Sample binder · Proofroom

What a kit looks like
before you ship one.

Three synthetic artifacts that mirror the shape of a real Proofroom pilot deliverable: a Cascade Report, an AGRS Scorecard, and the offline verification transcript a CCO runs against the kit. The data is fictional. The structure is the one your model-risk reviewer will see.

Request a real pilot →Read the Proofroom page
// All values below are synthetic// Tenant: Crestmont Sample FCU// Public-key fingerprint: SAMPLE:00000000:00000000
What you’re looking at

A binder is the unit of pilot evidence.

One workflow decision produces one Cascade Report. The same decision produces one AGRS Scorecard. The kit folder ships both sealed against a manifest, plus a public key and a verification command. The CCO can re-run the verify offline; if the math checks, the kit is real, and the binder is the audit-defensible artifact for that decision.

In a real pilot, the binder cover page also names the BSA / CCO / model-risk owner who reviewed and attested to the decision. Synthetic samples don’t name any reviewer because we won’t put a real human’s name on a fictional record.

01

Cascade Report

The decision artifact. Cited authorities, cost rationale, sealed against a manifest. This is what the model-risk owner reads.

Open raw →
# 01 — Cascade Report

> **Synthetic sample.** Tenant, run, and signing values below are fictional.
> The shape of every field matches a real Proofroom kit; the values do not
> correspond to any real institution, applicant, or signing key.

────────────────────────────────────────────────────────────────────────────
INNORVE PROOFROOM — CASCADE REPORT
────────────────────────────────────────────────────────────────────────────

Tenant:                 Crestmont Sample FCU (synthetic)
Workflow:               Sample HELOC Pre-Decision Triage
Generated at:           2026-04-15T09:32:11Z
Report renderer:        v1.0.0
Simulator:              v1.0.0
Run ID:                 run_sample_aaaaaaaa-bbbb-cccc
Score ID:               score_sample_dddddddd-eeee-ffff
Anchor sequence:        #4,182
Public-key fingerprint: SAMPLE:00000000:00000000

────────────────────────────────────────────────────────────────────────────
1. WORKFLOW DECISION
────────────────────────────────────────────────────────────────────────────

Decision class:         CONDITIONAL APPROVAL — escalate to human reviewer
Confidence band:        0.78 (band: medium)
Bound to manifest:      yes (sealed at generation, no post-hoc edits)
Cited authorities:      5 (NCUA Reg X §1024.32 · CFPB Reg Z §1026.43 ·
                            FCRA §609 · NCUA Letter 14-CU-08 · UDAAP
                            guidance 2018)
Cost-impact rationale:  7 line items referenced from the published cost
                        library; all hashes match v2026-04-08 of the lib

────────────────────────────────────────────────────────────────────────────
2. EVIDENCE TRAIL
────────────────────────────────────────────────────────────────────────────

  agrs.eval.run            = AGRS-2026-04-15-S0001 (band: PASS)
  agrs.divergence.score    = 0.04 (threshold: 0.30; PASSED)
  ledger.event.report      = evt_sample_00000041 (sequence #4,182)
  ledger.event.score       = evt_sample_00000042 (sequence #4,183)
  validator.status         = v1.0.0 PASSED
  citation.library.version = 2026-04-22
  cost.library.version     = 2026-04-22
  disclaimer.version       = v1.0.0

────────────────────────────────────────────────────────────────────────────
3. RESPONSIBILITY ATTESTATION
────────────────────────────────────────────────────────────────────────────

This report was generated by Innorve Proofroom v1.0.0 acting on behalf of
the synthetic tenant above. No human reviewer is named in this sample. In a
production binder, the BSA / CCO / model-risk owner who reviewed and
attested to the decision is named here with their date of review.

Run by:                 (synthetic)
Reviewer attestation:   (synthetic — see binder cover page in production)

────────────────────────────────────────────────────────────────────────────
4. RE-VERIFICATION INSTRUCTIONS
────────────────────────────────────────────────────────────────────────────

The CCO can re-verify this report at any time, offline, with the same
command an internal engineer would run:

    pnpm verify-report 01-cascade-report.pdf \
      --trusted-key "$(cat proofroom-pubkey.txt)"

A passing run prints:

    ✓ Manifest signature
    ✓ Trusted issuer
    ✓ Citation provenance
    ✓ Cost provenance
    ✓ Validator status at generation
    RESULT: PASSED

See `03-verify-transcript.md` in this binder for the synthetic transcript
shape.

────────────────────────────────────────────────────────────────────────────
End of report.
────────────────────────────────────────────────────────────────────────────
02

AGRS Scorecard

Five dimensions, 0–100 each, plus divergence vs the prior run. Sealed against the same manifest as the report.

Open raw →
# 02 — AGRS Scorecard

> **Synthetic sample.** Scores, dimensions, and tenant below are fictional.
> The schema (`agrs.scorecard/1.0`) is the real one; the values are not.

────────────────────────────────────────────────────────────────────────────
INNORVE PROOFROOM — AGRS SCORECARD (v1.0)
────────────────────────────────────────────────────────────────────────────

Schema:                 agrs.scorecard/1.0
Score ID:               score_sample_dddddddd-eeee-ffff
Bound to run:           run_sample_aaaaaaaa-bbbb-cccc
Generated at:           2026-04-15T09:32:11Z
Tenant:                 Crestmont Sample FCU (synthetic)
Workflow:               Sample HELOC Pre-Decision Triage
Public-key fingerprint: SAMPLE:00000000:00000000

────────────────────────────────────────────────────────────────────────────
1. DIMENSION SCORES (0 – 100)
────────────────────────────────────────────────────────────────────────────

  Authority alignment ............ 92  (anchor citations match the
                                        published authority library)
  Cost-impact discipline ......... 88  (cost references resolve to the
                                        published cost library)
  Reasoning trace ................ 81  (each conclusion has a step-trace
                                        that re-runs to the same answer)
  Hallucination quarantine ....... 95  (claim-to-source binding 1:1)
  Disclaimer compliance .......... 100 (canonical disclaimer present,
                                        unmodified, version v1.0.0)

  Composite (weighted) ........... 91  / 100
  Band ........................... PASS

────────────────────────────────────────────────────────────────────────────
2. DIVERGENCE FROM PRIOR RUN
────────────────────────────────────────────────────────────────────────────

  Reference run:           run_sample_99999999-zzzz-yyyy (2026-04-08)
  Composite delta:         +1.4
  Per-dimension max delta: 3.2 (cost-impact discipline)
  Threshold:               6.0
  Verdict:                 WITHIN_BAND (no regression alarm)

────────────────────────────────────────────────────────────────────────────
3. ATTESTATION
────────────────────────────────────────────────────────────────────────────

This scorecard is sealed against the manifest. Any post-hoc edit to the
underlying report would break the seal; a CCO re-running `verify-scorecard`
would see a `MANIFEST DRIFT` error.

────────────────────────────────────────────────────────────────────────────
4. RE-VERIFICATION INSTRUCTIONS
────────────────────────────────────────────────────────────────────────────

    pnpm verify-scorecard 02-agrs-scorecard.pdf \
      --trusted-key "$(cat proofroom-pubkey.txt)"

A passing run prints:

    ✓ Scorecard signature
    ✓ Trusted issuer
    ✓ Bound to run
    ✓ Schema version
    ✓ Validator status at generation
    RESULT: PASSED

────────────────────────────────────────────────────────────────────────────
End of scorecard.
────────────────────────────────────────────────────────────────────────────
03

Verification transcript

What a CCO sees when they run the verify command offline against the kit folder we shipped. This is the audit deliverable.

Open raw →
# 03 — Verification transcript

> **Synthetic sample.** This is what a CCO sees when they run the verify
> command against a Proofroom kit. All values below are fictional. No host
> paths, no real signing keys, no real run ids.

The CCO never has to trust our infrastructure. They run the same command
an internal engineer would run, against the kit folder we shipped them.

────────────────────────────────────────────────────────────────────────────
$ pnpm verify-report 01-cascade-report.pdf \
    --trusted-key "$(cat proofroom-pubkey.txt)"
────────────────────────────────────────────────────────────────────────────
INNORVE PROOFROOM — VERIFY run_sample_aaaaaaaa-bbbb-cccc
────────────────────────────────────────────────────────────────────────────
PDF path:           ./01-cascade-report.pdf
Local PDF SHA-256:  0000000000000000000000000000000000000000000000000000000000000000
Mode:               offline (manifest extracted from PDF)

✓ Manifest signature                  Signature verifies against the embedded public key.
✓ Trusted issuer                      Public key (SAMPLE:00000000:00000000) is in the trusted-issuer registry.
✓ Citation provenance                 All 5 cited authorities are in the published library.
✓ Cost provenance                     All 7 referenced cost bases are in the published library.
✓ Citation library version            Library hash matches current build (2026-04-22).
✓ Cost library version                Cost library hash matches current build (2026-04-22).
✓ Disclaimer version                  Disclaimer hash matches current platform disclaimer (v1.0.0).
✓ Validator status at generation      Validator v1.0.0 passed at generation.

RESULT: PASSED

────────────────────────────────────────────────────────────────────────────
$ pnpm verify-scorecard 02-agrs-scorecard.pdf \
    --trusted-key "$(cat proofroom-pubkey.txt)"
────────────────────────────────────────────────────────────────────────────
INNORVE PROOFROOM — VERIFY score_sample_dddddddd-eeee-ffff
────────────────────────────────────────────────────────────────────────────

✓ Scorecard signature                 Signature verifies against the embedded public key.
✓ Trusted issuer                      Public key (SAMPLE:00000000:00000000) is in the trusted-issuer registry.
✓ Bound to run                        Scorecard is sealed against run_sample_aaaaaaaa-bbbb-cccc.
✓ Schema version                      agrs.scorecard/1.0
✓ Validator status at generation      Validator v1.0.0 passed at generation.

RESULT: PASSED

────────────────────────────────────────────────────────────────────────────
WHAT A FAILURE LOOKS LIKE
────────────────────────────────────────────────────────────────────────────

If a kit were tampered with — say, an attacker edited a single character in
the cited cost basis after the seal was applied — the verifier prints:

    ✗ Manifest signature                  Signature does NOT verify against the embedded public key.
    RESULT: FAILED — kit is compromised; do not rely on it.

The CCO never has to ask us whether the kit is real. The math says so or
it does not.

────────────────────────────────────────────────────────────────────────────
End of transcript.
────────────────────────────────────────────────────────────────────────────
Take it from synthetic to real

Tell us the workflow you want made audit-defensible.
We’ll send a 2-week pilot scope by end of next business day.

Request a governance pilot →Or read the Method