Operators
Readiness, assurance, and production evidence
This page explains public, tenant-safe operator concepts. It does not publish private control-plane procedures, credentials, or internal infrastructure instructions.
Canaries
Canaries are evidence-producing checks that prove the production path still works. Attesto 2.0 uses canaries for the full lifecycle, fork defense, quorum, connectors, Local Vault, multi-tenant witness isolation, and Proof of Evolution readiness.
| Canary | What PASS means |
|---|---|
| Lifecycle | Event, receipt, window, checkpoint, witness, anchor, bundle, and offline verify all succeeded. |
| Fork defense | A conflicting checkpoint history created fork evidence and verifier rejection. |
| Quorum | Tenant witness policy was satisfied by the required witness statements. |
| Connector | Connector auth, source observation, idempotency, and revoke behavior worked. |
| Local Vault | Relay, encrypted spool, source attestation, and optional witness behavior worked. |
Readiness
Readiness is not one green light. Production-ready evidence requires signer health, trust policy, witness quorum, verifier corpus, backup restore evidence, metrics protection, and release evidence.
Assurance reports
A good assurance report answers: “This stream is verifiable because...” and then lists receipts, window inclusion, checkpoint consistency, witness/quorum status, anchors, bundle digest, and verifier result.
Production evidence health
- Green receipt path: events produce receipts.
- Green window path: events close into windows and inclusion proofs.
- Green checkpoint path: windows create consistent checkpoints.
- Green witness path: policy-required witnesses sign or report conflicts.
- Green bundle path: export and offline verification succeed.
Tenant-facing runbooks
Public runbooks should tell tenant users what they can do safely: rotate a system key, request a new export, inspect stream health, verify a bundle, retry a connector delivery, or pause reliance on a stream range when fork evidence appears. Private operational details stay outside docs.attesto.eu.