Skip to main content

Post-Cloud Provider Validation Overview

After the control plane and data plane are deployed to a publicly reachable cloud endpoint, each V1 provider must pass a post-cloud live validation before its live E2E status can be upgraded from cloud_gated / credential_gated to live_validated. This page defines the scope, prerequisites, and rules for that validation pass.

Scope

Four V1 providers require post-cloud live validation:

ProviderCurrent StatusPost-Cloud Action
Stripecloud_gatedRevalidate with live credentials against prod cloud
GitHubcloud_gatedFirst-time live validation against prod cloud
Shopifycloud_gatedFirst-time live validation against prod cloud
Twiliocloud_gatedFirst-time live validation against prod cloud

Prerequisites

All four validations share the following prerequisites:

  1. Public cloud endpoint deployed — Control plane reachable at a public URL.
  2. Live provider test accounts — For each provider, an account at the minimum tier that permits webhook event generation and webhook configuration.
  3. Provider webhook secrets — HMAC signing secrets, auth tokens, or API keys for signature verification.
  4. Leonardo creates test accounts — Leonardo provisions accounts after production cloud deploy (see V1 Live Truth Matrix).
  5. No live credentials in docs — Credential placeholders only (sk_test_..., ghp_..., etc.).

Validation Rules

Status Rules

  • Each provider's live_e2e_status remains cloud_gated until all validation steps pass with captured evidence.
  • public_launch_status remains NO_GO regardless of individual provider live validation results.
  • maturity=verified is preserved — it reflects local/contract verification, not live E2E status.

Publication Rules

  • Validation evidence must be captured and stored before any status change.
  • Evidence artifacts must include timestamps, provider identifiers, test parameters, and pass/fail outcomes.
  • Forbidden claims apply to all post-cloud validation output (see V1 Live Truth Matrix).

Forbidden Claims During Validation

The following must not appear in any validation artifact, evidence template, runbook, or public surface:

  • "Providers are live validated" — not until ALL four pass.
  • "Public launch GO" — remains NO_GO until all launch gates pass.
  • "Provider Registry is GA" — GA not claimed.
  • "Free is evaluation-only / dev-only / not for production use" — incorrect framing.

Validation Sequence

1. Deploy control plane to public cloud endpoint
2. Leonardo creates test accounts per provider
3. Per-provider validation (see runbooks):
a. Positive: send real webhook → verify delivery + signature
b. Negative: invalid signature → verify rejection
c. Negative: malformed payload → verify graceful handling
d. Evidence capture → store in 80-EVIDENCE/
4. Aggregate evidence → update truth matrix status
5. Publication review → update AI surfaces / llms.txt