# Hatchways VM Lifecycle Proof

Make the candidate-VM lifecycle auditable before a Hatchways-style technical pilot: provisioning, recorder bootstrap, submission teardown, scheduled cleanup, and current limits.

## Lifecycle Controls

### Provisioned developer VM per candidate session

- Proof: /api/vm/provision creates or recovers a session-scoped Fly Machine and returns the tokenized terminal route.
- Buyer signal: Candidate gets a real repo workspace instead of a browser-only coding pad.

### Recorder bootstrap

- Proof: /vm/bootstrap.sh installs ae-claude, ae-codex, ae-snapshot, ae-package, ae-finalize, ae-task, and ae-submit-steps.
- Buyer signal: Reviewer packet can include Codex/Claude transcript exports, terminal logs, git snapshots, and final evidence.

### Submission teardown marker

- Proof: Final evidence submission marks a VM teardown due immediately when autoTeardownVmOnSubmit is enabled.
- Buyer signal: Submitted assessments do not leave candidate workspaces open indefinitely.

### Scheduled expired-VM cleanup

- Proof: ops/scripts/teardown-expired.js calls authenticated /api/vm/teardown-expired from launchd/sync-state automation.
- Buyer signal: A cleanup path exists for abandoned or expired sessions without relying on a human clicking the UI.

## Current Runtime

- Candidate session expiry: none
- VM TTL: 240 minutes
- Auto teardown on submit: true
- VM provider: Fly Machines
- Cleanup endpoint: /api/vm/teardown-expired
- Cleanup caller: ops/scripts/teardown-expired.js

## Verification Commands

- npm run verify
- GET /vm/lifecycle.json returns buyer=Hatchways and current_runtime.vm_ttl_minutes.
- GET /vm/bootstrap.sh contains ae-finalize and ae-submit-steps.
- POST /api/vm/teardown-expired requires system auth.

## Current Limits

- Real GitHub App creation remains account-level; GitHub Actions is the verified fallback.
- The cleanup endpoint requires system authentication and does not expose Fly tokens or machine credentials.
- This packet proves lifecycle design and live routes; it is not a SOC 2, DPA, SSO, or retention SLA claim.

## Not Claimed

- No official Hatchways partnership is claimed.
- No perfect anti-cheat or outside-AI prevention is claimed.
- No unauthenticated VM teardown is exposed.

## Proof URLs

- Lifecycle JSON: https://hottea.ai/vm/lifecycle.json
- Recorder bootstrap: https://hottea.ai/vm/bootstrap.sh
- Sample reviewer packet: https://hottea.ai/sample-report
- Sample evidence JSON: https://hottea.ai/api/sample-evidence
- Public config: https://hottea.ai/api/config
- OpenAPI: https://hottea.ai/openapi.yaml