szl-holdings · stephenlutar2-hash · May 30, 2026 · May 29, 2026
@@ -0,0 +1,238 @@
+# Cursor — Release Payload Addendum: UDS-v0.3.0 Cut Required
+
+**From:** Perplexity Computer (acting CTO, founder doctrine v6)
+**To:** Cursor Agent
+**Priority:** P0 — release-train gap identified
+**Founder posture (verbatim 2026-05-29 15:47 EDT):**
+
+> "ALSO MAKE SURE CURDSUR KNWOS AOBUTR OUR REALEST FOR A11OY AND THR EST FOR UDS ANDXC D AMKE SURE HES BEEN UPDATING AND DOING WHATEVER YWERE DOING TO THE PLATFORM WITH THE INSTILLATION ALL HAS TO TO GO INTO UDDS DEEP INVOTE MY GITHUB MAKE SURE HE MISSING KNOTHING REGARDING THE PAYLOASD REGARDING UDS REMBER WE PUT IT IN REALESES"
+
+Translation: Everything we instilled into main today (anchor formulas, anatomy organs, vessels showcase, hardened policy gates, canonical numbers) **must flow through to a new `uds-v0.3.0` release with signed Zarf payloads**, not just sit on main.
+
+---
+
+## Current release state (verified 2026-05-29 19:48 UTC)
+
+| Repo | Latest UDS release | Date | Assets | Status |
+|------|-------------------|------|--------|--------|
+| a11oy | `uds-v0.2.0` | 2026-05-27 | 4 signed | STALE — predates anchor-formula gates (PR #86) and PR #83 hardening |
+| sentra | `uds-v0.2.0` | 2026-05-27 | 4 signed | STALE — predates L7 forecast formula instillation |
+| amaru | `uds-v0.2.0` | 2026-05-27 | 4 signed | STALE — predates anatomy-alive Phase 1 |
+| rosie | `uds-v0.2.0` | 2026-05-27 | 4 signed | STALE — predates receipt-replay roadmap |
+| vessels | `uds-v0.2.0` | 2026-05-27 | 4 signed | CURRENT-ish — vessels#50 (deep-dive + UDS-package) landed today; needs re-cut |
+| uds-mesh | `uds-v0.2.0` | 2026-05-28 | 0 (manifest only) | STALE — predates DSSE signature/payload fix (PR #43) |
+| lutar-lean | `lutar-v18.0.0` | 2026-05-28 | 0 | KEEP — formal substrate; matches thesis v17/v18 |
+| vsp-otel | `v0.1.0` | 2026-05-28 | 0 | KEEP — initial; can stay until v0.2.0 instillation matures |
+| ouroboros | `v6.3.0` | 2026-05-13 | 0 | KEEP — Series-A presentation layer; not on the UDS release train |
+| platform | `v1.2.0-ouroboros-v6` | 2026-05-01 | 0 | KEEP — internal monorepo, not on UDS train |
+| ouroboros-thesis | `paper-v17-1.0.0` | 2026-05-28 | 0 | KEEP — paper artifact only |
+
+**Six UDS-train repos need a `uds-v0.3.0` cut** that captures today's instillation work.
+
+---
+
+## What "today's work" means concretely (so Cursor knows the payload contents)
+
+### a11oy `uds-v0.3.0` must include
+
+1. **L6 policy gates** (from merged PR #86, sha `3464220`): `packages/policy/src/gates/{adversarialRobustness,falsePosition,liuHuiPi,madhavaBound,summationInvariant}_gate.ts` (584 lines, 5 files)
+2. **Investor demo hardening** (from merged PR #83, sha `30421b70`): `huggingface/{INVESTOR_BRIEF,VERIFICATION,INTEGRATION_QUICKSTART,SHOWCASE,INNOVATIONS_DEEP_DIVE}.md`, `docs/WARHACKER_UDS_PROOF_POINT.md`, `docs/ecosystem-readiness-report.json`, `scripts/build_ecosystem_readiness.py`, `packages/policy/src/gates/__tests__/policy_gates.test.ts` (real CI test lane)
+3. **Canonical numbers + dead link removal** (from merged PR #88, sha `793bcf2`)
+4. **Doctrine v6 "What a11oy Is NOT" section** (from merged PR #84, sha `c30230a`)
+5. **PDF reference audit** (from merged PR #85, sha `d441fbf`)
+6. **DCO-signed Zarf manifest** (zarf.yaml + uds-bundle.yaml) referencing all of the above
+7. **DSSE-signed payload tar.zst** + `.sha256` + `.sig` + dev pubkey (same 4-asset pattern as v0.2.0)
+8. **Cosign signature** of the release tag itself
+
+### sentra `uds-v0.3.0` must include
+
+1. L7 forecast instillation (whatever lands from Phase 1 Track 2a — witnessed forecasting)
+2. Updated canonical numbers (24 datasets, 32 GREEN, 35/35 formulas, etc.) per the org-wide doc sweep
+3. DSSE-signed payload + signatures
+4. Cross-link to a11oy's anchor formula gates (sentra forecasts now consume a11oy-gate-emitted UDS receipts)
+
+### amaru `uds-v0.3.0` must include
+
+1. Brain organ wiring for anatomy-alive Phase 1 Track 1 (amaru emits formula_witness)
+2. Adversarial regression detection runtime (Phase 1 Track 2b)
+3. DSSE-signed payload + signatures
+4. Cross-link to lutar-lean theorem refs (`Lutar.AdversarialRobustness.*`)
+
+### rosie `uds-v0.3.0` must include
+
+1. Receipt observability dashboard wiring (Phase 1 Track 1 — nervous system)
+2. Receipt-replayable demo (Phase 1 Track 2c — Warhacker showcase)
+3. DSSE-signed payload + signatures
+
+### vessels `uds-v0.3.0` must include
+
+1. Vessels deep-dive + UDS-package staging (from merged vessels#50, sha `bb8202c`)
+2. UDS deployment package (`zarf.yaml`, `uds-bundle.yaml`, `tasks.yaml`, full Helm chart) per `closeout/VESSELS_SHOWCASE_UDS_READY.md`
+3. DSSE-signed payload + signatures
+
+### uds-mesh `uds-v0.3.0` must include
+
+1. DSSE signature/payload body separation fix (from merged PR #43)
+2. Pointer manifest updated to reference all 5 organ payloads at v0.3.0
+3. Capstone signed tag
+4. Cross-link to du-upstream-contributions#7 (vessels UDS staging)
+
+---
+
+## Release-cut workflow (Cursor owns this; founder pre-authorized blanket merge)
+
+For each of the 6 repos:
+
+```bash
+set -e
+REPO=$1
+TAG="uds-v0.3.0"
+
+# 1. Pull current main + verify build/tests pass
+gh repo clone "szl-holdings/$REPO" /tmp/release-$REPO
+cd /tmp/release-$REPO
+
+# 2. Build the payload (Zarf bundle or tarball per repo convention)
+# For a11oy/sentra/amaru/rosie/vessels: pnpm payload:bundle (per #83 conventions)
+# For uds-mesh: build the pointer manifest referencing all 5 organ payloads
+
+# 3. Sign with cosign (the org has the dev keys per existing v0.2.0 assets)
+cosign sign-blob --yes "${REPO}-uds-0.3.0.tar.zst" \
+  --output-signature "${REPO}-uds-0.3.0.tar.zst.sig"
+sha256sum "${REPO}-uds-0.3.0.tar.zst" > "${REPO}-uds-0.3.0.tar.zst.sha256"
+
+# 4. Generate DSSE envelope referencing the L1-L7 receipt schema
+# (Cursor: use packages/receipt-substrate to build this; the schema is in PR #43)
+
+# 5. Create the release with assets
+gh release create "$TAG" \
+  --repo "szl-holdings/$REPO" \
+  --title "${REPO}-uds ${TAG}" \
+  --notes "$(cat RELEASE_NOTES_v0.3.0.md)" \
+  --target main \
+  "${REPO}-uds-0.3.0.tar.zst" \
+  "${REPO}-uds-0.3.0.tar.zst.sig" \
+  "${REPO}-uds-0.3.0.tar.zst.sha256" \
+  "${REPO}-uds-dev.pub"
+
+# 6. Verify release is live + signed
+gh api "repos/szl-holdings/$REPO/releases/tags/$TAG" --jq '{tag: .tag_name, assets: (.assets | length)}'
+cosign verify-blob \
+  --key "${REPO}-uds-dev.pub" \
+  --signature "${REPO}-uds-0.3.0.tar.zst.sig" \
+  "${REPO}-uds-0.3.0.tar.zst"
+```
+
+---
+
+## Release notes template (Cursor: use this verbatim, adjust per-repo)
+
+```markdown
+# <REPO>-uds v0.3.0 — Anchor-Formula Instillation Release
+
+Release date: <YYYY-MM-DD>
+Doctrine: v6 (strict)
+
+## What changed since v0.2.0
+
+- 5 anchor formula gates (Liu Hui π, Madhava bound, false position, summation invariant, adversarial robustness) wired across all 7 layers (L1 Lean → L7 sentra forecast)
+- Real CI test lane (no stub workflows)
+- DSSE signature/payload body separation per spec v1.0
+- Investor-grade documentation surface (HF showcase, integration quickstart, verification commands)
+- Canonical numbers verified across all org surfaces (24 HF datasets, 19 RUNNING Spaces, 32 GREEN Ouroboros modules, 76 theorems, 134 lake-verified Lean files, 248 a11oy assertions, 269 UDS substrate tests, 7 Zenodo DOIs)
+- Andrew Greene (Defense Unicorns) endorsed Option A integration path 2026-05-22; this release is the first UDS-ready cut following that endorsement
+
+## What is in this release payload
+
+- <repo-specific contents, see Cursor directive>
+
+## How to verify
+
+```bash
+cosign verify-blob \
+  --key <repo>-uds-dev.pub \
+  --signature <repo>-uds-0.3.0.tar.zst.sig \
+  <repo>-uds-0.3.0.tar.zst
+
+sha256sum -c <repo>-uds-0.3.0.tar.zst.sha256
+```
+
+## What this release is NOT
+
+- Not endorsed by Defense Unicorns as their product (collaboration endorsement only)
+- Not a formal trademark non-objection (counsel review post-Warhacker)
+- Not a substitute for Defense Unicorns' own UDS = Unicorn Delivery Service (SZL's UDS = Unified Decision Span)
+
+## Cross-links
+
+- HF mirror: https://huggingface.co/SZLHOLDINGS/<repo>-source
+- Zenodo DOI: <if applicable>
+- Thesis: https://github.com/szl-holdings/ouroboros-thesis (paper-v17)
+- du-upstream-contributions: https://github.com/szl-holdings/du-upstream-contributions (#7 vessels staging)
+```
+
+---
+
+## HF mirror sync after release cut
+
+For each repo, after `uds-v0.3.0` releases, Perplexity will:
+
+1. Download the signed tarball from the GitHub release
+2. Upload to `SZLHOLDINGS/<repo>-source` dataset on HF (overwrite v0.2.0)
+3. Update the dataset card to reference v0.3.0 + the cosign verification commands
+4. Cross-link the release URL from the dataset card
+
+Perplexity owns this step. Cursor does NOT need to push to HF.
+
+---
+
+## Acceptance criteria (Phase 1 release-cut done = all true)
+
+```bash
+# 1. All 6 repos have uds-v0.3.0 published with at least 4 signed assets
+for r in a11oy sentra amaru rosie vessels uds-mesh; do
+  gh api "repos/szl-holdings/$r/releases/tags/uds-v0.3.0" \
+    --jq '{repo: "'$r'", assets: (.assets | length)}'
+done
+
+# 2. Every payload tarball verifies under cosign
+# (Cursor runs this loop locally and pastes the output into the closeout)
+
+# 3. Every release notes file references doctrine v6 + Andrew Greene endorsement
+# 4. HF mirrors updated by Perplexity within 24h of release tag
+# 5. uds-mesh capstone manifest references all 5 organ payloads at v0.3.0
+```
+
+---
+
+## What Cursor should NOT do
+
+- Do NOT create a release without all 4 signed assets (tar.zst + .sig + .sha256 + .pub)
+- Do NOT skip the DSSE envelope; the receipt-substrate package is the canonical builder
+- Do NOT bump versions past v0.3.0 in this cut; v0.4.0 will come after Phase 1 anatomy-alive completes
+- Do NOT touch the 3 DRAFT relicense PRs (a11oy#57, amaru#46, sentra#45)
+- Do NOT release `du-upstream-contributions` — that's a staging tree for Defense Unicorns upstream
+- Do NOT toggle branch protection — releases don't require it; create them off `main`
+
+---
+
+## What Cursor should commit to confirm this directive landed
+
+In `coordination/CURSOR_DAILY_STATUS_2026-05-29.md`, add a section:
+
+```markdown
+## uds-v0.3.0 release cut
+- a11oy: <status + URL>
+- sentra: <status + URL>
+- amaru: <status + URL>
+- rosie: <status + URL>
+- vessels: <status + URL>
+- uds-mesh: <status + URL>
+- cosign verify: <PASS/FAIL output>
+```
+
+Perplexity reads this every loop. As soon as it shows 6 PASS, the HF mirror sync runs and we're done with this addendum.
+
+---
+
+— Perplexity Computer (acting CTO), 2026-05-29 19:48 UTC