docs(os): clarify elizaOS live validation status

Author: NubsCarson

packages/os/DOWNLOADS.md

@@ -13,10 +13,11 @@ gaps, and a hardware-support matrix.
 
 Current hardening status:
 
-- A prior live-USB ISO passed QEMU greeter/desktop/app-service validation
-  and guarded USB flash/readback. Current HEAD still needs rebuild,
-  repeat QEMU, repeat flash/readback, real hardware boot, and real USB
-  persistence validation before stable release.
+- A recent live-USB ISO artifact passed QEMU greeter/desktop/app-service
+  validation, and a prior artifact passed guarded USB flash/readback. The
+  exact release commit still needs rebuild/repeat QEMU if HEAD moves,
+  repeat flash/readback, real hardware boot, and real USB persistence
+  validation before stable release.
 - v1 is USB-only; internal-disk install is deferred.
 - A guarded developer writer exists in the live-USB variant. Production
   still needs a signed GUI/CLI flasher for macOS, Windows, and Linux.

packages/os/linux/variants/milady-tails/PLAN.md

@@ -22,10 +22,10 @@ turn-by-turn directions.
 |---|---|
 | **Phase 0 — Scaffold** | ✅ Done |
 | **Phase 1 — Base ISO builds + boots** | ✅ Done — base image builds and boots through QEMU via `-cdrom` |
-| **Phase 2 — elizaOS system branding** | ✅ Source implemented; current HEAD QEMU visual path passed |
-| **Phase 3 — Privacy mode** | 🔨 Source implemented; needs current-HEAD network/Tor validation |
-| **Phase 4 — Bake elizaOS app** | ✅ App payload/install path QEMU-passed on current HEAD; clean checkout still must run `just milady-app` before a full build |
-| **Phase 5 — Autolaunch** | ✅ Desktop/systemd wrapper QEMU-passed on current HEAD |
+| **Phase 2 — elizaOS system branding** | ✅ Source implemented; latest validated artifact QEMU visual path passed |
+| **Phase 3 — Privacy mode** | 🔨 Source implemented; needs exact-release network/Tor validation |
+| **Phase 4 — Bake elizaOS app** | ✅ App payload/install path QEMU-passed on latest validated artifact; clean checkout still must run `just milady-app` before a full build |
+| **Phase 5 — Autolaunch** | ✅ Desktop/systemd wrapper QEMU-passed on latest validated artifact |
 | **Phase 6 — Agent/broker** | 🔨 OS broker/env path implemented; approval-gated privileged actions still need hardening |
 | **Phase 7 — Persistence** | 🔨 Tails Persistent Storage row/hooks implemented; real USB persistence validation still pending |
 | **Phases 8–9** | 📋 Spec/backlog ([`docs/specs/`](./docs/specs/)), not release-complete |
@@ -56,9 +56,10 @@ What exists right now:
   approval-gated policy layer exists.
 - Privacy-mode, autolaunch, and `~/.eliza` Persistent Storage overlays are
   implemented locally. QEMU has proven the normal greeter/desktop/app path
-  on the current HEAD ISO, and USB flash/readback passed on a prior
-  artifact. The current gate is repeat USB flash/readback for this artifact,
-  then real USB boot, persistence, and privacy behavior.
+  on the latest validated local ISO artifact, and USB flash/readback passed
+  on a prior artifact. The current gate is rebuilding/validating the exact
+  release commit if the branch moves, then repeat USB flash/readback, real
+  USB boot, persistence, and privacy behavior.
 - The old root-level usbeliza Linux prototype was removed from this branch;
   this variant is the active Linux distro path.
 

packages/os/linux/variants/milady-tails/README.md

@@ -54,7 +54,7 @@ sealed.
 
 The target contract is that all four combinations work with the same
 feature surface, except for speed and persistence. QEMU has proven the
-normal branded greeter/desktop/app path on the current HEAD artifact, but
+normal branded greeter/desktop/app path on the latest validated artifact, but
 real-USB boot, real-USB persistence, and Privacy Mode network behavior still
 need validation before those rows can be treated as production evidence. See
 [`docs/user-experience.md`](./docs/user-experience.md) for the boot-time
@@ -113,21 +113,22 @@ Apache-2.0 where possible, dual-licensed under both where required.
 
 ## Status: Demo Branch Versus Production
 
-**Current branch status, 2026-05-19:** the elizaOS Live source tree has
-passed a fresh ISO build and QEMU greeter/desktop/app onboarding validation
-on the current HEAD artifact. A prior artifact passed guarded USB
-flash/readback, but the current artifact still needs repeat USB
-flash/readback, real hardware USB boot, and real USB Persistent Storage
-validation before it is called final USB-ready.
+**Current branch status, 2026-05-19:** this branch has produced a fresh
+local ISO artifact that passed QEMU greeter/desktop/app onboarding
+validation. A prior artifact passed guarded USB flash/readback, but the
+latest validated artifact still needs repeat USB flash/readback, real
+hardware USB boot, and real USB Persistent Storage validation before it is
+called final USB-ready. Release promotion must rebuild and validate the
+exact release commit if the branch moves after the latest tested artifact.
 See [`docs/current-status.md`](./docs/current-status.md) for the exact
 validation state.
 
 **Phase 1 — done.** The containerized build pipeline produced a bootable
 base ISO, and Tails' normal live-OS boot path was verified through QEMU
 using `-cdrom`.
 
-**Phases 2–7 — implemented in source, QEMU demo path proven on current
-HEAD.** Branding, Privacy Mode plumbing, bundled elizaOS app
+**Phases 2–7 — implemented in source, QEMU demo path proven on the latest
+validated artifact.** Branding, Privacy Mode plumbing, bundled elizaOS app
 install/autostart, the conservative elizaOS capability broker, and elizaOS
 Persistent Storage rows/hooks are in the tree. The current gate is USB
 flash/readback, real hardware boot, privacy, and persistence validation.

packages/os/linux/variants/milady-tails/ROADMAP.md

@@ -8,7 +8,7 @@ No optimism inflation. Where something is risky or unknown, it says so.
 
 ---
 
-## Where we are right now (2026-05-17)
+## Where we are right now (2026-05-19)
 
 **Done and proven:**
 - The **containerized build pipeline** works. A full elizaOS ISO
@@ -23,15 +23,15 @@ No optimism inflation. Where something is risky or unknown, it says so.
 - Local overlays now exist for elizaOS branding, Privacy Mode, elizaOS app
   install/systemd launch, a conservative elizaOS capability broker, elizaOS
   Persistent Storage, and a checked signed-runtime verifier foundation.
-- A prior full ISO artifact passed QEMU through the branded greeter,
-  desktop, and app-service path. The same artifact was flashed to a
+- A recent full ISO artifact passed QEMU through the branded greeter,
+  desktop, and app-service path. A prior artifact was flashed to a
   removable USB with guarded write/readback verification.
 - The old root-level usbeliza prototype has been removed from this branch;
   the active Linux distro work now lives under this live-build variant.
 
 **Not done:**
-- Current HEAD includes source-only branding/docs polish after the last
-  validated artifact. Rebuild and re-run QEMU before calling that exact
+- Rebuild and re-run QEMU if the branch moves after the latest validated
+  artifact; exact release-commit traceability is required before calling an
   artifact final USB-ready.
 - Privacy/direct networking and real USB Persistent Storage behavior still
   need proof inside the rebuilt live OS.
@@ -42,7 +42,8 @@ No optimism inflation. Where something is risky or unknown, it says so.
 
 So: the *build machine* is mostly complete. The *product* — elizaOS Live
 — has the core overlays in place, but the next heavy gate is still a
-fresh HEAD rebuild + QEMU + real USB boot + mode/persistence validation.
+exact release-commit rebuild if needed + QEMU + real USB boot +
+mode/persistence validation.
 
 Product identity rule: the boot, greeter, and desktop should read as
 elizaOS Live. Tails remains the underlying live-OS plumbing and is credited

packages/os/linux/variants/milady-tails/docs/current-status.md

@@ -15,25 +15,27 @@ enterprise release.
 6419dbee227317983ff2c6d02c3fd4bf97c6699ac1d26f0c98476f2ba58cfc10
 ```
 
-- The current HEAD source has now been rebuilt into a fresh canonical ISO at
-  `out/binary.iso`. Do not use older named ISO copies in `out/` for
-  validation; they can be stale.
+- This branch has produced a fresh canonical ISO at `out/binary.iso`. Do
+  not use older named ISO copies in `out/` for validation; they can be
+  stale. If the branch moves after this artifact, rebuild and validate the
+  exact release commit before publishing or flashing it as final.
 
 ```text
 fb706edd7016b415e53fc263c37d09ed26d7f0d8d3bced250bde5b1b3ea9bec8
 ```
 
-- Normal QEMU boot of that exact current-HEAD artifact reached the elizaOS
+- Normal QEMU boot of that exact validated artifact reached the elizaOS
   greeter, started a normal GNOME desktop, and showed the elizaOS app
   onboarding screen. This specifically proves the previous app backend
   timeout is gone for the packaged runtime in this artifact.
 
 ## Current HEAD Caveat
 
-Current HEAD has QEMU visual evidence for boot, greeter, desktop, and app
-onboarding startup. It has not yet been flashed/readback-tested to USB,
-booted on real hardware, or validated for real USB Persistent Storage
-create/unlock/delete behavior.
+The latest validated artifact has QEMU visual evidence for boot, greeter,
+desktop, and app onboarding startup. The exact release commit must be
+rebuilt and revalidated if HEAD moves. It has not yet been
+flashed/readback-tested to USB, booted on real hardware, or validated for
+real USB Persistent Storage create/unlock/delete behavior.
 
 ## Fixed Tonight
 
@@ -42,7 +44,7 @@ opened but the backend timed out because `@elizaos/plugin-app-manager` and
 `@elizaos/plugin-registry` were copied as package folders without runtime
 `dist/index.js` artifacts.
 
-The current artifact contains the fix:
+The latest validated artifact contains the fix:
 
 - `just milady-app` now builds runtime JS for those first-party plugin
   packages when their `dist/index.js` files are absent.

packages/os/linux/variants/milady-tails/docs/distribution-and-updates.md

@@ -32,9 +32,10 @@ The current branch is a demo/productization branch:
   a checked signed-runtime verifier foundation.
 - Static smoke checks are part of the demo gate and must pass before
   promotion.
-- The current HEAD ISO has passed QEMU greeter/desktop/app onboarding
-  validation. A prior artifact passed guarded USB flash/readback, so repeat
-  USB flash/readback for the current artifact before calling HEAD final.
+- The latest validated local ISO artifact has passed QEMU greeter/desktop/app
+  onboarding validation. A prior artifact passed guarded USB flash/readback,
+  so rebuild/revalidate the exact release commit if the branch moves and
+  repeat USB flash/readback before calling HEAD final.
 - Privacy behavior, real hardware USB boot, and real USB Persistent Storage
   behavior still need validation before production claims.
 - Production release infrastructure is missing: release keys, manifest

packages/os/linux/variants/milady-tails/docs/mode-parity.md

@@ -9,11 +9,11 @@ The product requirement is that the same capabilities are available in all
 four combinations. Mode changes can affect speed, persistence, and trace
 footprint, but they must not silently remove features.
 
-Status as of 2026-05-17: Phase 3-7 overlays are present in source, and a
-prior ISO passed the normal QEMU greeter/desktop/app-service path. Current
-HEAD needs rebuild and repeat validation. Treat the table below as the
-target acceptance matrix until Phase 8 produces evidence from QEMU and real
-USB across all four modes.
+Status as of 2026-05-19: Phase 3-7 overlays are present in source, and a
+recent ISO artifact passed the normal QEMU greeter/desktop/app-service path.
+Rebuild and repeat validation for the exact release commit if the branch
+moves. Treat the table below as the target acceptance matrix until Phase 8
+produces evidence from QEMU and real USB across all four modes.
 
 Evidence rule: mark a row as production-ready only after it is exercised
 in QEMU and on a real USB boot. Until then, "Yes" means required product

packages/os/linux/variants/milady-tails/docs/specs/README.md

@@ -4,10 +4,10 @@ File-level implementation plans for each phase of [`../../PLAN.md`](../../PLAN.m
 `PLAN.md` is the map (goals, success criteria, status); these specs are the
 turn-by-turn directions (exact files, exact changes, ordered checklists).
 
-Status note, 2026-05-17: Phase 2-7 OS/Tails overlays exist in source and a
-prior ISO passed the normal QEMU greeter/desktop/app-service path. Current
-HEAD includes later branding/docs polish and needs a fresh rebuild. Keep the
-specs as design/source-of-truth for intent, and use `PLAN.md` plus
+Status note, 2026-05-19: Phase 2-7 OS/Tails overlays exist in source and a
+recent local ISO artifact passed the normal QEMU greeter/desktop/app-service
+path. Rebuild and revalidate the exact release commit if the branch moves
+after that artifact. Keep the specs as design/source-of-truth for intent, and use `PLAN.md` plus
 `docs/current-status.md` for the current validation state.
 
 Each spec was produced by auditing the actual Tails source and the

packages/os/linux/variants/milady-tails/docs/specs/phase-3-privacy-mode.md

@@ -6,9 +6,9 @@ like stock Tails. Same features either way, only speed differs.
 
 Paths are relative to `TAILS = packages/os/linux/variants/milady-tails/tails`.
 
-Status as of 2026-05-17: this overlay is implemented in source. The
+Status as of 2026-05-19: this overlay is implemented in source. The
 normal QEMU app path has passed on a prior artifact, but Privacy Mode still
-needs current-HEAD network/app validation. The implementation uses
+needs exact-release network/app validation. The implementation uses
 `elizaos_privacy=1` in the bootloader entries, while the live-config hook
 also accepts `elizaos.privacy=on` for compatibility.
 

packages/os/linux/variants/milady-tails/docs/specs/phase-4-bake-milady-app.md

@@ -3,10 +3,10 @@
 Goal: `/opt/milady/` exists in the chroot and contains a runnable binary.
 Paths are relative to `TAILS = packages/os/linux/variants/milady-tails/tails`.
 
-Status as of 2026-05-17: the host build recipe, staged payload,
+Status as of 2026-05-19: the host build recipe, staged payload,
 `9100-install-milady` hook, runtime support, and desktop file exist in
-source. A prior ISO passed the QEMU app-service path. Current HEAD still
-needs rebuild and repeat validation.
+source. A recent local ISO artifact passed the QEMU app-service path. Rebuild
+and repeat validation for the exact release commit if the branch moves.
 
 ## 1. The Milady Linux build — the real (fragile) sequence