private evidence manifest before synchronized release

First-run kit · Release kit · Claim · Evidence digest · Release gates

What stays out

Boundaries

The drill page keeps the private operator evidence private.

  • drill_surfaces_document_expected_operations_without_exposing_secrets
  • release_candidate_verification_is_not_a_substitute_for_restore_and_rotation_drills
  • external_money_in_gateways_remain_adapter_bound_not_package_bound
  • xoonya_import_and_anchor_profiles_bind_evidence_without_claiming_external_provider_truth
  • pricing_optimization_matures_from_live_signal_volume_not_static_claims