[blocker]: Hosted release workflow and signing custody

[gchahal1982]

Source PRD rows: docs/prds/agent-studio-open-prd.md:1135, docs/prds/agent-studio-open-prd.md:1187, docs/prds/open-studio-platform-prd.md:1698.

Current verified state as of 2026-05-19:

• macOS notarization, signed SHA256SUMS, updater manifest, and public release assets exist for the current release.
• Hosted release workflow has not produced the full cross-OS signed GA artifact set.
• Hosted release/HSM custody variables and secrets are not configured in the checked repos.

Completion criteria:

• Hosted release secrets/variables are configured through controlled custody.
• Release workflow runs from a tag and produces signed macOS, Windows, and Linux artifacts.
• Release assets publish to GitHub Releases and Cloudflare R2 as expected.

Verification commands:

• pnpm --dir opensource/open-studio-platform run verify:signing-custody
• pnpm --dir opensource/open-studio-platform run verify:release-blockers -- --probe-uptime

[gchahal1982]

2026-05-20 update: hosted custody is partially configured but not closed. Repository secrets now include Apple notary API-key material, release GPG private key, and updater signing key, and Linux artifact readiness is green. Keeping this issue open because verify:signing-custody still reports missing Windows signing custody, Cloudflare release-publish credentials, release-bot token, and Windows package identity evidence; Agent release-custody PR #8 is still open and blocked by required review.

[gchahal1982]

2026-05-20 custody refresh:

• CLOUDFLARE_ACCOUNT_ID is now configured as a GitHub Actions secret on the checked release-owning repositories.
• verify:signing-custody now narrows missing hosted secret names to AURAONE_WINDOWS_CERT_THUMBPRINT, CLOUDFLARE_API_TOKEN, and AURAONE_RELEASE_BOT_TOKEN.
• This issue remains open for Windows EV/HSM/PFX custody, a least-privilege Cloudflare publish API token, release-bot token custody, required PR reviews/merge, and protected hosted release-workflow reproduction.

[gchahal1982]

2026-05-20 release-custody update:

• AURAONE_RELEASE_BOT_TOKEN is now configured as a GitHub Actions secret on the checked release-owning repositories.
• CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID, AURAONE_R2_BUCKET, and CLOUDFLARE_R2_BUCKET are now configured as GitHub Actions secrets on the checked release-owning repositories.
• The Cloudflare token was parsed from the current Wrangler auth session without printing the value and validated with wrangler whoami before being installed.
• Latest pnpm --dir opensource/open-studio-platform verify:signing-custody reports only AURAONE_WINDOWS_CERT_THUMBPRINT missing from hosted release secrets.

Still open:

• Windows EV/HSM/PFX signing custody.
• Microsoft package identity / winget evidence.
• Hosted Developer ID certificate import or HSM-backed macOS signing runner evidence.
• Review/merge of the public release-custody PRs and a protected hosted release workflow run.

[gchahal1982]

2026-05-20 custody preflight follow-up: the root verifier now reports Windows signing as a single accepted-alternatives requirement instead of implying that only AURAONE_WINDOWS_CERT_THUMBPRINT can close hosted custody.

Any one of these hosted custody paths is acceptable for the release gate:

• AURAONE_WINDOWS_CERT_THUMBPRINT
• AURAONE_WINDOWS_PFX_PATH + AURAONE_WINDOWS_PFX_PASSWORD
• AURAONE_WINDOWS_SIGNING_PROVIDER=azure-artifact-signing + AURAONE_ARTIFACT_SIGNING_DLIB_PATH + AURAONE_ARTIFACT_SIGNING_METADATA_PATH
• AURAONE_WINDOWS_SIGNING_PROVIDER=azure-artifact-signing + AURAONE_ARTIFACT_SIGNING_DLIB_PATH + AURAONE_ARTIFACT_SIGNING_ENDPOINT + AURAONE_ARTIFACT_SIGNING_ACCOUNT_NAME + AURAONE_ARTIFACT_SIGNING_CERTIFICATE_PROFILE_NAME

Current gate state is unchanged: Linux artifact/signature readiness and Sentry readiness are closed; Windows signing custody, Microsoft package identity/winget evidence, required reviews/merges, and protected hosted release reproduction remain open.

Evidence commit: gchahal1982/AuraFoundry@9f25721fc