Reproducibility Package¶
Confirmed Local Files¶
build_all.shcompile_one.jspackage.jsonpackage-lock.jsontest_p10_conformance.jsout/bytecode-sizes.json
Current Status¶
The source package contains a local compile/test shape and generated size artifacts. This is useful evidence, but the handbook has not confirmed signed CI logs, exact Node binary provenance, exact solc binary checksums, or independent rebuild logs.
Production Requirement¶
Before treating the package as reproducible production evidence, archive:
- pinned toolchain versions and binary checksums;
- clean checkout commit hash;
- dependency install logs;
- compile logs;
- size report;
- conformance test output;
- signed or immutable CI artifact reference.
Command Shape¶
The source package suggests:
bash npm install npm run build npm test
Run output must be archived before this handbook can claim current pass status.
Evidence Model¶
| Field | Requirement |
|---|---|
| Purpose | rebuilding evidence from a clean checkout and source snapshot. |
| Expected location | archive bundle with scripts, manifests, and outputs. |
| Current local evidence status | Evidence required unless the named artifact is present in this repository or the Solidity source snapshot and has been inspected in the current run. |
| What it proves | that reviewers can rerun the evidence set. |
| What it does not prove | that the underlying assumptions are true on mainnet. |
| How to regenerate | Run the documented tool from a clean environment, archive command, commit/source hash, config, stdout/stderr, and result files. |
| Production requirement | Results must be tied to the exact source manifest lock, compiler version, dependency lock, and deployment artifact under review. |
| Owner responsible | Protocol engineering owns source/test correctness; security review owns independent challenge; governance owns accepting residual risk. |
| Failure meaning | A failure blocks release, launch, upgrade, or operation until root cause is fixed or explicitly accepted with documented risk. |
Review Notes¶
Do not write “pass” for Reproducibility package without current evidence. If evidence is missing, stale, or tied to a different source snapshot, write Evidence required and keep the gap visible in the release or operations checklist.