# 03 — Verification transcript

> **Synthetic sample.** This is what a CCO sees when they run the verify
> command against a Proofroom kit. All values below are fictional. No host
> paths, no real signing keys, no real run ids.

The CCO never has to trust our infrastructure. They run the same command
an internal engineer would run, against the kit folder we shipped them.

────────────────────────────────────────────────────────────────────────────
$ pnpm verify-report 01-cascade-report.pdf \
    --trusted-key "$(cat proofroom-pubkey.txt)"
────────────────────────────────────────────────────────────────────────────
INNORVE PROOFROOM — VERIFY run_sample_aaaaaaaa-bbbb-cccc
────────────────────────────────────────────────────────────────────────────
PDF path:           ./01-cascade-report.pdf
Local PDF SHA-256:  0000000000000000000000000000000000000000000000000000000000000000
Mode:               offline (manifest extracted from PDF)

✓ Manifest signature                  Signature verifies against the embedded public key.
✓ Trusted issuer                      Public key (SAMPLE:00000000:00000000) is in the trusted-issuer registry.
✓ Citation provenance                 All 5 cited authorities are in the published library.
✓ Cost provenance                     All 7 referenced cost bases are in the published library.
✓ Citation library version            Library hash matches current build (2026-04-22).
✓ Cost library version                Cost library hash matches current build (2026-04-22).
✓ Disclaimer version                  Disclaimer hash matches current platform disclaimer (v1.0.0).
✓ Validator status at generation      Validator v1.0.0 passed at generation.

RESULT: PASSED

────────────────────────────────────────────────────────────────────────────
$ pnpm verify-scorecard 02-agrs-scorecard.pdf \
    --trusted-key "$(cat proofroom-pubkey.txt)"
────────────────────────────────────────────────────────────────────────────
INNORVE PROOFROOM — VERIFY score_sample_dddddddd-eeee-ffff
────────────────────────────────────────────────────────────────────────────

✓ Scorecard signature                 Signature verifies against the embedded public key.
✓ Trusted issuer                      Public key (SAMPLE:00000000:00000000) is in the trusted-issuer registry.
✓ Bound to run                        Scorecard is sealed against run_sample_aaaaaaaa-bbbb-cccc.
✓ Schema version                      agrs.scorecard/1.0
✓ Validator status at generation      Validator v1.0.0 passed at generation.

RESULT: PASSED

────────────────────────────────────────────────────────────────────────────
WHAT A FAILURE LOOKS LIKE
────────────────────────────────────────────────────────────────────────────

If a kit were tampered with — say, an attacker edited a single character in
the cited cost basis after the seal was applied — the verifier prints:

    ✗ Manifest signature                  Signature does NOT verify against the embedded public key.
    RESULT: FAILED — kit is compromised; do not rely on it.

The CCO never has to ask us whether the kit is real. The math says so or
it does not.

────────────────────────────────────────────────────────────────────────────
End of transcript.
────────────────────────────────────────────────────────────────────────────