Golden path

Run the governed capability proof.

The golden path is the first copyable developer proof: build a custom capability, run it from a connector, gate a sensitive action, and project evidence into the portal.

Dry run

Dry run needs no portal credentials. It prints the signed-event transcript that live mode would post.

bash
npm install
npm run platform:golden-path
bash
npm -w packages/verifier run build
node packages/verifier/dist/cli.js platform registry
node packages/verifier/dist/cli.js platform golden-path
  • Builds @autodevops/verifier-portal-client.
  • Emits session.started, tool, approval, hook blocked, source snapshot, and session.finished events.
  • Includes connector, plugin, capability, policy pack, ingest identity, and signing key provenance.
  • Scrubs raw developer email addresses before output.

Live portal mode

Use live mode only against a local or customer-owned portal endpoint.

bash
export AUTODEVOPS_DRY_RUN=0
export AUTODEVOPS_PORTAL_INGEST_ENDPOINT="https://portal.example.internal/api/verification-portal/ingest"
export AUTODEVOPS_PORTAL_INGEST_SECRET="shared-hmac-secret"
export AUTODEVOPS_TEAM_ID="00000000-0000-4000-8000-000000000000"
export AUTODEVOPS_INGEST_IDENTITY="portal-ingest/customer-security-platform"
export AUTODEVOPS_SIGNING_KEY_ID="customer-ingest-key-2026-05"
export AUTODEVOPS_PORTAL_APPROVAL_REQUEST_ENDPOINT="https://portal.example.internal/api/verification-portal/runtime/approval-request"
export AUTODEVOPS_PORTAL_APPROVAL_STATUS_ENDPOINT="https://portal.example.internal/api/verification-portal/runtime/approval-status"

npm run platform:golden-path

Expected portal evidence

Session timeline shows custom connector activity, approvals show the protected action, audit includes source and capability provenance, Agent Run Audit has the source snapshot, and audit CSV export includes provenance columns.

Validation

Use the route-level tests when you need deterministic proof without a deployed portal.

bash
node --test packages/verifier/test/platform-command.test.js packages/verifier/test/portal-ingest-route.test.js
  • verifier platform golden-path dry-run payload generation.
  • Signed live-style posting through the portal ingest route.
  • Approval bridge request/status polling for connector-authored governed actions.
  • Private registry provenance projection into session, approvals, audit, and Agent Run Audit.
  • Backward-compatible ingestion of an older agent_activity.v1 connector payload.