TezzNative v1.1.0 is hardening toward production. View roadmap

Package trust

Reproducible package metadata for the first-party SDK set.

Milestone 5 gates the public tezz tool, launchers, SemVer package pins, lock/registry parity, package checksums, and generated package inventory docs.

Gate

Windows
powershell -ExecutionPolicy Bypass -File .\tests\conformance\run-package-trust.ps1 -Tezzc .\TezzNative-language\build\tezzc.exe
Linux / WSL
bash tests/conformance/run-package-trust.sh ./TezzNative-language/bin/tezzc-linux-x64
Expected
PACKAGE_TRUST_SUMMARY passed=12 failed=0

Commands

CommandContract
tezz initCreates project metadata, cache directories, and template files with SemVer dependency pins.
tezz addInstalls a package, verifies the package checksum, updates tezz.mod, and updates tezz.lock.
tezz removeRemoves a dependency and rewrites tezz.mod plus tezz.lock deterministically.
tezz updateRuns explicit SDK update modes: check, install, reinstall, or uninstall.
tezz lockRegenerates tezz.lock from tezz.mod and local first-party package sources.
tezz publishRegenerates lock and registry metadata without hidden network side effects.
tezz testKeeps the conformance, stdlib, tooling, runtime, and native lanes reachable from the tool.
tezz build --releaseBuilds with release defaults and refreshes dependency locks when project metadata exists.

Metadata

  • tezz.mod declares lowercase package names, SemVer package pins, registry URL, and module root.
  • tezz.lock stores sorted name@version CHECKSUM URL rows with payload metadata.
  • registry.tnx stores sorted name@version URL CHECKSUM rows with matching payload metadata.
  • Package checksums are deterministic 8-hex source-byte hashes with CRLF normalized to LF; release archives remain SHA-256 verified.

First-Party Targets

JSON CLI argument parser Logging Config file support Regex SQLite binding HTTP client/server polish Testing assertions Benchmark helpers