Higgs AI · Security Review Evidence

SPARTAN — Verifiable evidence infrastructure for security reviews

Portable · Verifiable · Defensible

SPARTAN turns a security review into deterministic, locally verifiable evidence artifacts. The scanner is the first evidence producer; Capsule v0.1 and Review Pack v0.1 are the portable records a recipient can check without trusting a dashboard or the producer's runtime.

Review Pack v0.1 is intentionally unsigned. It verifies consistency, not origin.

Who Spartan is for

Spartan is built to serve any recipient who needs to verify evidence without trusting its producer. The Review Pack v0.1 surface is live for security review evidence today. The underlying primitive is designed to serve a broader set of recipients as additional surfaces ship.

• Builders and solo developers — Producing portable evidence for clients, customers, or their own records.
• Security review teams — Producing recipient-attachable closeout bundles.
• Enterprise compliance and audit functions — Needing portable, tamper-evident artifacts that survive recipient-side verification.
• Agent platforms and agent-to-agent handoffs — Where one system needs to verify another system's claims without a shared trust root.
• Auditors and recipients — Receiving evidence they need to check independently of the producer's environment.

Review Pack v0.1 is the security-review-evidence surface. Other surfaces are on the roadmap and are not yet live.

How to use Spartan

Spartan is local-first. The full Review Pack v0.1 flow runs on the operator's machine.

Spartan walks a repository, runs a small validator set, and writes every run to local disk with a chain-hashed audit ledger. From a verified Capsule, Spartan packages a Review Pack v0.1: a recipient-attachable closeout bundle with a deterministic ZIP and a mandatory external SHA-256 sidecar.

1. Build evidence. Run Spartan against a repository and build a redacted Capsule v0.1 artifact:
   spartan capsule build --redact --out evidence.tar.gz
spartan capsule verify evidence.tar.gz
2. Author engagement metadata. Write a strict engagement.yaml file describing the engagement, recipient, scope, source identity, attestations, and risk acceptance. repository.remote_url is forbidden in v0.1. Source identity must match the capsule.
3. Build the Review Pack. Package the verified capsule plus engagement metadata into a deterministic wrapper archive and mandatory external sidecar:
   spartan review-pack build --capsule evidence.tar.gz --engagement engagement.yaml --out review-pack/
   Output includes review-pack.zip and review-pack.zip.sha256.
4. Send the pair. Hand the recipient both review-pack.zip and review-pack.zip.sha256. Sending only one is not enough.
5. Recipient verifies locally. In the current private preview, the recipient verifies from a Spartan source checkout:
   spartan review-pack verify review-pack.zip --sha256 review-pack.zip.sha256
   The verifier checks internal consistency only. Result: VERIFY_PASS or VERIFY_FAIL. The output is JSON pinned to schema_version: spartan.review_pack_verify_output.v0.1.

Standalone verifier package: the SPARTAN repo includes a private, unpublished package, @higgs-ai/spartan-verify, as a future distribution surface for the same Review Pack verifier engine. It re-exports the existing verifyReviewPack logic, adds no new verification semantics, and is not published to npm today. Recipients in the private preview still verify through the provided source-checkout workflow unless Higgs AI explicitly provides another path.

Offline Verification

SPARTAN Review Packs can be verified entirely on the recipient's machine: fail-closed, offline-capable, no Higgs AI server in the loop, no account, and no hosted dashboard. For restricted-network environments, the verifier can be built into a self-contained kit — a single-file bundle plus SHA-256 integrity file and offline instructions — that runs with no network connection at verify time.

The SPARTAN repo now includes an Offline Verification Kit v0.1 builder. It assembles a self-contained kit under gitignored dist/offline-kit/ with cli.mjs, index.mjs, SHA256SUMS, offline instructions, and runtime requirements. The builder and its no-network test layer are on main; the generated kit artifact is not published, hosted, or downloadable today.

Verification confirms internal consistency and embedded evidence. It is not a signature and not origin proof. Review Pack v0.1 is intentionally unsigned; a published kit, signed verifier release, and Review Pack origin proof remain separate future decisions.

What is in a Review Pack v0.1

A Review Pack v0.1 build emits a fixed set of 12 files:

• review-pack.zip — Deterministic wrapper archive of the inner pack files.
• review-pack.zip.sha256 — Mandatory external SHA-256 sidecar for review-pack.zip.
• ENGAGEMENT.json — Normalized engagement metadata with machine-readable non-claims.
• review-pack.md — Recipient-facing Markdown closeout pack.
• review-pack.html — Recipient-facing static HTML closeout pack with a strict CSP.
• PACK_MANIFEST.json — Unsigned content-addressed index for inner payload files.
• findings-summary.csv — CSV summary derived from the generated SARIF, with formula-injection escaping.
• verify-output.txt — Embedded Capsule v0.1 verification transcript.
• evidence.tar.gz — Embedded Capsule v0.1 artifact.
• report.html — Static capsule HTML report generated from the embedded capsule.
• findings.sarif — SARIF v2.1.0 export generated from the embedded capsule.
• README_VERIFY_THIS_PACK.md — Recipient verification instructions.

PACK_MANIFEST.json indexes the inner payload files only. It does not hash itself, review-pack.zip, or review-pack.zip.sha256. The wrapper integrity proof is the external sidecar.

What VERIFY_PASS means

A VERIFY_PASS result means all of the following were true for the local files being checked:

• review-pack.zip.sha256 matched the local review-pack.zip bytes. (SIDECAR_SHA256)
• ZIP entry names, types, metadata, and size limits passed safety checks before extraction. (ZIP_SAFETY)
• Extraction happened in a randomized temporary directory with restricted permissions. (ZIP_EXTRACT)
• PACK_MANIFEST.json schema and entry hashes matched the extracted files. (PACK_MANIFEST)
• ENGAGEMENT.json validated against the normalized engagement schema. (ENGAGEMENT)
• The embedded evidence.tar.gz passed the Capsule v0.1 verifier. (CAPSULE_VERIFY)
• Generated assets re-derived byte-identically from ENGAGEMENT.json and the embedded capsule. (DERIVED_ASSETS)

The verifier is intentionally fail-closed. It rejects unsafe ZIP paths, duplicate paths, symlinks, devices, unexpected files, missing mandatory files, unknown sizes, and size-limit violations before extraction begins.

What VERIFY_PASS does not mean

Review Pack v0.1 deliberately does not expand the trust model. A VERIFY_PASS does not mean any of the following:

• Not a signature. Review Pack v0.1 is intentionally unsigned.
• Does not prove origin, identity, authorship, or that the pack came from a specific operator or organization.
• Not signer identity proof.
• Not a compliance certification.
• Not replay-bearing. The pack does not carry a runtime artifact bundle or replay tuples.
• Not evidence of hermetic execution.
• Does not prove all vulnerabilities were found.
• Does not prove the target code is safe.
• Human sign-off fields are human attestations, not cryptographic signatures.
• A pack manifest hash match is an integrity check, not proof of origin, identity, or trust.
• A VERIFY_PASS means internal pack consistency, derived-asset consistency, and embedded capsule verification. It does not prove who created the pack.

An attacker who can replace both review-pack.zip and review-pack.zip.sha256 can create a matching pair. Origin proof would require a future signing or trust-root feature, which is out of scope for v0.1.

Spartan's broader architecture

Spartan is one of three artifact surfaces in the Higgs evidence stack. All three share an architectural foundation: portable, locally verifiable artifacts with explicit trust boundaries. Capsule v0.1 and Review Pack v0.1 are unsigned today; CogniMaps are a separate signed JSON artifact surface.

• Capsule v0.1 and Review Pack v0.1. The artifact surfaces described on this page. Currently unsigned and verified for internal consistency.
• Chain-hashed audit ledger. Every Spartan CLI invocation appends to an append-only NDJSON ledger where each entry chains to the previous one's hash. Tampering with any past entry breaks every subsequent hash.
• CogniMaps. Signed JSON artifacts that carry precomputed reasoning substrates between systems. CogniMaps and Spartan capsules share a verification philosophy: the recipient checks the artifact locally; the producer is not in the trust path.

Roadmap: Standalone verifier package (private, unpublished) and signing frontier are in preflight and are not part of v0.1.

Where Spartan is now

What's public today. The Capsule v0.1 sample at /spartan/sample-capsule/ — a full demonstration of the underlying evidence layer, including the SARIF export, static HTML report, and evidence capsule artifact. This page, describing Review Pack v0.1's surface, verification semantics, and explicit non-claims.

What's in private preview. Review Pack v0.1 is in private design-partner preview. A public generated Review Pack sample is not authorized in v0.1. Design partners receive the sample pack, verification transcripts, and direct access to the Higgs AI team.

What's on the roadmap. Standalone verifier package (private, unpublished; not on npm today). Signing frontier and recipient trust policy. Additional artifact surfaces beyond security review evidence.

Signing, origin proof, and recipient trust policy are documented as planning preflights only. They are not implemented in Review Pack v0.1 and are not active product capabilities.

To request a private preview of Review Pack v0.1 or to talk through how Spartan's architecture might apply to your verification problem, contact Higgs AI.

Sample Capsule Demo — examples/demo-repo

A live sample capsule artifact set is publicly available, built against examples/demo-repo — the intentionally-vulnerable benchmark in the SPARTAN source tree. Capsule ID: 6409463f0c788d8c5602b280bd7405fd1ee0080a8233c26caa72bfa6e7dbd4e7. 11 total findings. CRITICAL: 1. HIGH: 10. EVIDENCE_BACKED: 2. ANALYST_HYPOTHESIS: 9.

• spartan-sample-capsule-v0.1.zip — single-file download of the full kit
• report.html — static HTML report
• findings.sarif — SARIF v2.1.0 export
• evidence.tar.gz — Evidence Capsule artifact
• CLAIMS_AND_NON_CLAIMS.md

Sample evidence only — not production customer evidence. SIGNATURE: NOT_PRESENT. REPLAY: NOT_PRESENT. Not hermetic execution. Not compliance certification. Not a scanner replacement.

Talk to Higgs AI about SPARTAN

Spartan is built to be used. If you have a security review you would attach to a client closeout, customer security review, or internal sign-off, we want to hear how Review Pack v0.1 lands against your real workflow.

Talk to Higgs AI →

Source: SPARTAN main @ c8e2c13a