Demo Closeout Pack
Review Pack Summary
Source Binding
Git commit binding: b42163c792cb51a8cc6ea778fad6bc267269ed6c
This is a binding to the commit identity recorded inside the verified Capsule v0.1 artifact. It is not proof that the pack came from a specific operator, organization, or repository host.
Capsule commit ref: snapshot:demo-repo-v1
Capsule repository label: examples/demo-repo
Scope
SPARTAN Scan Scope
- examples/demo-repo
Human Review Scope
- NONE_DECLARED
Exclusions
- None declared
Human Attestations
Human sign-off fields are human attestations, not cryptographic signatures.
- Operator status: pending
- Customer reviewer status: not_applicable
Risk Acceptance
Customer attestation status is NOT_ATTESTED or not_applicable in v0.1. This pack does not claim customer accepted risk.
- Operator record status: not_requested
- Customer attestation status: NOT_ATTESTED
Claims And Non-Claims
- This pack is not a compliance certification.
- This pack is not cryptographically signed. SIGNATURE remains NOT_PRESENT unless a future signature feature explicitly reports SIGNATURE: PASS.
- This pack does not prove origin, identity, authorship, or that it came from a specific operator or organization.
- This pack is not replay-bearing. REPLAY remains NOT_PRESENT unless a future replay feature explicitly reports REPLAY: PASS.
- This pack is not evidence of hermetic execution.
- This pack does not prove all vulnerabilities were found.
- This pack does not prove the target code is safe.
- Human sign-off fields are human attestations, not cryptographic signatures.
- A pack manifest hash match is an integrity check, not proof of origin, identity, or trust.
- A review-pack verify PASS means internal pack consistency, derived-asset consistency, and embedded capsule verification; it does not prove who created the pack.
- Derived-asset re-generation verifies that rendered files match the embedded capsule and normalized engagement. It does not prove the embedded capsule or engagement came from any specific source.