Keys never leave your machine

Docs // evidence pack

Evidence Pack schema — versioned, signed, assessor-ready.

The JSON export your auditor receives from Trust Operations Console. Same shape as the public sample — verify offline without uploading source code.

Evidence Pack schema

Ed25519

commit envelopes

offline-verifiable proof

local-only

CLI & HOOKS

repo never uploaded

Scroll Gate

PR enforcement

signed vs unsigned

SSX360

control plane

identity · billing · audit

Schema

ssx360.evidence-pack.v1

One artifact shape for sample download, simulator output, and live Team+ export.

ssx360.evidence-pack.v1Ed25519 detached signatureOffline verifiable

Machine readers: plain JSON at /samples/evidence-pack-sample.json · sibling .sig file ships beside the sample. · Compliance mappings

Glossary

Field reference

Assessor landing page — every top-level key explained below.

Top-level fields

schema
Version string — currently ssx360.evidence-pack.v1
issued_at
ISO-8601 UTC timestamp when the pack was generated
account
Redacted org identity: email hash, plan, entitlement state
summary
Aggregate counts: repos, events, signed/unsigned/blocked/review
events[]
Commit ledger rows: repo, branch, commit SHA, actor, policy result
policy_templates[]
Active preset rules evaluated at gate time
compliance_mappings[]
Procurement language mapped to DORA, PCI DSS v4.0.1, FS AI RMF, SSDF, and EU AI Act readiness
signature
Detached Ed25519 signature over canonical JSON bytes

Assessor

Verify offline

No account required — paste JSON at /verify or use the CLI.

bash · verify
matrixscroll verify --envelope path/to/envelope.json
# Or paste JSON at https://ssx360.com/verify