Status
BATCH D AUDIT INVENTORY ITEM / PARTIALLY REMEDIATED
Scope
Batch D covers outer, support, concept, and experimental repositories outside the Evaluation Kit registry, including sampled surfaces from:
- Riverbraid/.github
- riverbraid-ssg
- Riverbraid-p5
- Riverbraid-Hydra
- Riverbraid-Lang
- Riverbraid-Gold-UI
- Riverbraid-Gold-V2
- riverbraid-tsh
- Riverbraid-Integrity-Floors
- Riverbraid-RDK
- Riverbraid-Governance
- Riverbraid-Spatial-Gold
- Riverbraid-Pulse-Gold
- Riverbraid-Nexus-Gold
- Riverbraid-Discovery-Gold
- Riverbraid-Resonance-Gold
- Riverbraid-Build-V5
- Riverbraid-Liminal-Monitoring
- Riverbraid-Secrets-Safe
- Riverbraid-Wasm-Bridge
Confirmed public entry strengths
- The organization profile points readers to Evaluation Kit, Documentation, Core, Golds, Safety Example, and Gold V2, and includes clear non-claims.
riverbraid-ssg, riverbraid-tsh, Riverbraid-Governance, Riverbraid-p5, Riverbraid-Hydra, and Riverbraid-Lang use support or experimental boundary language and do not present themselves as canonical protocol authority.- Outer Gold surfaces such as Spatial, Pulse, Nexus, and Discovery clearly state they are not part of the current Evaluation Kit registry and point readers back to Evaluation Kit and Documentation.
Current finding state
Riverbraid-Gold-V2 README and workflow behavior were partially remediated. Neighboring repo script coupling remains tracked in Riverbraid-Gold-V2#2.Riverbraid-Gold-UI claim/demo language was normalized and Riverbraid-Gold-UI#3 was closed as documentation-only resolved.Riverbraid-Integrity-Floors README claim language was normalized.Riverbraid-RDK README claim language was normalized.Riverbraid-Build-V5, Riverbraid-Liminal-Monitoring, and Riverbraid-Secrets-Safe README language, workflow secret coupling, and missing audit_final.js targets were remediated with bounded scaffold checks. Execution evidence remains required.Riverbraid-Resonance-Gold README was corrected to avoid treating it as current registry-listed without checking the Evaluation Kit surface.Riverbraid-Wasm-Bridge README overclaim language was normalized to an experimental bridge surface with evidence and authority boundaries.Riverbraid-Lang, Riverbraid-p5, and Riverbraid-Hydra received navigation or boundary cleanup during the review pass.
Search-limited non-findings
Search did not return visible hits in Batch D for common private key markers, GitHub token markers, AWS secret marker, npm token marker, pull_request_target, permissions: write-all, secrets.GITHUB_TOKEN, pipe-to-shell patterns, or common nondeterminism markers.
This is search-limited and does not prove absence across history, settings, artifacts, dependencies, release assets, or unindexed surfaces.
Required follow-up
- Run execution evidence for Build V5, Liminal Monitoring, Secrets Safe, and any other newly bounded scaffold checks if they are intended to remain active workflows.
- Decide whether Gold V2 neighboring repo scripts are acceptable or should be moved behind explicit dependency-boundary documentation or rewritten.
- Continue optional UX polish for outer and experimental repositories that are not first-contact entry surfaces.
- Preserve registry freshness lock until explicit registry succession gate exists.
Boundary
This issue records audit inventory only.
It does not claim Batch D is secure, complete, production ready, externally audited, or free of defects.
It does not mutate registry, verifier behavior, protocol, hash, seal, manifest, tag, or release state.
Status
BATCH D AUDIT INVENTORY ITEM / PARTIALLY REMEDIATED
Scope
Batch D covers outer, support, concept, and experimental repositories outside the Evaluation Kit registry, including sampled surfaces from:
Confirmed public entry strengths
riverbraid-ssg,riverbraid-tsh,Riverbraid-Governance,Riverbraid-p5,Riverbraid-Hydra, andRiverbraid-Languse support or experimental boundary language and do not present themselves as canonical protocol authority.Current finding state
Riverbraid-Gold-V2README and workflow behavior were partially remediated. Neighboring repo script coupling remains tracked inRiverbraid-Gold-V2#2.Riverbraid-Gold-UIclaim/demo language was normalized andRiverbraid-Gold-UI#3was closed as documentation-only resolved.Riverbraid-Integrity-FloorsREADME claim language was normalized.Riverbraid-RDKREADME claim language was normalized.Riverbraid-Build-V5,Riverbraid-Liminal-Monitoring, andRiverbraid-Secrets-SafeREADME language, workflow secret coupling, and missingaudit_final.jstargets were remediated with bounded scaffold checks. Execution evidence remains required.Riverbraid-Resonance-GoldREADME was corrected to avoid treating it as current registry-listed without checking the Evaluation Kit surface.Riverbraid-Wasm-BridgeREADME overclaim language was normalized to an experimental bridge surface with evidence and authority boundaries.Riverbraid-Lang,Riverbraid-p5, andRiverbraid-Hydrareceived navigation or boundary cleanup during the review pass.Search-limited non-findings
Search did not return visible hits in Batch D for common private key markers, GitHub token markers, AWS secret marker, npm token marker,
pull_request_target,permissions: write-all,secrets.GITHUB_TOKEN, pipe-to-shell patterns, or common nondeterminism markers.This is search-limited and does not prove absence across history, settings, artifacts, dependencies, release assets, or unindexed surfaces.
Required follow-up
Boundary
This issue records audit inventory only.
It does not claim Batch D is secure, complete, production ready, externally audited, or free of defects.
It does not mutate registry, verifier behavior, protocol, hash, seal, manifest, tag, or release state.