Proof bundle
Public claim-to-artifact verification map.
This page maps commercial claims to concrete outputs so buyers can verify trust statements directly. It is designed for technical reviewers and diligence stakeholders.
This is the public proof preview. Full target-specific artifact sets are delivered through scoped NDA engagements.
| Public claim | Artifact(s) | What to verify |
|---|---|---|
| Same input produces identical outputs | `artifacts.sha256` | Hash manifest and deterministic reruns match. |
| Claims are evidence-linked | `evidence-index.json`, `evidence.json` | Fact references resolve to concrete path/hash/line evidence. |
| Unknowns are explicit, not hidden | `unknowns.json` | Coverage and uncertainty are surfaced with policy metadata. |
| Decision-ready risk concentration view | `risk-matrix.json`, risk-map SVGs | Top impact/likelihood cells and hotspot concentration are clear. |
| Controls and compliance aid are traceable | `controls-coverage.json`, `compliance-overlay.json`, framework control artifacts | Control gaps, not-applicable state, and mapped risk rows are explicit. |
| Capability posture is current | `CAPABILITIES_SCORECARD.md` | Dated framework scores and baseline counters align with latest run. |
Use-case entry points
Public preview vs NDA delivery
Public preview: proof of method and trust verification. NDA delivery: complete target-run evidence, control mapping, compliance overlays, and deterministic manifests ready for engineering, security, and auditor validation.
Choose execution model for your scoped package: