Control Evidence Checklist
Use this checklist to verify implementation evidence for orchestration controls.
Gate-by-gate evidence
Gate 1: Requirements
- Hardened story with measurable acceptance criteria
- Risk tier and data classification
- Product owner approval record
Gate 2: Design
- Architecture conformance report
- Constraint and dependency list
- Architect approval (Tier 2+)
Gate 3: Implementation
- Contract-validated agent execution record
- Unit tests and lint output
- AI attribution fields (
AI-Usage,AI-Prompt-Ref,Agent-IDs)
Gate 4: Testing
- Risk-based test matrix
- Coverage and regression report
- QA decision (
pass/conditional/fail)
Gate 5: Security and Compliance
- SAST/SCA evidence
- Dependency and license scan results
- Compliance evidence pack and approvals
Gate 6: Deployment
- Release plan and rollback steps
- Monitoring/alerting activation evidence
- Mandatory human deployment approval
Gate 7: Operations
- Post-deploy health checks (15m/1h/24h)
- Incident/rollback records (if triggered)
- Lessons learned and feedback artifact
PRD-STD mapping evidence
| Standard | Required evidence |
|---|---|
| PRD-STD-009 | AgentContract, HandoffArtifact, RunLedgerEntry, gate decisions |
| PRD-STD-017 | skill-id/skill-version, attribution URL, skill review rationale |
| PRD-STD-007 | Gate outcomes, CI statuses, override/waiver records |
| PRD-STD-004 | Security scan outputs and remediation closure |
| PRD-STD-008 | Dependency license/CVE compliance outputs |
Mandatory schema validation records
templates/schemas/agent-contract.schema.jsontemplates/schemas/hook-contract.schema.jsontemplates/schemas/gate-decision.schema.jsontemplates/schemas/handoff-artifact.schema.jsontemplates/schemas/run-ledger-entry.schema.json