Documentation

DOC / 14 / DELIVERY

Artifact trust

Understand portable namespaces, exact source capture, staged publication, build receipts, causal graphs, and fail-closed verification.

In this guideArtifact trust
Getting startedProject structureCLI referenceDeveloper loopRouting and pagesRust viewsEvents and foldsSchemas and snapshotsHyphae verified syncTyped contentBrowser runtimeDOM ownershipAdaptive assetsArtifact trustErrors and diagnosticsBuild and deployCrates and APILicensing and policy

One portable output namespace

Routes, redirects, public assets, generated client files, the causal graph, and the build receipt share one collision model. Parent traversal, aliases, case-only collisions, Windows reserved names, symlinks, hardlinks, non-regular files, and output paths that overlap source are rejected before publication.

Capture exact inputs

The build captures portable source identities, sizes, SHA-256 digests, project configuration, toolchain identity, source revision, and producer declarations. Inputs are revalidated before publication so a file cannot change between planning and commit without invalidating the build.

Verify receipt and graph together

pliego.build.json
Exact output file set, byte size, digest, producer, source revision, and toolchain
pliego.graph.json
Versioned source-to-route-to-artifact causal edges bound by the receipt
pliego inspect
Recompute and verify the complete published artifact
pliego why artifact
Explain only after receipt and graph verification succeed

Stage, seal, replace

  1. 01

    Preflight

    Validate budgets, namespace, inputs, and existing output without following links

  2. 02

    Stage

    Write every new file into a private sibling directory

  3. 03

    Seal

    Revalidate inputs and write the final receipt over the exact staged bytes

  4. 04

    Replace

    Atomically swap the verified stage while retaining recoverability on failure