{ "ok": true, "status": "VERIFY_PASS", "zip_path": "review-pack.zip", "checks": [ { "check": "SIDECAR_SHA256", "outcome": "PASS", "detail": "review-pack.zip.sha256 matched review-pack.zip" }, { "check": "ZIP_SAFETY", "outcome": "PASS", "detail": "safe ZIP listing passed before extraction" }, { "check": "ZIP_EXTRACT", "outcome": "PASS", "detail": "safe ZIP extraction completed in a randomized temp directory" }, { "check": "PACK_MANIFEST", "outcome": "PASS", "detail": "manifest schema and entry hashes matched" }, { "check": "ENGAGEMENT", "outcome": "PASS", "detail": "ENGAGEMENT.json schema and render context matched" }, { "check": "CAPSULE_VERIFY", "outcome": "PASS", "detail": "embedded Capsule v0.1 verified and source identity matched" }, { "check": "DERIVED_ASSETS", "outcome": "PASS", "detail": "generated review-pack assets re-derived byte-identically" } ], "schema_version": "spartan.review_pack_verify_output.v0.1", "verifier_engine_version": "spartan.review_pack_verifier.v0.1", "review_pack_format_version": "spartan.review_pack.v0.1", "final_status": "VERIFY_PASS", "ordered_checks": [ "SIDECAR_SHA256", "ZIP_SAFETY", "ZIP_EXTRACT", "PACK_MANIFEST", "ENGAGEMENT", "CAPSULE_VERIFY", "DERIVED_ASSETS" ], "earliest_failing_check_class": null, "check_results": [ { "check": "SIDECAR_SHA256", "outcome": "PASS", "detail": "review-pack.zip.sha256 matched review-pack.zip" }, { "check": "ZIP_SAFETY", "outcome": "PASS", "detail": "safe ZIP listing passed before extraction" }, { "check": "ZIP_EXTRACT", "outcome": "PASS", "detail": "safe ZIP extraction completed in a randomized temp directory" }, { "check": "PACK_MANIFEST", "outcome": "PASS", "detail": "manifest schema and entry hashes matched" }, { "check": "ENGAGEMENT", "outcome": "PASS", "detail": "ENGAGEMENT.json schema and render context matched" }, { "check": "CAPSULE_VERIFY", "outcome": "PASS", "detail": "embedded Capsule v0.1 verified and source identity matched" }, { "check": "DERIVED_ASSETS", "outcome": "PASS", "detail": "generated review-pack assets re-derived byte-identically" } ], "errors": [], "non_claims": [ "This pack is not a compliance certification.", "This pack is not cryptographically signed. SIGNATURE remains NOT_PRESENT unless a future signature feature explicitly reports SIGNATURE: PASS.", "This pack does not prove origin, identity, authorship, or that it came from a specific operator or organization.", "This pack is not replay-bearing. REPLAY remains NOT_PRESENT unless a future replay feature explicitly reports REPLAY: PASS.", "This pack is not evidence of hermetic execution.", "This pack does not prove all vulnerabilities were found.", "This pack does not prove the target code is safe.", "Human sign-off fields are human attestations, not cryptographic signatures.", "A pack manifest hash match is an integrity check, not proof of origin, identity, or trust.", "A review-pack verify PASS means internal pack consistency, derived-asset consistency, and embedded capsule verification; it does not prove who created the pack.", "Derived-asset re-generation verifies that rendered files match the embedded capsule and normalized engagement. It does not prove the embedded capsule or engagement came from any specific source." ], "redaction_safe_diagnostics": [], "artifact_basenames_only": { "review_pack_zip": "review-pack.zip", "sha256_sidecar": "review-pack.zip.sha256" }, "supported_pack_versions": [ "spartan.review_pack.v0.1" ], "version_skew_status": "SUPPORTED" }