# Pages Verification Receipt

Status: `pages_verification_receipt_manual_review_only_closed_until_human_yes`

This receipt gives an awake operator a compact, repeatable way to prove the Sonic-Forage Pages surface is serving the latest safe proof-hub artifacts without treating a successful HTTP probe as permission to post, stream, upload, charge, train, or mutate cron.

Canonical namespace: `Sonic-Forage`
Canonical Pages URL: <https://sonic-forage.github.io/afterparty-forge-explainer-site/>
Canonical repo: <https://github.com/Sonic-Forage/afterparty-forge-explainer-site>

## Human approval question

Do you approve using this Sonic-Forage Pages verification receipt as the current proof-hub source map for a manual report, while keeping all public/commercial/media/model/cron actions closed until a separate explicit yes?

## Closed-gate readout

- `public_posting=false`
- `outreach=false`
- `paid_promotion=false`
- `youtube_upload=false`
- `publishes_stream=false`
- `records_audio=false`
- `uploads_private_media=false`
- `payment_links=false`
- `claim_revenue=false`
- `claim_openai_affiliation=false`
- `starts_gpu=false`
- `starts_paid_api=false`
- `downloads_models=false`
- `starts_training=false`
- `mutates_cron=false`
- `secret_exposure=false`

## 60-second manual verification route

1. From a clean repo checkout, run the aggregate verifier:
   - `PYTHONDONTWRITEBYTECODE=1 python3 scripts/verify_site.py`
   - Expected highlight: `STATIC SURFACE OK` followed by `VERIFY OK afterparty explainer site`.
2. Confirm whitespace hygiene:
   - `git diff --check`
   - Expected highlight: no output and exit code `0`.
3. Confirm the pushed branch matches the intended local commit:
   - `git status --short --branch`
   - `git ls-remote origin refs/heads/main`
   - Expected highlight: local branch is clean and the remote main SHA matches the report SHA.
4. Probe the explicit served file path rather than only the bare URL:
   - `python3 - <<'PY'` with `urllib.request` against `https://sonic-forage.github.io/afterparty-forge-explainer-site/index.html?cb=<SHORT_SHA>`.
   - Expected needles: `Proof Hub Second-Click Route`, `Pages Verification Receipt`, and `Sonic-Forage`.
5. Probe the new JSON receipt path:
   - `https://sonic-forage.github.io/afterparty-forge-explainer-site/data/pages-verification-receipt.json?cb=<SHORT_SHA>`
   - Expected fields: `status`, `canonical_namespace`, `proof_paths`, `closed_gates`, and `requires_human_approval`.
6. If Pages API or cache appears stale, verify raw exact-commit GitHub content for this doc and JSON, then report Pages as pending/stale rather than failed.

## Proof paths

- `docs/index.html`
- `docs/data/site-manifest.json`
- `docs/data/pages-verification-receipt.json`
- `docs/reports/PAGES_VERIFICATION_RECEIPT.md`
- `scripts/verify_site.py`
- `docs/launch/PROOF_HUB_SECOND_CLICK_ROUTE.md`
- `docs/data/proof-hub-second-click-route.json`

## Safe wording blocks

- “The Sonic-Forage proof hub has a verified static surface and closed-gate manifests.”
- “Pages may lag; verify `/index.html?cb=<sha>` and the JSON path before claiming the public surface is current.”
- “This is a manual report receipt, not approval to post, stream, upload, charge, train, or spend.”
- “All revenue, affiliation, public launch, and live-stream claims must point to repo-local proof paths or stay as non-claims.”

## Do-not-say lines

- Do not say revenue was earned unless a payment is independently verified.
- Do not say Sonic-Forage is affiliated with OpenAI or any platform.
- Do not say a stream, Space, YouTube upload, dataset release, GPU job, or training run happened from this receipt.
- Do not say a buyer was contacted or an invoice/payment link exists.
- Do not expose tokens, private URLs, `.env` values, or secret-bearing logs.

## Blocked without approval

- Public posting, scheduling, replies, DMs, or outreach.
- Twitter/X Spaces, Kick/Twitch/OBS stream start or restart, and any recording.
- YouTube video/caption/thumbnail upload or public release.
- Payment links, invoices, checkout pages, purchases, subscriptions, or paid promotion.
- Hugging Face dataset publication, private-media upload, model downloads, GPU jobs, paid API jobs, or training.
- Wallet actions, secret display, credential rotation, and cron creation/update/removal.

## Failure recovery

- If `verify_site.py` fails, do not report the Pages surface as ready; fix the local proof path or closed-gate assertion first.
- If live Pages JSON 404s but raw exact-commit content exists, report “Pages build/cache pending” and include the raw proof path.
- If the bare Pages URL is stale, retry `/index.html?cb=<sha>` before declaring failure.
- If git push fails with stale token errors, retry with stale env tokens unset; otherwise report the local commit and sanitized blocker.