Read-only first
No production logs or secrets in public forms.
No receipt, no clean claim
UNKNOWN is honest when receipts are missing.
External Verify
Manifest, hashes, Merkle root and replay notes can be checked independently.
Tenant isolation
Every pack binds tenant, case, run and boundary.
PII / secret discipline
Secret leaks and unexpected files must be rejected by verifier policy.
Limits & Scope
Every pack states what it proves and what remains out of scope.