Dependency Epochs

Dependency epochs guard a run root against unacknowledged runtime changes. Snapshots include Pixi lockfile hash, active Pixi environment, configured package versions, sanitized installed package source metadata, platform identity, and external editable dependency Git state. Source metadata is included so Git-installed packages can change dependency epochs even when their version strings do not change.

Initialize or check a contract:

reprotrail epoch check --run-root results/run

Accept a changed runtime knowingly:

reprotrail epoch check \
  --run-root results/run \
  --acceptance-reason "validated smoke metrics"

Audit product sidecars:

reprotrail epoch audit --run-root results/run --output results/run/qc/epochs.json