WithheldActionWitness is a stdlib-only CLI that answers one question:
For this high-risk deployment, is the absence of release justified by evidence duty, rollback risk, and authority state?
It is not a release approval system. It verifies whether withholding a release/action is supported by duty, exposure, rollback, and authority evidence.
justified: non-release is supported by duty evidence, high exposure or quarantine duty, authority evidence, and rollback gap.thin: non-release has partial support, but the evidence chain is incomplete.breach: withholding lacks duty evidence, passed its deadline without hold authority, or does not describe a withheld action.
python withheld_action_witness.py sample
python withheld_action_witness.py run examples/justified.json
python withheld_action_witness.py report examples/justified.json{
"case_id": "WA-001",
"withheld": true,
"action": "robot-os-release",
"obligation": {
"duty_exists": true,
"deadline_passed": false,
"evidence": ["release-duty-2026-06"]
},
"exposure": {
"level": "critical",
"quarantine_required": true,
"evidence": ["pqc-component-exposure"]
},
"rollback": {
"plan_exists": false,
"tested": false,
"evidence": ["rollback-gap-assessment"]
},
"authority": {
"hold_authorized": true,
"approval_missing": false,
"evidence": ["release-board-hold"]
}
}Missing optional fields are handled conservatively. The verdict path is deterministic and performs no network or AI calls.
Every verdict includes:
input_sha256verdict_sha256combined_sha256
These are ADPR-style commitments over canonical JSON. The MVP does not persist an append-only ledger.
python -m unittest discover -s tests