The Validation Manifest

A ReadyStack product is not a Docker image. It is a Docker image plus a Validation Manifest that proves every expected behavior was met. The manifest is the product. The image is the delivery mechanism.

Every other Docker distribution asks you to trust them. We give you the evidence to verify us.

// The ContractChainβ„’

The ContractChainβ„’ is ReadyStack's core technology. It's an unbreakable chain of accountability that runs through every build. Each link produces evidence. The Validation Manifest is the sum of that evidence. No link can be skipped. No evidence can be faked.

β†’
Expected behaviors are defined before any code is written.
"PostgreSQL must accept connections. Login page must render. Seed data must contain 3 courses."
β†’
Health checks are written for every expected behavior.
One script per check. Automated. Repeatable. No manual "looks good to me."
β†’
The image is built from upstream source. Every modification documented β€” what we changed, why, and what behavior it should produce.
β†’
Health checks run. Every check records: expected behavior, actual result (PASS/FAIL), duration.
β†’
Clean rebuild from scratch β€” docker build --no-cache. If it only worked because of cached layers, we catch it here.
β†’
The Validation Manifest is assembled from all the evidence. It ships inside the image and is committed to the public repo.
No manifest = no release. Ever.

// What's In the Manifest

Six sections. Same structure for every product. Product-specific content fills them.

01 Build Identity

What was built, from what upstream commit, when, by which build agent. The fingerprint of this specific release.

02 Upstream Modifications

Every file we added, modified, or deleted from the original source β€” and why. Every change has an expected behavior and a verification status.

03 Validation Steps

Every health check result, organized by phase: boot β†’ services β†’ application β†’ data β†’ integration. Name, expected behavior, PASS/FAIL, duration.

04 Defect History

Every bug encountered during the build and how we fixed it. Full transparency β€” not just what works, but what broke and how we resolved it.

05 Environment Contract

Exactly what your host needs: minimum RAM, CPU, disk. Required ports. Volumes for persistence. Every environment variable with defaults.

06 Reproducibility Statement

The Dockerfile URL, exact build command, upstream commit hash, and license. Anyone can clone the repo and rebuild the image independently.

// Example

Here's what a real manifest looks like (abbreviated):

# VALIDATION_MANIFEST.md

Product: Install Canvas
Version: 2026.02.15.1
Upstream: Canvas LMS prod @ abc123
Built: 2026-02-15T03:00:00Z (22m 14s)
Image: johntdavenport/installcanvas:2026.02.15.1

## Modifications (6 total)
βœ“ config/database.yml β€” bundled PostgreSQL
βœ“ docker-entrypoint.sh β€” service orchestration
βœ“ seed-test-data.rb β€” realistic demo data
...

## Validations (12 checks)
PASS Container starts (3.2s)
PASS PostgreSQL accepts connections (4.1s)
PASS Redis responds PONG (0.3s)
PASS Canvas login page renders (1.1s)
PASS API returns valid JSON (0.8s)
PASS Seed data: 3 courses, 10 students, 34 assignments (1.5s)
...

## Defects (2 encountered, 2 verified)
VERIFIED IC-001 GEM: nokogiri compile fix
VERIFIED IC-002 ASSET: OOM fix at compile_assets

## Reproducibility
docker build --no-cache -t installcanvas .
License: AGPL-3.0 Β· Source: github.com/c0inz/ReadyStackInstructure

// Where It Lives

Every manifest ships in 4 places:

πŸ“¦ Inside the image

/readystack/VALIDATION_MANIFEST.md β€” always accessible via docker exec or docker cp.

πŸ“‚ In the GitHub repo

builds/YYYY-MM-DD/VALIDATION_MANIFEST.md β€” committed after each successful build.

🐳 On Docker Hub

Summary version in the image README.

🌐 On this site

Rendered as the package's Build Report page (coming soon).

The Validation Manifest is ReadyStack's product.
The Docker image is just the delivery mechanism.
No manifest = no release. Ever.