AI-Led Agile Software Delivery

Stand up the engagement by capturing the sponsor's brief — the product idea in one paragraph, the target business outcome bound to a single fully-specified success metric, the stakeholder map, typed hard constraints, and an inventory of any provided data/information — and crystallizing it into the ONE run-spanning source of truth: FOUR canonical, versioned, schema-fixed, stable-ID registers that every later brick scores against and extends IN PLACE. The four are (1) the Assumption Register, (2) the Sponsor Question Log, (3) the PRODUCT Objectives & Success-Metric Rubric — the SPONSOR's product-acceptance criteria, explicitly NOT the meta process-design objectives — and (4) the NFR set. The PRODUCT rubric becomes the law every downstream independent-review loop mechanically scores product artifacts against by entry ID, converting later reviews from free-text opinion into scored, evidence-backed pass/fail and killing rubber-stamping at the source. Carry-forward is LAW: requirements_discovery, prd_and_backlog, and all later bricks EXTEND-IN-PLACE these same four registers by ID — they may add or refine rows but MUST NOT spin up a parallel register with a different schema; any new-schema register is a defect caught by lint. Each Assumption Register row names the downstream artifacts that depend on it (downstream-artifact-refs) so a later refuting sponsor answer can cascade-flag exactly those artifacts for re-review — the cascade is EXECUTED by program_health_rollup, named here as the owner of that mechanism; this brick only establishes the wiring (the refs). The continuous-input model holds: the sponsor PROVIDES information and answers questions throughout but NEVER sits in an approval gate; there is no human sign-off. Intake COMPLETES (never waits): it finishes when every rubric/NFR slot is either sponsor-sourced or assumption-filled-and-flagged, emitting an intake-coverage score and honesty receipts (artifact hashes, register IDs and versions, row counts). This brick is not a gate; it is the spine the whole run hangs on. ENTERPRISE-SCOPE-AND-SIZE (Sprint 117): Vela ASKS clarifying questions and captures a 1-10 SIZING score, then scopes the product like an enterprise-application architect — users, access/auth, security, controls, and functional depth/breadth sized to that score. NEVER build something useless for most users: the bar is a product that genuinely does its core job for its intended users (a toy is acceptable ONLY at sizing 1-2).

Before any team or architecture is stood up, run a lightweight, time-boxed viability check on the sponsor brief so effort is never spent on an infeasible or out-of-scope idea. Keystone (architecture/feasibility), with Vela on value and market fit and Cipher flagging any showstopper security/compliance constraint, produces a Feasibility & Viability Memo against the PRODUCT Objectives Rubric and the constraints captured in onboard: technical feasibility, make-vs-buy / build-vs-adopt analysis, a rough order-of-magnitude effort + cost envelope, the top kill-risks, and a single explicit binary recommendation — PROCEED | RESHAPE | KILL. This is a checkpoint, not a study, and NOT a human approval gate: the recommendation is itself routed for a light independent sanity pass once a Verdict reviewer exists. Output feeds discovery only on PROCEED or RESHAPE; a KILL ends the run cleanly with a receipt so no further effort is spent.

Cadence stands up the AI delivery roster as a running organism and commits the Operating System every later brick executes against — not prose policy but a single versioned, receipt-backed Operating-System Charter object whose every claim is checkable. This brick now runs FIRST, before requirements_discovery, so the convergence machinery, Verdict's non-authoring configuration, and the independence-enforcement hook already exist before the first independent review at review_spec_iterate. Concretely it: (1) onboards and PROBES the full roster — Vela (PO), Cadence (SM/Delivery Lead), Keystone (Architect), Mason (Engineer), Lens (Code Reviewer), Proof (QA/Test), Cipher (AppSec), Vector (DevOps/SRE), Iris (UX) — plus Verdict (standing Independent Reviewer) configured as a non-authoring evaluator; (2) publishes a RACI where exactly one AI agent is Accountable per artifact-type and ZERO humans appear in any Accountable or Approver cell (the sponsor is Consulted/Informed only — the continuous-input channel, never a gate); (3) commits machine-referenceable DoR/DoD bound to house law (all automated tests green + a cited receipt before "done"); (4) commits a numeric capacity/WIP model so "fits capacity" is a binary function call; (5) commits the canonical Independent-Review Protocol every downstream review_loop copies verbatim. This version closes the three gaps downstream loops silently assume: it ships a CONCRETE reviewer-independence FALLBACK for when the only holder of a needed lens is the artifact's author (tiered: adversarial red-team sub-persona, escalating to an external evaluator on security-critical artifacts; "same agent, different hat" is forbidden as sole independence on security-critical work); it commits ONE canonical gap-severity taxonomy (Blocker/Major/Minor, material := severity ≥ Major) every loop copies verbatim, retiring the divergent material/minor, critical/major/minor, and material/immaterial vocabularies; and it adds a meta-check so Verdict's own convergence verdicts are spot-checkable by a second independent actor re-deriving ledger rows, so Verdict is not the sole unenforced honesty authority. PROCESS-integrity objectives (autonomy, independence, honesty) are scored against PROCESS bricks separately from the PRODUCT Objectives & Success-Metric Rubric (owned by onboard/Vela) used to score the spec and product. This brick introduces NO human sign-off and asserts nothing it cannot prove with a receipt.

Stand up ONE live, receipt-derived dashboard that rolls every brick's ledger receipts into a single program-wide view of honesty and exposure: every OPEN material gap across all review loops, every flagged assumption still unconfirmed (with its blast radius), and every refuted-assumption auto-flag — and EXECUTE the refute→re-review cascade the run promised. This is a cross-cutting rollup + cascade executor surfaced right after assemble_team so the machinery exists early; it is conceptually owned from that point onward and spans the whole lifecycle. It asserts nothing it cannot re-derive from underlying receipts. Verdict owns it (independently) so the rollup stays honest, and it is the authoritative source review_release_readiness_iterate's pre-go-live assumption gate reads. It is deliberately tight: a rollup and a cascade router, NOT a new review loop.

Now that the Team & Operating-System Charter exists (assemble_team), Vela runs hypothesis-driven discovery against the ALREADY-COMMITTED machinery: the canonical Objectives & Success-Metric Rubric, the run-spanning Assumption Register, the Sponsor Question Log, and the Independent-Review Protocol. Discovery is framed as falsifiable hypotheses about vision, personas, jobs-to-be-done, prioritized journeys, scope, NFRs, data, integrations, constraints, risks, and measurable success; each hypothesis is resolved by a sponsor receipt or by an explicitly flagged Assumption Register row — never by an unsourced assertion. Crucially, Vela does NOT mint a new register/scope/NFR/conflict schema: it EXTENDS-IN-PLACE the canonical onboard artifacts by their stable IDs (adding/refining rows on the same Assumption Register and Sponsor Question Log) and maps every success metric back to a canonical Objectives-Rubric entry ID. The sponsor is a CONTINUOUS, NON-BLOCKING input channel: they seed discovery and answer throughout, but discovery never waits on approval; on silence past the cadence window after N timestamped surfacing attempts, Vela proceeds on a logged, default-valued, FLAGGED assumption and surfaces it at the next review. Every FR carries a stable ID, priority, provenance source, and a binary acceptance criterion; every NFR carries a numeric threshold (number+unit+condition) or an explicit "N/A because…". This is a kind=work authoring brick: its sole output is the requirements record shaped to feed the downstream review_spec_iterate loop — it does not gate, approve, or sign off anything. "Done" is exactly when the binary completeness checklist passes, and that checklist result IS the receipt.

Synthesize the confirmed discovery requirements into a decision-ready Product Requirements Document plus a prioritized backlog of INVEST stories, each carrying machine-checkable acceptance criteria, a MoSCoW priority with a one-line value/effort (cost-of-delay) justification, a rough size, and an explicit MVP cut with a stated hypothesis and the single metric that will validate it post-launch. This brick is AUTHORING (kind=work): its job is to produce an artifact engineered to be FALSIFIED by the downstream independent review_loop, not admired. It consumes the upstream discovery record (requirements.json: stably-ID'd functional requirements and NFRs tagged confirmed-vs-inferred) and never invents unsourced requirements. CRITICAL CHANGE FROM PRIOR VERSION: this brick does NOT fork its own parallel assumption or NFR registers. It EXTENDS-IN-PLACE the single canonical, run-spanning Assumption Register opened in onboard (and enriched in requirements_discovery) BY ID, and the single canonical NFR/cross-cutting set in requirements.json#/nfrs BY ID. Any assumption this brick raises is added as a new row in that one canonical register using the SAME assumptions-as-liabilities schema declared in onboard {id, statement, criticality, blocks_bricks[], confidence, status, raised_to_sponsor, revalidation_trigger} PLUS the shared liability fields {owner, question_asked_to_human (= the Sponsor Question Log entry), default_on_silence, blast_radius, falsification_test}; there is exactly ONE assumption schema across the run, not a prd-local variant. Likewise any new NFR/cross-cutting requirement is appended to requirements.json#/nfrs under a stable NFR-ID with {numeric target+unit+condition, named verification method, owning brick/agent}, never re-declared in a prd-local NFR register. The human (sponsor) is a CONTINUOUS input channel surfaced through the canonical Sponsor Question Log, but is NEVER a sign-off gate: where the sponsor is silent the team proceeds on an explicit, flagged canonical-register assumption. The brick is "done" only when a machine-generated prd_lint receipt is green over the CANONICAL artifacts (zero OPEN requirements, every story has >=1 testable AC, every NFR has a numeric target + named verification method + owning brick/agent, zero orphan requirements, zero owner/falsifier-less assumptions, AND zero schema-fork violations: zero assumptions outside the canonical register, zero NFRs outside requirements.json#/nfrs) and the review-ready package has been emitted to the following review_spec_iterate brick. Every claim of self-bar passage is backed by the lint JSON receipt, never asserted.

Replace the legacy requirements human-sign-off gate with an AI-owned independent-review-and-iterate loop that converges only on evidence. A panel of NON-author agents — Verdict (objectives coverage + bidirectional traceability + adjudication), Keystone (feasibility), Cipher (security/privacy/abuse-case completeness), Proof (testability of every acceptance criterion), Iris (UX completeness) — plus an adversarial red-team pass critiques the PRD/backlog line-by-line against a single FROZEN, VERSIONED review rubric derived from the 7 process objectives. Every gap (including every red-team finding) becomes a first-class GapLog entry with reviewer-owned severity; Vela fixes; the loop re-reviews (delta on changed sections PLUS regression that prior SOLID verdicts still hold against the new artifact hash). The loop converges ONLY when open material gaps (severity >= major) == 0 AND every panel reviewer and the red-teamer record a receipt-backed SOLID verdict bound to one final artifact version+hash, with both traceability matrices complete. The human sponsor is NEVER an approval gate: when a gap needs human-only information the team logs an open question to the sponsor AND proceeds on an explicit flagged assumption recorded in an assumption register, so the loop never stalls into a de-facto human gate. Vela may not review her own PRD; no reviewer may have authored or co-authored the PRD or a parent artifact it derives from. This brick is the canonical template every downstream review_loop brick (architecture, sprint-plan, sprint-accomplishments) copies, so independence, receipts, and mechanical convergence are set here.

Keystone designs the solution that provably satisfies the PRD and every NFR: C4 views (context/container/component), a trust-boundary-annotated Data Flow Diagram, a justified tech stack, the data model, integrations, multi-tenant isolation model, feature-flag/progressive-delivery as a first-class decoupling capability, design-for-observability, and ADRs for every one-way-door decision. The backbone is falsifiable: every NFR is bound to a measurable target, a verification method, and a named test/probe id, with dominant NFRs and their trade-offs recorded as ADRs. Cipher produces a design-time STRIDE threat model anchored to the DFD trust boundaries — a Threat Coverage Matrix with zero blank cells (every container/flow x every STRIDE+agentic category is either a mitigation-with-id or an explicit accepted-risk-with-owner), covering prompt-injection, output-safety, data-exfiltration, tenant-isolation, and honesty-gate-coverage — plus a privacy-by-design artifact (data classification, PII inventory, retention/deletion, encryption at rest/in transit, DPIA where in scope) and a path-by-path Honesty-Gate Coverage Inventory that closes every bypass with a capability+receipt design decision (never a regex hook). Iris contributes the experience architecture and key flows. This brick AUTHORS the artifacts and proves them internally consistent and complete; it does NOT confer "solid" status — that is conferred only by the downstream Verdict-led independent review-and-iterate loop (a separate brick) staffed by agents who did NOT author this work. Where the sponsor is silent, the team proceeds on explicit flagged assumptions surfaced to the continuous human-input channel, never blocking on approval.

Vector, Cadence, and Cipher author the foundational design for how the product is built, shipped, and run — and prove the security-critical controls are ENFORCED, not merely documented. Vector owns environment strategy, IaC topology, observability (logs/metrics/traces/alerts), backup/DR, deploy strategy + rollback, and the FinOps envelope; Cadence consolidates the end-to-end engineering process and the CI/CD pipeline with BLOCKING merge gates (tests pass + SCA/SAST/secret-scan pass + independent review approved before any merge); Cipher sets the security baseline, the secure-SDLC toolchain (SAST/DAST/SCA), the ASVS target level, and the supply-chain provenance controls (SBOM, dependency hash-locking, base-image/container scanning, signing + SLSA/in-toto attestation). The brick is explicit about the gap between DESIGNED (topology/policy documented) and ENFORCED (a negative-control receipt proves the gate actually blocks): no control is "solid" until a deliberately-failing case is shown to be rejected. This is a Phase-3 foundation every later sprint depends on, so the pipeline and gates exist before any sprint attempts a merge. The human sponsor is a continuous INPUT channel — cloud/region, cost ceiling, compliance regime, data classification, and on-call expectations are pulled as questions; where the sponsor is silent the team proceeds on an explicit flagged assumption recorded in the brick, never on a human approval gate. Every "pass/done/enforced" claim cites a receipt (run URL, scan report, SBOM hash, drill log, deploy-gate rejection); an un-receipted claim is treated as not done. The brick converges only when all binary criteria are green, the security-critical gates are in the ENFORCED state with negative-control receipts, sponsor-input questions are answered or flagged-assumption-recorded, and the paired independent-review loop (Verdict + adversarial Cipher/red-team + Keystone) logs zero open material gaps in a signed convergence verdict.

Replace the former human architecture sign-off gate with an AI-owned independent-review-and-iterate loop that converges ONLY on re-checkable evidence, never on a reviewer's say-so. A panel of NON-authors — Verdict (standing independent evaluator) plus cross-discipline specialists reviewing OTHERS' artifacts (Mason on buildability, Vector and Cipher cross-reviewing each other's infra/security lenses, Proof on testability, Iris on UX-architecture fit) — plus an adversarial red-team STRIDE "break-the-design" pass, validates the whole Architecture/Infra/Process/Security plan against BOTH the Objectives rubric AND the upstream PRD/NFRs. The loop is structurally and procedurally independent: reviewers receive artifact+rubric only (never the author's self-grade), file findings blind-first before cross-reading, and disagreement is preserved not averaged. Findings are classified with the canonical assemble_team Independent-Review-Protocol severity taxonomy verbatim — Blocker / Major / Minor — and convergence is a binary state over an append-only gap-ledger: zero open Blockers, zero open Majors, every Minor accepted-with-written-rationale, plus one clean stabilization pass where the latest fixes introduced zero new gaps. Cap behavior is HARD-STOP-CONSERVATIVE for Blockers, matching the security/go-live bricks: Major and Minor gaps unresolved at the iteration cap may proceed-on-a-flagged-assumption, but an unresolved BLOCKER (a one-way-door decision OR an unmitigated security/privacy control) at the cap does NOT proceed on an AI assumption — the plan does NOT advance past that specific Blocker until it is resolved in a later evidence-backed iteration OR a human explicitly, non-AI-grantably risk-accepts it; silence defaults to does-not-advance, never auto-accept. Where the only available reviewers for an artifact are its own authors (e.g., Cipher/Vector reviewing a security/infra artifact they co-authored), the assemble_team independence fallback is invoked: a red-team sub-persona or external-evaluator escalation supplies the non-author lens so no artifact is certified by its author. Every NFR target, STRIDE mitigation, and one-way-door ADR acceptance must cite a concrete basis (benchmark, vendor SLA, prior-art, named control + location in the container model) or be tagged ASSUMPTION; the red-team must attempt to DEFEAT each claimed mitigation, so coverage counts cannot be checkbox-gamed. Keystone (and the other authors) sit on the FIX side and iterate until SOLID. The convergence verdict is itself a receipt — enumerating every rubric line, NFR, ADR, and STRIDE cell with pass marker + evidence pointer + raising-reviewer identity + iteration number — so a meta-auditor or Aseem can spot-check any three rows and catch a fabricated "all pass."

Cadence and Vela carve the reviewed MVP spec into a value-sequenced set of sprints — quick wins first to prove the system and de-risk, foundational and strategic bets sequenced behind their prerequisites — where every in-scope spec/PRD requirement maps to exactly one sprint (full coverage, zero orphans, zero double-maps), each sprint has a single demoable goal, a named story set, an explicit capacity/velocity assumption, and a defined entry/exit, and every cross-sprint and external/human-input dependency forms an acyclic, time-consistent graph (each producing sprint precedes its consumer). The requirement-to-sprint coverage matrix is not a throwaway table: it is declared as the Release-Scope Register — the single, NAMED, VERSIONED, single-location, AUTHORITATIVE-and-MUTABLE record of release scope from which sprint_retro's Scope-Burndown and Done-Done receipts are DERIVED (never re-typed), and which is RE-SEQUENCED-IN-PLACE (new version) after each sprint's accomplishments-vs-goals review. This register is the explicit owner of release scope, which is precisely what makes the outer sprint-loop exit deterministic: the loop's PROCEED/LOOP decision reads the register's current version, so there is exactly one place that says what release scope is and whether it is exhausted — closing the unspecified-owner gap that otherwise makes the outer-loop exit non-deterministic. Risks are owned and placed — each carries likelihood/impact, a named owning agent, and either a mitigation that lands in a specific sprint or an explicit accept-decision — and are written into the program RAID log rather than a throwaway list. This is a reviewable PLANNING artifact, distinct from the engineering bootstrap: it answers "what we build, in what order, and why that order" — never "how we stand up the repo/CI." Because the plan's completeness claims (100% coverage, acyclic graph, every risk owned-and-placed, register is the single authoritative source) are checkable receipts, the brick ends in a LIGHT but unfalsifiable independent review-iterate pass: an independent panel that did NOT author the plan (Verdict lead, plus Keystone for architecture-vs-dependency consistency and Proof for per-sprint demoability/testability) runs a binary checklist, logs material gaps, Cadence/Vela fix, and the loop iterates until zero open material gaps remain and a convergence verdict is recorded citing the specific receipts. The sponsor is a continuous input source for priority and data/access availability — surfaced as questions, never as an approval gate; where the human is silent the team proceeds on an explicit flagged assumption. The plan is a living instrument re-sequenced after each sprint's accomplishments-vs-goals review, closing the lifecycle loop through the register.

Before a single feature is built, prove the production delivery road exists and is honest-by-receipt: a trivial change must traverse build -> tests -> SAST/SCA/secret-scan -> SBOM(attested) -> deploy(dev/test) -> post-deploy smoke, with EVERY gate wired as a REQUIRED, BLOCKING status check on a protected branch, evidenced by an immutable CI run ID. The done-condition is artifact-anchored, never asserted: the brick is only complete when BOTH a green-path receipt (the good trivial change passes all stages) AND five red-path receipts (each of five planted-defect changes is independently BLOCKED with a failing run ID) are attached. This brick also stands up the honesty-architecture substrate the entire downstream process depends on — a receipt/ledger store and receipt schema (run ID, git SHA, gate verdicts, scan summaries, SBOM digest, reviewer verdict) so every later "done/passed/live" claim has an honest place to anchor. Vector owns the pipeline + environments + deploy/rollback; Mason owns the repo skeleton, coding standards, and machine-readable test harness; Cipher owns SAST/SCA/secret-scanning + attested SBOM + CI identity/secrets hardening; Iris establishes a versioned design-system baseline wired into the same blocking CI. Critically, Vector does NOT get to declare the pipeline "enforced": the brick feeds a paired Independent Review & Iterate loop (Verdict + non-author specialists + an adversarial red-team merge attempt) that converges, with evidence, on a verdict before Sprint 0 closes. Where the human's brief leaves choices open (cloud target, language, severity thresholds), the team proceeds on an explicit, flagged assumption logged as a receipt and surfaces it to the human as input — never blocking on approval.

Open the iterative delivery loop for one sprint by authoring a tight, evidence-backed sprint plan that a top engineering org would actually commit to — then hand it to the independent sprint-plan review loop before any build begins (no human sign-off; the panel's convergence verdict is what authorizes build). Cadence (Delivery Lead) and Vela (Product Owner) pull the highest-priority Ready stories that pass the Definition of Ready, agree exactly ONE measurable sprint goal, decompose stories to tasks, size the commitment against the team's defined AI-team capacity/WIP (concurrent workstreams + review-loop budget + merge/integration throughput, NOT human story-point velocity), and confirm at least one testable acceptance criterion plus a named test approach per story. Every committed story traces back to a PRD/spec item and forward to a test approach, so no orphan or creep work enters the sprint. Sprint dependencies and risks are captured in a register with an owner and need-by date (or flagged blocked) per item. This brick is the loop-entry point: it repeats on each outer iteration through the sprint-increment review, re-pulling Ready stories and re-planning against updated velocity/learnings, and the outer loop exits only when release scope is delivered. Planning surfaces open scope/priority questions to the sponsor as a continuous input channel and, where the human is silent, proceeds on an explicit flagged assumption recorded in the plan — it never blocks on approval.

Stop a whole sprint from being burned on a bad plan by validating the committed sprint backlog and goal BEFORE execution starts — through a bounded, evidence-producing independent-review loop, not a human sign-off. A NON-AUTHOR panel — Verdict (independent evaluator, runs an adversarial pre-mortem), Proof (testability of every acceptance criterion), and Keystone (dependency/feasibility/staffability) — scores each committed story line-by-line against the pinned, versioned Definition-of-Ready rubric (owned by Cadence, who commits the canonical DoR in assemble_team), the release plan, and the seven Objectives, returning structured per-story findings classified on the canonical Blocker/Major/Minor severity taxonomy. Cadence (Delivery Lead) and Vela (Product Owner) authored the plan and own the fixes; they revise, the panel re-reviews, and the loop iterates to a binary ConvergenceVerdict: 0 open Blockers AND 0 open Majors AND every Minor accepted-with-written-rationale, with one clean stabilization pass that introduced zero new gaps. The loop is bounded at 3 rounds; on non-convergence the specific unresolved disagreement is surfaced to the sponsor as a NON-BLOCKING input question and the team proceeds on an explicit flagged assumption carried as a sprint risk — never a human gate. Convergence is a durable, re-derivable receipt (panel roster with non-author attestation, per-story pass/fail ledger, capacity arithmetic, append-only gap log with severity, pre-mortem outcomes, flagged-assumptions/risk list), and those assumptions+risks are emitted as the explicit checklist the end-of-sprint accomplishments-vs-goals review must later validate. No claim of "meets DoR / testable / fits capacity / converged" is accepted without its re-derived receipt.

The autonomous build core, run once per story and iterated until each story is "solid." Mason implements the story (test-driven where apt) on a short-lived branch; Iris delivers the UX/UI; Proof writes/extends automated tests across the pyramid (unit/integration/e2e) and owns the acceptance tests so results are not self-marked by the implementer; Cipher runs SAST/SCA/secret-scan per change under a defined severity+waiver policy; Lens performs evidence-backed code review where the reviewer is provably NOT the author of the change. The brick exists to emit re-derivable, outcome-keyed RECEIPTS that the downstream sprint-review loops re-derive from — so it must not repeat the platform's own confessed sins: the merge gate here is BLOCKING (a required, non-overridable status check that returns non-zero and stops the merge on any failing condition — never the nightly exit-0 pattern flagged P0 in docs/honesty-architecture.md), and every receipt is keyed on the CI run_conclusion=='pass' so a RED run can never pose as proof (mirroring the email.sent outcome-filter fix). A story is "solid/converged" only when a binary merge predicate holds: all Definition-of-Done items green, coverage AND new-diff-coverage thresholds met, mutation/assertion guard satisfied, zero open High/Critical scan findings, and an evidence-citing Lens approval from a non-author. Independence and honesty are enforced by provenance metadata on the receipt, not by honor; Verdict (independent_reviewer) periodically re-derives a sample of merged-story receipts to confirm the loop was not rubber-stamped. When a story is materially ambiguous mid-build, the team surfaces a question to the sponsor and proceeds on an explicit FLAGGED ASSUMPTION recorded on the story — it never blocks on human approval.

Close out each sprint with an honest, receipt-backed closeout that claims ONLY what a re-resolvable receipt proves: the working increment demoed against the IMMUTABLE sprint goal, every story marked accepted or rejected with the binary acceptance check and the test/scan/demo receipt that settles it, and the quantitative state of the sprint (test pass + coverage delta, security findings, DORA, cost/FinOps) each linked to its source run. The goal-vs-actual delta is computed against the sprint-plan brick's committed goal+story set referenced BY ID (never restated or silently descoped), and every mid-sprint scope change is itemized with its receipt. Cadence authors the closeout but does NOT certify it: the draft is handed to an independent review-and-iterate loop (Verdict + Proof/Cipher/Vector/Vela lenses + one adversarial red-team pass) that re-fetches every receipt and adversarially tests the gap between each sentence and what its receipt actually proves; the closeout is final only on a logged panel verdict of zero open material gaps with the gap-log attached as the convergence receipt. The brick absorbs the legacy human-gated Review stage and the separate Learn/retro stage into one AI-owned artifact — there is NO human sign-off; the sponsor is a continuous input channel (open questions surfaced, answers folded in, silence handled by explicit flagged assumptions). It carries an honest missed-goal path (partial increment + blocking receipts, no optimistic narrative) and a next-sprint proposal that traceably carries forward every rejected/carried story, new risk, and human input.

This is the sprint-level Truth Gate for the delivery process itself: it replaces the recurring human sprint-review sign-off AND kills the deepest anti-pattern in AI-run delivery — the author grading its own homework. Verdict (the independent evaluator), joined by specialist lenses who did NOT build the increment, independently RE-DERIVES every "done" claim from source-of-truth: it pins the exact git SHA, checks out clean from source control (never the author's working tree), re-runs the suite under its OWN run IDs, re-reads scan output, and replays each story's demo against its acceptance criteria — never accepting Cadence's or Vela's summary. For every claimed-done story it proves the increment is real, not asserted: new tests fail on the pre-change SHA and pass on the post-change SHA, no new skips/xfail, coverage delta meets threshold, suspect tests survive an N-times flaky re-run, security/non-functional DoD slices (scan, migration/rollback, perf/a11y where relevant) are re-checked, receipt rows show outcome==success, and at least one negative/failure path per story is probed. It red-teams for hidden, skipped, and concealed misses; verifies accomplishments against BOTH the sprint goal AND the Objectives rubric; and converges only when an independent panel agrees there are zero misrepresented-status findings and zero open material gaps. The loop has explicit convergence control (material-vs-immaterial gap definition, iteration budget, deadlock rule) so it neither rubber-stamps nor loops forever; non-convergence routes to the continuous human-INPUT channel as a question plus a flagged assumption or descope — never an open human approval hold. Any caught misrepresentation seeds a permanent honesty-regression case so the loop becomes a hardening immune system, and the whole verdict is written to an append-only, re-auditable ledger so the convergence claim is itself receipt-backed. Re-prioritization for the next sprint is an AI decision informed by the human-input channel — no human gate.

This is the loop-closing brick of the Sprints phase and does four jobs at once: (1) Cadence runs a disciplined retrospective that first verifies whether the PRIOR sprint's improvement actions were actually done (with evidence) and only then logs 1-2 new improvement actions, each with an owner and a next-sprint verification signal; (2) Cadence refreshes the capacity/DORA and cost/FinOps trends where every number cites a provenance receipt (CI/CD run IDs, deploy logs, incident records, token/cost-meter exports) — no hand-typed metrics; (3) Vela refines and re-prioritizes the backlog against the sponsor's latest input (a pure INPUT channel), running a bounded review_loop until the candidate next-sprint set is "solid"; and (4) the brick produces the BINARY phase-exit decision — loop back to Sprint Planning vs. proceed to Hardening — as a deterministic function of two receipts, NOT a judgment call. Crucially, the Scope-Burndown receipt (what release-scope work remains, sized) and the Done-Done receipt (every release-scope item in terminal state) are both DERIVED FROM the release_plan release-scope register — declared here the single authoritative MUTABLE register of record (the release_plan's value-sequenced sprint list + requirement-to-sprint traceability matrix, re-sequenced after each sprint). Because both exit receipts read from one owned source rather than re-typed ad-hoc lists, the exit predicate is deterministic against a single owned source: an item is in scope, done, or remaining only as the register says, so no "ghost" scope and no quietly-forgotten item can swing the decision. Neither Cadence (who authored the retro/metrics) nor Vela (who owns the backlog) adjudicates convergence or the exit: Verdict (independent_reviewer, who authored neither) independently validates both that the refined backlog is solid and that the exit verdict is correct given the evidence, free to disagree, and the loop closes only on Verdict's documented convergence verdict. The exit reads the Scope-Burndown receipt (register-derived remaining items, sized) and the Done-Done receipt (each register item in terminal state with merge SHA + Lens verdict + Proof test IDs + Cipher scan + demo link), gated by a quality precondition (zero open P0/P1 defects unless explicitly accepted into hardening, no quarantined tests hiding failures, change-failure-rate not regressing): scope-remaining non-empty → LOOP; scope-remaining empty AND done-done clean AND quality-gate green → PROCEED. The human is never an approval gate; their input feeds re-prioritization and they may be asked questions. The anti-deadlock rule is bounded and honest: on sponsor silence, wait a bounded window, log a flagged assumption to the RAID/assumption register with owner + revisit trigger, and proceed — EXCEPT any re-prioritization that drops or deprioritizes a sponsor-requested scope item may not be silently assumed; it holds at prior priority and is surfaced as a question until answered, so "never block" never becomes "silently steer away from the sponsor's brief."

On a frozen release candidate, Proof runs the full quality pass that goes beyond per-sprint testing: end-to-end regression across the full suite plus every fix's targeted regression and the escaped-defect set; performance/load measured against the NFR numeric targets inherited (read-only) from the phase-1 PRD and phase-3 architecture NFR register; accessibility conformance to a named bar (WCAG 2.2 AA) via automated scan AND assistive-technology pass; the defined cross-browser/device/platform matrix with a per-cell verdict; a confirmation that the security gate is GREEN for THIS exact build; and UAT run as a continuous human INPUT channel (the sponsor exercises real scenarios and reports observations that become triaged defect IDs — never an approval gate). All results are captured as an evidence bundle of receipt-backed numbers (CI run IDs, p50/p95/p99 + RPS + error rate, scan output files, matrix grid, defect tickets) bound to a single commit hash; the verdict is COMPUTED from those receipts, never narrated or assumed. Defects are triaged against a binary severity rubric; release-blockers are fixed AND re-tested. The pass condition is binary: zero open blocker-severity defects, all evidence-bundle receipts green, NFR targets met at p95/p99 under a named production-scale load profile, accessibility clean on both tracks, security green, and the candidate frozen at a named commit. Because this verdict is itself a major build artifact and gates deploy, it does NOT stand alone: the immediately-following companion review_loop brick routes Proof's verdict through an independent panel (Verdict + adversarial Proof red-team + Cipher) so Proof never grades its own homework.

Prepare and prove — not merely assert — that any data migration, seed load, reference-data load, search-index/cache rebuild, or backfill required at go-live will execute safely and correctly against real production data. Vector authors and runs the migration artifacts, but under the no-human-sign-off reframe the ONLY thing standing between a self-graded "counts match" report and an irreversible data-loss event is an independent receipt-checker; therefore this work brick hands its evidence to an independent verification loop (Verdict + Proof + Cipher) who reproduce the reconciliation, reversibility, and security evidence themselves and iterate with Vector until no material gap remains. Readiness must cover the four pillars done honestly: (1) idempotency PROVEN by re-running the migration twice and after a simulated mid-run kill with identical end-state hashes; (2) a dry-run against a certified production-REPRESENTATIVE dataset (real volume, skew, encodings, nulls, orphans, known-dirty legacy rows) provisioned through a tenant-isolated, PII-controlled path; (3) multi-signal reconciliation (row counts + key-column checksums/hash-totals + referential-integrity + sampled record-level diffs + business invariants), not COUNT(*) alone; and (4) an honest data-layer recovery story — an explicit reversibility classification, a verified pre-cutover backup/snapshot with a PROVEN restore drill, and either a rehearsed rollback OR a tested restore-plus-forward-fix runbook. The brick also measures runtime/lock-impact versus the cutover window, proves resumability, records a big-bang-vs-expand/contract decision, surfaces migration-semantics questions to the sponsor as continuous input, and defines a post-cutover hypercare reconciliation canary. The skip path (product genuinely has no migration/seed/reference/index/cache backfill) is permitted only when an independent reviewer confirms the emptiness with a logged verdict — it is not an unchecked self-note.

Produce the authoritative, evidence-backed security go/no-go for the release candidate (RC) — the decision that REPLACES a human security sign-off — such that a real CISO would accept it because the receipts, not the assertions, carry it. Cipher leads a four-stage flow on the EXACT RC artifact (pinned commit + built-image digest): (1) refresh the threat model (STRIDE per trust boundary, attack-trees) and author a scope-of-record that an independent reviewer approves BEFORE any testing, so scope cannot be drawn to dodge the dangerous surface; (2) execute the full battery — SAST, DAST, SCA, secret-scanning, SBOM/provenance, ASVS-level control verification, compliance/privacy + per-tenant isolation tests, a concrete agentic/LLM attack suite (OWASP LLM Top 10 + Flowtely's own known sinks: prompt injection direct/indirect, tool/capability/confused-deputy abuse, cross-tenant/cross-flow exfiltration, responder-injection, Truth-Gate/Faithfulness-gate bypass, secret egress via model output), and a regression golden-set seeded from real prior incidents — every run emitting a receipt (tool+version, ruleset hash, target digest, finding IDs); (3) remediate-and-RE-TEST in an iterate-until-clean loop where Mason fixes and Cipher re-runs the specific check against the patched build, closing a finding only on a find→fix-commit→retest receipt; (4) submit the Security Verdict of Record to an INDEPENDENT review-and-iterate loop where Verdict plus an adversarial red-team (agents who did NOT run the assessment) challenge scope, severity ratings, and every "fixed/closed" claim, attempt to re-exploit a sample of declared-closed findings and scope-excluded surfaces, log material gaps, and iterate until they converge that the objectives are met. The verdict is binary and binding: GO requires 0 open high/critical, every blocking finding retest-verified by receipt, the assessed digest unchanged, and panel convergence; a no-go routes back to the sprint loop with the findings register as input. The human (sponsor) is a continuous INPUT channel for residual-risk grey zones and business context (e.g., "this endpoint is internal-only"), never an approval gate — and silence never converts a true critical into a pass.

Vector makes production real: provision and finalize prod infrastructure entirely via IaC, configure scaling, runtime-resolved secrets, backups/DR, and observability (dashboards, alerts, on-call), then produce a versioned, reproducible, signed and provenance-attested (SLSA/in-toto) release artifact with a published SBOM and release notes, plus a deployment runbook and a rollback procedure exercised in staging. Crucially, this brick must never self-certify: every "done" claim (reproducible, signed, attested, rollback-safe, DR-restorable, alerts-fire, secret-free, parity-matched) is converted from prose into a machine-checkable receipt, and an INDEPENDENT panel (Verdict as independent evaluator + Cipher for AppSec/supply-chain, neither of whom authored the release) RE-EXECUTES the proofs — independent rebuild-and-hash-compare, re-running provenance/signature verification, re-scanning the SBOM and secrets, and replaying the rollback/DR/alert drills — rather than reading Vector's summary. The brick terminates in a single Release-Readiness Record linking every receipt with the panel's evidence-based convergence verdict ("solid: no open material gaps") that is independently reproducible from the receipts; a criterion with no machine-checkable receipt is automatically a FAIL, and the loop iterates (Vector fixes, panel re-verifies) until no material gap remains. Where real prod inputs are absent (cloud account, prod DNS, DR region, compliance scope), the team proceeds on an EXPLICIT, FLAGGED assumption surfaced to the human as a non-blocking question rather than blocking on approval, and Verdict confirms no fake-prod assumption is silently load-bearing. DELIVERY-PACKAGE ADDENDUM (Sprint 117): the packaging output is a SELF-DEPLOYING PACKAGE per the deploy.md standard — a fresh Claude must be able to deploy it from deploy.md alone.

Prove the delivered package is REAL: a fresh, ZERO-CONTEXT Claude Code session, in an isolated clean workspace containing ONLY the package, executes the package's own deploy.md — installs, runs the test gate, starts the service, health-checks, runs a feature smoke test, and verifies persistence — escalating to the human sponsor ONLY for declared inputs (secrets) it cannot supply. The receipt-backed verdict (DEPLOYED-AND-VERIFIED or FAILED at step N) bound to the package hash is what gates release; a FAIL routes the defect back into the build loop. This is the operational proof that replaces self-graded test claims (run 6a4bd141 failed exactly here). Canonical contract: docs/standards/clean-room-verification-brick.md.

This terminal brick replaces the retired human go-live sign-off with an independent, adversarial, receipt-anchored review loop that is the last defense before irreversible production impact. Verdict (lead) plus a red-team that authored none of the upstream artifacts independently RE-VERIFY the four upstream independent-review verdicts — Proof's quality verdict, Cipher's security verdict, Vector's infra/rollback/data-migration readiness, and the independently-reviewed accessibility/privacy NFRs — by REPRODUCING each one's underlying receipt (re-run the suite by run ID, recompute open high/critical from raw scanner output, replay the staging rollback dry-run, re-run the migration reconciliation), never by reading an upstream GREEN summary. The loop consumes and does not redo upstream judgments, but it trusts nothing it has not personally reproduced and bound to the exact shipped commit SHA. The red-team's explicit job is to find a reason NOT to ship: re-adjudicate every downgraded defect/finding, hunt stale or mismatched or failure-outcome receipts, and attempt to break the conservative NO-GO default. This brick also closes the program-long assumption-drift gap: no HIGH-blast-radius flagged assumption may ride 'open' into production — GO requires every HIGH-blast-radius entry in the canonical Assumption Register (sourced from the program_health_rollup) to be in a terminal state (CONFIRMED, REFUTED-and-handled, or EXPLICITLY-ACCEPTED-AS-RISK by a logged human owner, never AI-self-granted). Convergence is gap-gated and evidence-based: GO is impossible while any logged gap is open OR any HIGH-blast-radius assumption is open, requires at least two concurring independent reviewers plus a red-team that found no ship-blocker, names the exact tenant instances it covers, and emits a closed-loop post-deploy smoke + monitoring-window spec to hypercare; the gate stays open until live verification (deploy_go_live_verify) closes it. The only legitimate human touch is a narrow, logged, human-owned ESCALATION to risk-accept a critical finding or a HIGH-blast-radius assumption or make an irreversible/legal call — non-blocking, never AI-self-grantable, and on silence within the window the team defaults conservatively to NO-GO / not-risk-accepted with the assumption flagged.

Vector executes the approved production deployment of the EXACT hardened, scan-clean artifact handed off from Phase-5 packaging — same git hash, same SBOM, same gate-passing build — using the safe-deploy strategy (canary/blue-green) with feature flags decoupling deploy ("artifact running, dark") from release ("flag flipped to users"), so a "deployed" receipt and a "released" receipt are distinct. Before a single byte ships, a binary pre-flight must be green: artifact-hash equals the upstream-approved hash, the honesty/security/brand gates in safe-deploy.sh re-run and PASS with captured receipts, a rollback DRILL has been actually exercised in staging this release (proven, not asserted), and DB migrations are confirmed expand/contract backward-compatible (or explicitly flagged not-rollback-safe with handling). Vector then promotes to a named canary cohort and observes a bake window against named auto-abort thresholds (error rate, p95 latency, 5xx, guardrail-incident count, business success-metric); a breach inside the window triggers AUTOMATIC rollback within the rollback SLO plus a receipt — no human in the loop. Every sub-claim a go-live rests on ("artifact is the approved one", "rollback works", "smoke passed", "health green", "metrics in budget") is written as an immutable go-live ledger receipt with outcome=success verified (guarding against success-receipts-written-on-failure), and the human is an INPUT channel (timing/blackout/comms): questions are surfaced, silence is handled by an explicit flagged assumption logged in the receipt, never a block and never a silent override of a stated constraint. Critically, this brick NEVER self-attests "live and healthy" — it executes the deploy, runs the independently-authored smoke/health checks, and emits the go-live receipt + hypercare handoff package; the "go-live succeeded" verdict is emitted ONLY by the downstream independent review_loop (deploy_go_live_verify: Verdict + Proof + Cipher, adversarial red-team) re-producing the evidence from a clean vantage, so a false "go-live succeeded" is structurally unsayable.

Independently RE-DERIVE the live production evidence from a clean vantage against the exact shipped SHA and issue the single binary "go-live succeeded | rolled-back" verdict, closing the GO gate that review_release_readiness_iterate deliberately left open until live verification. A panel that did NOT run the deploy — Verdict (lead, independent evaluator), Proof (QA), Cipher (AppSec), plus an adversarial red-team pass — re-runs independently-authored post-deploy smoke/health checks, recomputes live error-rate/p95/5xx/guardrail-incidents against the NAMED auto-abort thresholds, confirms the artifact hash in production equals the approved hash, and performs the LIVE Honesty-Gate Coverage check that no design brick closed: every action path in the architecture's Honesty-Gate Coverage Inventory must be verified ACTUALLY receipt-covered in production (the confessed P0: gate wired at one endpoint, in-app/internal paths bypass). The verdict is emitted as a ledger receipt; a false "go-live succeeded" is structurally unsayable because the issuing brick re-derives evidence rather than reading the deployer's summary. Human input is non-blocking and limited to business-context grey zones.

For a defined, bounded post-launch window, the AI delivery team (Vector lead, on-call) runs heightened, receipt-backed operations to prove the live system is genuinely stable before handover — not merely asserted stable. Vector confirms a binary window-START readiness gate (monitoring timer active, alert routes test-fired to on-call, dashboards/logs queryable, synthetic/health checks green, AND — because the delivered product is itself agentic — the operate-phase eval/LLMOps harness wired: golden eval-set version pinned, a baseline eval run green, drift/output-quality monitors live — each with a receipt) before declaring the window open, then operates against a PRE-FROZEN SLO/SLI + error-budget contract (from the architecture/infra brick), a PRE-FROZEN success-metric definition (Vela's query + data source), AND a PRE-FROZEN agentic quality/honesty golden eval-set + pass thresholds — none of which may be redefined mid-window to manufacture a pass. Every incident is classified on a Sev-1..Sev-4 taxonomy with MTTA/MTTR targets, escalation, and a mandatory blameless postmortem (action items tracked to closure) for every Sev-1/Sev-2; an eval regression or honesty-golden-set failure or material output-quality/model drift is a first-class Sev-classified incident, not a footnote. Because the system being operated is agentic, this brick owns ongoing LLMOps as a first-class operate-phase concern: continuous evaluation of the live model/prompt configuration against a maintained eval set, regression detection on the agentic quality/honesty golden-set, drift and output-quality monitoring of model outputs, and eval-set maintenance — with EVERY such claim receipt-backed (eval run id, eval-set version/hash, pass count, regression count) and any regression raised through the SAME gated hotfix pipeline. This goes BEYOND the per-sprint honesty-regression seeds (which are point-in-time, build-gate checks) and beyond FinOps cost-trend tracking: it is sustained operate-phase model-quality assurance on production traffic. Hotfixes flow ONLY through the SAME gated pipeline (Mason build / Lens review / Proof test / Cipher AppSec / Vector deploy) and each ships a complete RECEIPT BUNDLE (reproduced failing test/eval → green, Lens approval id, Cipher scan, post-deploy health 200, post-fix eval re-run where AI behavior changed, ledger row, git hash); a rehearsed rollback/kill-switch path with a drill receipt governs roll-back-vs-forward-fix. Vela tracks adoption and the success metric vs target with a reproducible query receipt (query text + row count + timestamp). The brick produces period health reports where EVERY green/met claim carries a linked receipt and every miss carries a receipt + remediation owner + ETA, with honest commentary that explicitly names known platform gaps (e.g. Truth Gate wired at one endpoint, CI honesty evals non-blocking) where they bound what the reports can truthfully claim. This is a kind=work brick: it PRODUCES the receipt-linked evidence that the immediately-following independent Verdict-led "Hypercare Exit" review_loop and the final Handover brick consume — Vector does not self-certify exit.

This is the lifecycle's final brick, and it retires the two human gates that traditionally end a program: the self-declared "hypercare exit" and the hidden "handover acceptance" sign-off. It replaces both with a single AI-owned independent-review-and-iterate loop in which an independent panel — led by Verdict (independent evaluator) and joined by relevant specialists who did NOT author the stability story or the handover docs (Cipher for security evidence, Proof for test/quality evidence, Vector/Proof for runbook operability, Keystone for architecture completeness) plus an adversarial red-team pass — converts "exit/handover" from a ceremony into an evidence-converged verdict. Verdict does not read the hypercare team's dashboard or summaries; it independently RE-DERIVES every exit metric from the source systems (observability/SLO platform, incident tracker, value-realization/usage data, cost telemetry, security-scan and CI receipts) and FAILS any claim it cannot reproduce from source. Convergence is a strict four-part conjunction: (A) zero open material gaps under a binary materiality rubric, (B) every hypercare exit criterion source-reproduced green and sustained over a defined window N (not a single quiet day), (C) every BAU-handover artifact proven OPERABLE by an actual dry-run / game-day / restore drill (not asserted), and (D) reviewer independence attested. The human (sponsor) is strictly an input channel — proactively surfaced for the things only they can know (is real business value being realized vs. the captured baseline, are there real-world consequences the metrics missed, is the receiving BAU team real and named) — non-blocking, with an explicit flagged assumption recorded on silence; the human never approves. The loop iterates author→panel critique→gaps logged→team fixes→re-review and emits a single ledger-receipt verdict; it never auto-flips to "converged" while a material gap is open, and a persistent unfixable material gap is surfaced to the human as flagged non-blocking input AND recorded as an explicit accepted-risk in the verdict rather than silently reclassified.

Close the engagement without anyone "declaring victory": execute the closure as a work brick — assemble the complete handover package (architecture, executable runbooks, ops docs, test + security evidence, a structured known-limitations register, a prioritized next-release backlog, and a HANDOVER RECEIPT MANIFEST that maps every closure claim to a real receipt id), run a full end-to-end delivery retrospective that emits concrete template diffs (not a dead lessons-learned doc), transition the system from hypercare to a genuinely-owned BAU state, and re-open the continuous-discovery loop for the next release. Every "done / passed / secure / live" claim must be backed by an inspectable receipt (test run id + counts, security scan id + result, health-check timestamps + codes, git hash, runbook-execution transcript, prior independent-review verdict ids); an unbacked claim blocks closure exactly like the Truth Gate blocks an unbacked agent action. The human (sponsor) is an INFORMED RECIPIENT and a CONTINUOUS INPUT CHANNEL — they receive a walkthrough of the LIVE system (per the Discovery Step-23 precedent: walk the running platform, never a deck), and their questions / new asks flow into the next-release backlog as input; they do NOT sit in an approval gate and there is NO sign-off. Where the human is silent the team closes on an explicit FLAGGED assumption logged in the manifest rather than waiting. This work brick is immediately followed by the independent review_loop brick `handover_acceptance_review` (Verdict + Proof + Cipher + Vector, none of whom authored the package), so the final and most consequential claim — "the engagement is done" — is itself independently reviewed against the 7 objectives and the receipt manifest, never self-asserted.

This is the lifecycle's terminal gate: the single most consequential claim — "the engagement is done" — must be independently proven, never self-asserted by the team that did the work. A non-author panel led by Verdict (who authored none of the handover package) re-derives every row of the HANDOVER RECEIPT MANIFEST from primary source: test-run ids and pass/fail counts re-read from the runner, security-scan ids and results re-pulled from the scanner, health-check codes and timestamps re-hit live, git hashes re-resolved, runbook-execution transcripts re-read, and the ids of every prior independent-review verdict (spec, architecture, each sprint, release-readiness, hypercare-exit) confirmed SOLID and unsuperseded. Each BAU runbook is proven OPERABLE by an actual dry-run/restore drill — executed, not asserted. The known-limitations register is checked for honesty and completeness against the GapLog and the live system. The receiving BAU team is confirmed real and named (human-input, non-blocking; silence becomes a flagged assumption, never a block). The brick converges to a binary, ledger-backed closure-solid | not-solid ConvergenceVerdict — solid iff open material gaps == 0 AND every non-author reviewer is SOLID. This is the brick whose SOLID verdict handover_continuous_improvement gates its own closure on. There is no human sign-off.