Every public BuildCam claim is backed by an evidence record. Proof items are agent-verified — linked to packet IDs, build numbers, and observable outputs. No unverified claims.
BuildCam production site is live and returns HTTP 200 on all 9 public routes.
Build #20 and Build #22 passed. Python urllib smoke test confirmed HTTP 200 on /, /builds, /episodes, /failures, /proof, /companies, /sponsor, /submit, /studio. CloudFront E1SDUOSKW85R0A → d1bspkt74z4742.cloudfront.net.
BuildCam infrastructure uses zero permanent admin credentials. All AWS access is via short-lived OIDC tokens with scoped least-privilege roles.
Bootstrap admin in both staging (account 833319601472) and production (account 715398629366) had AdministratorAccess detached post-first-apply. Both accounts: zero attached policies on bootstrap role. Tagged status=emergency-only. IAM role list-attached-role-policies confirmed NONE. Builds #14–#16 (staging) and Build #17 (production) verified.
BuildCam staging CI/CD pipeline runs exclusively with least-privilege roles — no admin access in any pipeline step.
Build #14 passed full tofu plan+apply using BuildCamOpenTofuApplyRole (no AdministratorAccess). Build #14 passed deploy using buildcam-web-deploy-staging. Zero bootstrap admin role usage in any step. Verified via IAM trust policy inspection and build log review.
BuildCam production pipeline gate (approve-production) is agent-unblockable — no human click required for deployment when all criteria pass.
Build #20 and Build #22: approve-production block step unblocked via buildkite-controller.sh unblock without Rico UI interaction. Gate criteria verified in code before unblock call. All 9 routes HTTP 200 post-deploy confirmed.
BuildCam failure records are primary sources — real failures from the actual build, documented in the production site.
Failure Museum at /failures contains F-001 through F-006. Each entry corresponds to a real build failure in the Buildkite pipeline: OIDC audience mismatch (Build #7–9), StringEquals wildcard (Build #8), permissions boundary on reads (Build #10–12), YAML block scalar (Build #15), Buildkite secret prefix rejection (PKT-BCM-2026-0015), RC pipeline mismatch (Build #18). All entries trace to specific build numbers and packet IDs.