Evidence Packs
The audit-ready release bundle created from runs, findings, artifacts, and reviewer decisions.
Purpose
An evidence pack is the durable artifact. It packages enough proof for a release reviewer or audit trail without copying raw customer data into the hosted app by default.
Artifact contracts
See the JSON shape shared by runners, APIs, dashboards, and exports.
Data handling
See what stays local and what the control plane stores.
Pack Contents
| Section | Includes |
|---|---|
| Summary | Release, project, status, blockers, reviewer state |
| Runs | Run ids, tool versions, inputs, status history |
| Findings | Normalized context and policy findings |
| Artifacts | Names, hashes, storage references, redaction state |
| Decisions | Approval, block, waiver, owner, timestamp, expiration |
| Export | JSON and optional customer audit-storage copy |
Example
{
"packId": "pack_support_bi_20260706",
"schemaVersion": "0.1.0",
"project": "support-bi-copilot",
"release": "release_2026_07_06",
"status": "blocked",
"summary": {
"blockers": ["tenant_scope_required"],
"review": "security_required"
},
"runRefs": ["run_20260706_001"],
"artifacts": [
{
"name": "policystrata.findings.json",
"sha256": "..."
}
],
"decisions": []
}Review Checklist
- Confirm the release candidate and commit are correct.
- Confirm the source sets and policy suites are the intended scope.
- Inspect all blocking findings and redacted witnesses.
- Approve, waive, or block with an owner and reason.
- Export the pack to customer audit storage when required.