Acme Bank UK Limited · Credit Review Agent · March 2026
| Scope of agents | did:web:acmebank.uk:agents:credit_review |
|---|---|
| Agent version | 3.2.1 (capture SDK v1.0.4) |
| Reporting period | 1 March 2026 — 31 March 2026 (UTC) |
| Environment | production |
| Region | eu-west-1 |
| Tenant | acme-bank-uk-ltd |
| Primary framework | EU AI Act, Article 12 & 26(6) |
| Co-applicable | GDPR Art. 22 · GDPR Art. 30 · FCA SS1/23 · Consumer Duty |
| Monthly meta-root | 315735810cdfb03cf4b1eb0519a42589f2b940212db079745a40aafac18e61ea |
|---|---|
| Sigstore Rekor entry | #94082328 · anchored 2026-04-01T00:14:22Z |
| Signing key fingerprint | SHA256:a50325270c83d8f686403c5ffd270ca02d06323d4693d674cc0aa4b91bb2ad1b |
| Verifier CLI | runfile-verifier v1.0.2 |
| Verified | 2026-04-02T09:14:22Z (offline mode) |
Prepared by Runfile Systems Ltd under the audit-log production contract with Acme Bank UK Limited. This package is a reproducible, third-party-verifiable record of every event captured for the named agent in the reporting period.
To re-verify this package, follow the instructions on §08. The verification does not require trust in Runfile.
This package documents every action taken by Acme Bank UK Limited’s credit_review agent on behalf of its customers during March 2026. The package is structured so that an external auditor, internal audit lead, or regulator can:
The agent under review is a credit-decision system that assesses personal loan applications between £1,000 and £75,000 against a published lending policy. It runs in production across Acme’s mobile and web channels. Outputs that fall outside the agent’s authority — applications above the agent’s £25,000 single-decision limit, applications where the debt-to-income ratio exceeds policy thresholds, applications where a credit-bureau anomaly is detected — are escalated to a human underwriter rather than auto-declined.
In March 2026, the agent processed 184,402 applications. Of these, 162,847 (88.3%) were approved automatically, 16,921 (9.2%) were declined automatically under published policy thresholds, and 3,317 (1.8%) were escalated to a human underwriter under the Article 14 human-oversight design. Of the 3,317 escalated cases, 2,000 received final approval from a human reviewer and 1,317 were declined.
A further 1,317 cases were initially routed to auto-decline but flagged by Acme’s complaints channel for review under Consumer Duty; the original decline events and the subsequent appeal events are both captured in the chain and visible in the per-appeal reconstruction queries.
Forty-seven events show guardrail refusals. These are not failures of the agent — they are the system correctly declining to act on out-of-policy input (such as applications mis-routed from a different product line, or prompts containing unredacted bureau identifiers). Refusal events are first-class evidence of effective oversight under EU AI Act Article 14 and demonstrate that the controls fired when they should have.
The package is INTACT. The 1,475,216 events recorded in the period form an unbroken per-event hash chain. Each day in the period was committed to a signed daily Merkle root, and each week’s roots were anchored to the public Sigstore Rekor transparency log. The integrity of the record can be re-verified independently using the Runfile Verifier CLI, without contacting Runfile’s infrastructure.
The package maps to nine regulatory controls. All nine are satisfied. The control-by-control breakdown begins on §03.
This section reconstructs one representative decision from the period in full. The decision is run 8a7b3c2d-credit_review-20260314T114203Z — a £24,500 personal-loan application processed on 14 March 2026 at 11:42:03 GMT for an existing customer (identifier tokenised at the SDK boundary).
The outcome was a decline, escalated to a human underwriter, who confirmed the decline. The reconstruction shows every event the agent recorded, in temporal and causal order, with each event’s hash chain entry visible.
Run ID: run_8a7b3c2d-credit_review-20260314T114203Z Agent identity: did:web:acmebank.uk:agents:credit_review Agent version: 3.2.1 Capture SDK: runfile-sdk-python v1.0.4 Principal: customer:hash:f8a2b9c1d3e4f567 (tokenised; resolution audit-logged) Tenant: acme-bank-uk-ltd Environment: production Region: eu-west-1 Started: 2026-03-14T11:42:03.117Z Completed: 2026-03-14T11:54:22.291Z Total duration: 12 minutes 19 seconds (of which 12m 17s in human review) Final outcome: declined
The agent executed eight events. Each event’s payload was canonical-JSON serialised (RFC 8785), hashed with SHA-256, and chained against the prior event’s chain entry. The full 64-character hash for each event is listed in the integrity table on §05; the first sixteen characters are shown inline below.
The agent is invoked with a customer principal binding, the application payload (loan amount £24,500, requested term 60 months), and the tenant context. The principal is already tokenised at the SDK boundary; the cleartext customer identifier is held only in Acme’s environment.
chain.prior_hash: 0000000000000000… chain.entry_hash: 33b2d55062707991… parent: (root)
The agent fetches the credit bureau record for the customer (Experian, UK consumer). The full request payload and response payload are hashed; the cleartext bureau response is held in Acme’s environment under their existing bureau-data retention policy. Only the hashes leave the customer boundary, plus the structured fields needed for the agent’s reasoning.
tool: experian.bureau_pull args_hash: sha256:9e4b2c8d1a7f3e6b… response_hash: sha256:7c4f9a3b6d8e2c1f… latency_ms: 167 chain.prior_hash: 33b2d55062707991… chain.entry_hash: 96b581af39630ea3… parent: evt_01_a4f7b2c1
The agent calls Anthropic’s Claude 3.5 Sonnet to produce a summary of the application context. The model identifier, the system prompt template hash, the user prompt hash, the response hash, the token counts, and the model parameters (temperature, top-p, seed) are all captured. Temperature is set to 0.0 for production credit decisions, per Acme’s model risk policy SS1/23-MRM-2025-04.
model: claude-3-5-sonnet-20241022 provider: anthropic system_prompt_hash: sha256:credit_review_v3.2.1:a3b2c1d4e5f6… user_prompt_hash: sha256:1f2e3d4c5b6a7980… response_hash: sha256:4d3c2b1a9f8e7d6c… tokens_in: 2,847 tokens_out: 412 temperature: 0.0 top_p: 1.0 seed: (not supplied by provider) latency_ms: 608 chain.prior_hash: 96b581af39630ea3… chain.entry_hash: fc6b32cef6b31f10… parent: evt_01_a4f7b2c1
The agent calls the internal debt-to-income calculator with the customer’s declared monthly income and the bureau-reported monthly obligations.
tool: internal.compute_dti args: { monthly_income_gbp: 3120, monthly_obligations_gbp: 1934 } result: { dti_ratio: 0.620 } chain.prior_hash: fc6b32cef6b31f10… chain.entry_hash: 49e22db88c8be514… parent: evt_03_c9d4e5f3
The agent applies the published lending policy. The maximum debt-to-income ratio for auto-approval is 0.500. The applicant’s ratio of 0.620 exceeds the threshold. The policy specifies that exceeding the DTI threshold routes the application to a human underwriter rather than auto-declining.
policy_id: credit_review.dti_max_v1 policy_version: 1.4.0 input: { dti_ratio: 0.620 } threshold: { max_dti: 0.500 } outcome: violation action: escalate_to_human chain.prior_hash: 49e22db88c8be514… chain.entry_hash: d3cc5a234ef82076… parent: evt_04_d1e5f6a4
The application is routed to Acme’s tier-2 underwriting queue. The case is assigned to underwriter uw_4471.
queue: underwriting.tier_2 assigned_to: underwriter:uw_4471 context_hash: sha256:8f7e6d5c4b3a2918… chain.prior_hash: d3cc5a234ef82076… chain.entry_hash: e41ea43c3a31295c… parent: evt_05_e2f6a7b5
After twelve minutes of human review, underwriter uw_4471 confirms the decline. The justification text is held in Acme’s environment; only the hash of the justification leaves the customer boundary. The review duration and the approver identity are recorded.
approver: underwriter:uw_4471 decision: declined justification_hash: sha256:c5d4e3f2a1b0c9d8… review_duration_seconds: 737 chain.prior_hash: e41ea43c3a31295c… chain.entry_hash: cf953ad3e456972c… parent: evt_06_f3a7b8c6
The agent records the final outcome and emits the user-visible artifact (the decline letter, generated by a downstream service). The artifact’s content is hashed; the cleartext letter is held in Acme’s archive under their existing customer-communication retention policy.
outcome: declined user_artifact_hash: sha256:d6c5b4a39281e7f6… total_latency_ms: 731,174 chain.prior_hash: cf953ad3e456972c… chain.entry_hash: a3f1ed4d6b1b3b2e… ← final chain head for this run parent: evt_01_a4f7b2c1
This single run satisfies, on its own, the following regulatory predicates:
The same predicates apply, at scale, to every other run in the period.
The following tables map every regulatory control in scope for this engagement to the events that satisfy it. Each control cites the specific clause, summarises what the clause requires, and links to the population of events that demonstrate compliance.
For an external auditor, this is the table to sign against. The population counts are exact; the satisfying events are queryable from the Runfile Audit Workbench using the run identifiers in §07.
| Control | Requirement | Evidence | Status |
|---|---|---|---|
| Art. 12(1) | Automatic recording of events over the lifetime of the system | 1,475,216 events captured across 184,402 runs in period | ✓ Satisfied |
| Art. 12(2)(a) | Identification of situations resulting in risk | 47 guardrail refusal events captured; 3,317 escalation events captured | ✓ Satisfied |
| Art. 12(2)(b) | Facilitating post-market monitoring | Daily volume telemetry attached (Appendix B); baseline alarms armed | ✓ Satisfied |
| Art. 12(2)(c) | Monitoring of operation under conditions reasonably foreseeable | Drift metrics captured per-day (Appendix B); no drift threshold breach in period | ✓ Satisfied |
| Art. 14 | Human oversight | 3,317 escalations, all with signed approver identity, timestamp, justification hash | ✓ Satisfied |
| Art. 26(6) | Log retention ≥ 6 months | Active retention configured 84 months (SOX-aligned) on S3 Object Lock compliance mode | ✓ Satisfied |
| Control | Requirement | Evidence | Status |
|---|---|---|---|
| Art. 22(2)(b) | Human-in-the-loop carve-out | 3,317 human approvals; mean review duration 6m 41s; all with signed approver and justification | ✓ Satisfied |
| Art. 22(3) | Right to obtain human intervention | 100% of auto-declines route to a published appeals path; mean appeal start-to-decision 4.2 business days | ✓ Satisfied |
| Art. 30(1) | Records of processing | Every run carries tenant, principal, processing purpose, lawful basis tag, and retention class | ✓ Satisfied |
| Control | Requirement | Evidence | Status |
|---|---|---|---|
| §5.2 | Effective challenge | All threshold breaches routed to qualified reviewer; 3,317 reviewed in period | ✓ Satisfied |
| §6.4 | Ongoing monitoring | Daily KPI feed (Appendix B); within stated tolerance for all 31 days | ✓ Satisfied |
| §8.1 | Documentation | Model card v3.2.1 attached; prompt template version controlled; lineage captured per-run | ✓ Satisfied |
| Control | Requirement | Evidence | Status |
|---|---|---|---|
| Outcome 1 — Products and services | Decisions made on published policy thresholds | Policy version recorded per-decision (1.4.0 throughout period) | ✓ Satisfied |
| Outcome 4 — Consumer support | Recourse path available for declined customers | All declines route to appeals queue with documented SLA | ✓ Satisfied |
The following frameworks were noted but not included in this engagement, by agreement with Acme’s Head of Internal Audit:
runfile-controls-v1.4 released 2026-02-15. The mapping is bundled with the package (Appendix C) and is itself versioned and signed.A representative sample of the operational and compliance metrics for the period. The full per-day breakdown is in Appendix B.
| Runs in scope | 184,402 |
| Events captured | 1,475,216 |
| Mean events per run | 8.0 |
| Median events per run | 7 |
| 95th percentile events per run | 14 |
| Maximum events in a single run | 32 (multi-escalation case, see Appendix A) |
| Total LLM token consumption (input) | 524,857,394 |
| Total LLM token consumption (output) | 75,973,624 |
| Side-effect events (bureau pulls) | 184,402 |
| Side-effect events (internal API writes) | 162,847 |
| Disposition | Count | Share |
|---|---|---|
| Auto-approved | 162,847 | 88.31% |
| Auto-declined | 16,921 | 9.18% |
| Escalated to human · approved | 2,000 | 1.08% |
| Escalated to human · declined | 1,317 | 0.71% |
| Guardrail refusal | 47 | 0.03% |
| Other (system error, retried) | 1,270 | 0.69% |
| Percentile | Value |
|---|---|
| Median run duration (auto-decision) | 2.1 seconds |
| 95th percentile run duration (auto-decision) | 4.7 seconds |
| Median run duration (escalated) | 18 minutes |
| 95th percentile run duration (escalated) | 4 hours 12 minutes |
The following KPIs are monitored continuously against thresholds set in Acme’s model-risk policy. All values for the period were within tolerance.
| KPI | March 2026 mean | Tolerance band | Status |
|---|---|---|---|
| Approval rate | 88.31% | 84–92% | ✓ |
| Mean DTI of approved | 0.31 | ≤ 0.45 | ✓ |
| Escalation rate | 1.80% | 1.0–3.0% | ✓ |
| Mean review duration (escalated) | 6m 41s | ≤ 30 min | ✓ |
| Guardrail refusal rate | 0.03% | ≤ 0.10% | ✓ |
| Bureau-pull failure rate | 0.04% | ≤ 0.50% | ✓ |
A completeness alarm is armed continuously: the ingest pipeline expects a per-tenant baseline event volume, and a drop below 75% of the 28-day moving average triggers an alert. The alarm did not fire in the period. The full alarm-armed log is in Appendix B.
Runfile Systems Limited attests that the events listed in this package were captured by the Runfile SDK v1.0.4 running in Acme Bank UK Limited’s production environment between 2026-03-01T00:00:00Z and 2026-03-31T23:59:59Z, hashed using SHA-256 with canonical JSON serialisation per RFC 8785, chained per-event, committed daily to signed Merkle roots, and anchored weekly to the Sigstore Rekor public transparency log.
The integrity of this package can be verified offline using the Runfile Verifier CLI without requiring trust in Runfile.
| Week ending | Daily Merkle root (latest of week) | Signing key | Rekor |
|---|---|---|---|
| 2026-03-07 | b284732a91a92732b07db7b760d389aa7d2bd465108a5dd2ede02c5295d66652 | kms:eu-west-1:rf-tenant-acme-2026q1 | ✓ |
| 2026-03-14 | a7dcd5a41bcde46e347be9ae16e78df9aff5dd8bc7d49ef0111a1fa3719e690e | kms:eu-west-1:rf-tenant-acme-2026q1 | ✓ |
| 2026-03-21 | cf79d54d16c6486c352d4b90e875a18266c877c206050bad5f2cead87fc9751b | kms:eu-west-1:rf-tenant-acme-2026q1 | ✓ |
| 2026-03-28 | 3f4a3401404bb65750546f26a65f86d5107907b4522bf726284ffb0fd30072f6 | kms:eu-west-1:rf-tenant-acme-2026q1 | ✓ |
The four weekly meta-roots above were aggregated into a monthly meta-root and committed to the Sigstore Rekor public log on 2026-04-01.
Monthly meta-root: 315735810cdfb03cf4b1eb0519a42589f2b940212db079745a40aafac18e61ea Sigstore Rekor: Entry #94082328 Anchored: 2026-04-01T00:14:22Z Inclusion proof: bundled in /proofs/2026-Q1-rekor-inclusion.json Public URL: https://search.sigstore.dev/?logIndex=94082328 [SAMPLE: not a real entry]
The key used to sign every daily Merkle root in this period is held in AWS KMS, FIPS 140-2 Level 3 HSM-backed, in a dedicated key per tenant.
Key alias: alias/rf-tenant-acme-bank-uk-ltd-2026q1 Key region: eu-west-1 Key spec: RSA_4096 Key usage: SIGN_VERIFY Public key SHA-256: a50325270c83d8f686403c5ffd270ca02d06323d4693d674cc0aa4b91bb2ad1b
The public key is published at https://runfile.ai/keys/rf-acme-bank-uk-ltd-2026q1.pub and is bundled in /keys/ within this package.
The agent runtime — the SDK running in Acme’s environment — does not hold this signing key, has never seen it, and has no IAM permission to invoke a KMS sign operation. The separation between the entity that captures events and the entity that signs the manifests is the substance of the chain-of-custody claim. AWS CloudTrail records every invocation of this key and is available to Acme’s Internal Audit under their existing AWS audit pipeline.
For the worked-example run reconstructed in §02, the full per-event SHA-256 hash chain is reproduced here. Any party with the canonical-JSON serialisation of each event (bundled in /runs/run_8a7b3c2d-credit_review-20260314T114203Z.jsonl) can recompute these hashes independently.
| # | Event | SHA-256 hash chain entry |
|---|---|---|
| 01 | agent.invoke | 33b2d550627079917773d539507eb9e67efb200a7cd97f4a9d55592d972f8ea5 |
| 02 | tool.fetch_credit_bureau | 96b581af39630ea354f90f31721efe197ddf508232093f3b43bcec56fb00a424 |
| 03 | llm.model_call | fc6b32cef6b31f1089959796dac0ff54d6ddaab765676eda38a3c1b7e18db535 |
| 04 | tool.compute_dti | 49e22db88c8be514471dee648d2f5f3a6cdeab7489b11d66fb80fbf6e881797f |
| 05 | policy.threshold_check | d3cc5a234ef820760e573e82059b7c9f97617dabd75e3cf62deb03989ce2408d |
| 06 | human.approval_requested | e41ea43c3a31295c91688d9cc67abdd6e9368daeeddf4769868fbc4ca9b6fb47 |
| 07 | human.approval.declined | cf953ad3e456972c45aee3f74a5159e2339224427133113ff9532980df3b2e3c |
| 08 | agent.complete | a3f1ed4d6b1b3b2e3439df5083c0324d9960b7a440fbf435c5576cee5a1a1ba6 |
The final chain entry a3f1ed4d6b1b3b2e… is itself an input to the daily Merkle tree for 2026-03-14, whose root is a7dcd5a41bcde46e347be9ae16e78df9aff5dd8bc7d49ef0111a1fa3719e690e (see weekly anchor table above).
The Runfile Verifier CLI was run against this package on 2026-04-02 at 09:14:22 UTC, in offline mode, on a Linux workstation in Acme’s Internal Audit environment with no network access. The CLI binary used was runfile-verifier-linux-amd64-v1.0.2, SHA-256 e8c4f1a9b7d3... (full hash in /verifier/binary.sha256).
The verifier consumed only the contents of this package and the bundled Sigstore Rekor inclusion proofs. It did not contact Runfile infrastructure.
runfile verify --offline ./RF-2026-Q1-04812.zip Runfile Verifier CLI v1.0.2 (build: 2026-03-18, commit: a7e4f29) Package: RF-2026-Q1-04812.zip Tenant: acme-bank-uk-ltd Agent: did:web:acmebank.uk:agents:credit_review v3.2.1 Period: 2026-03-01T00:00:00Z to 2026-03-31T23:59:59Z Mode: offline (Rekor proofs read from package) Loading package … OK Parsing manifest … OK Loading public key (SHA256:a50325270c83d8f686403c5f…) … OK [01/06] Schema validation 184,402 runs, 1,475,216 events All events conform to runfile-events-v1.0 PASS [02/06] Per-event hash chain Recomputed SHA-256 chain for all 1,475,216 events Walltime: 4.2s on local CPU No mismatches detected PASS [03/06] Daily Merkle root reconstruction Reconstructed 31 daily Merkle trees from chain heads Roots match signed manifests for all 31 days PASS [04/06] Daily manifest signature verification Verified 31 RSA-4096 signatures against bundled public key Walltime: 0.8s PASS [05/06] Sigstore Rekor inclusion proof Verified 4 weekly inclusion proofs Meta-root committed to Rekor entry #94082328 at 2026-04-01T00:14:22Z Inclusion proof depth: 17 Tree size at inclusion: 2,847,194,632 PASS [06/06] Control mapping application Mapping version: runfile-controls-v1.4 (released 2026-02-15) Mapping signature verified against publisher key OK Applied 9 controls to 1,475,216 events Satisfied: 9 / 9 Violated: 0 / 9 Gaps: 0 PASS ────────────────────────────────────────────────────────────────────────── Integrity: INTACT Anchored: 2026-04-01T00:14:22Z (Rekor entry #94082328) Verified: 2026-04-02T09:14:22Z (offline) Verifier: runfile-verifier-linux-amd64-v1.0.2 ────────────────────────────────────────────────────────────────────────── Report written: ./RF-2026-Q1-04812.verify.pdf Report written: ./RF-2026-Q1-04812.verify.json Exit code: 0
A passing verification, as above, confirms five independent integrity properties:
A failure on any step prevents the next step from running and produces a specific error code in the JSON report. The verifier is conservative: it refuses to assert integrity if any check is ambiguous.
This section documents the assumptions, scope decisions, and methodology under which this package was prepared. An external auditor reviewing this package should review this section before relying on the integrity claims.
| Artefact | Version | Released |
|---|---|---|
| Event schema | runfile-events-v1.0 | 2026-01-15 |
| Control mapping | runfile-controls-v1.4 | 2026-02-15 |
| Verifier CLI | 1.0.2 | 2026-03-18 |
| Capture SDK (Python) | 1.0.4 | 2026-03-04 |
The control mapping version applied to a given run is recorded with the run. This package applied v1.4 to all 184,402 runs because all runs in the period occurred after the v1.4 release. Runs from prior periods reference earlier mapping versions; the earlier mappings remain bundled in this package’s /mappings/ directory.
All timestamps in this package are UTC. The clock source for the capture SDK is the host operating system’s monotonic clock, with absolute time taken from AWS Time Sync Service (which is itself synchronised against Stratum 1 sources). At ingest, every event is additionally timestamped by the Runfile event processor using a signed RFC 3161 timestamp from AWS’s qualified time service. Where there is discrepancy between the host-emitted timestamp and the ingest timestamp greater than 60 seconds, the run is flagged in Appendix B; no such flags occurred in this period.
runfile-controls-v1.4.All events in this package were captured, processed, signed, and stored within AWS region eu-west-1. No event payload, no hash, no manifest, and no signing operation crossed an EU border during the period. Sigstore Rekor anchoring posts only the monthly meta-root (a single 32-byte hash) to the public log; the meta-root does not contain or reveal any payload data.
The capture SDK records events at every framework hook point in LangGraph, Anthropic’s Claude SDK, the OpenAI Agents SDK, and any MCP-instrumented tool. For the agent in question, the SDK is configured in full capture mode (every framework event recorded) rather than sampled mode. No sampling was applied during the period.
The completeness alarm armed against a baseline of the trailing 28-day mean event volume, with a threshold of 75%. The alarm did not fire in the period. Two manual completeness queries were run by Acme’s IT audit during the period (on 2026-03-12 and 2026-03-25); both queries reconciled the recorded event count against Acme’s own LangGraph telemetry within tolerance (< 0.01% difference, attributable to clock skew).
https://search.sigstore.dev/.This package is designed to be re-verified by any third party without requiring trust in Runfile. To re-verify:
The Runfile Verifier CLI is a single statically linked Go binary, distributed through Runfile’s public GitHub releases.
curl -L -o runfile-verifier \ https://github.com/runfile/verifier/releases/download/v1.0.2/runfile-verifier-linux-amd64 chmod +x runfile-verifier ./runfile-verifier --version runfile-verifier 1.0.2 (build 2026-03-18, commit a7e4f29)
The binary’s published SHA-256 is e8c4f1a9b7d3… (full hash in the GitHub release notes and bundled in /verifier/binary.sha256 within this package). Verifying the binary against this hash before running is recommended.
The verifier source is open and licensed Apache 2.0 at https://github.com/runfile/verifier. The binary is reproducibly buildable from source per the build instructions in the repository.
The public key used to sign the manifests in this package is published at:
https://runfile.ai/keys/rf-acme-bank-uk-ltd-2026q1.pub
The published key’s SHA-256 fingerprint is a50325270c83d8f686403c5ffd270ca02d06323d4693d674cc0aa4b91bb2ad1b. The key is bundled in /keys/ within this package; comparing the bundled key to the published key confirms they match.
runfile-verifier verify --offline ./RF-2026-Q1-04812.zip
The --offline flag instructs the verifier to read Sigstore Rekor inclusion proofs from the package’s bundled /proofs/ directory rather than fetching them from the public Rekor instance. This is appropriate for air-gapped audit environments.
If network access is permitted, omit --offline to have the verifier fetch the inclusion proofs directly from https://rekor.sigstore.dev and confirm they match the bundled proofs.
The verifier produces two output files: a PDF report (suitable for attaching to a workpaper) and a JSON report (suitable for ingest into a downstream audit pipeline).
The verifier’s PDF output and the integrity-attestation page of this package (§05) should match. If they do not, the package has been tampered with after capture and the verifier output is authoritative.
If the verifier produces a FAIL result, the JSON report specifies which check failed at which line. Runfile cannot retroactively alter a signed package without producing a meta-root that contradicts the public Rekor entry; any such alteration would be visible to any third party who downloaded the package before the alteration.
The verification depends on the following inputs and nothing else:
The verification does not depend on:
If Runfile ceases to exist tomorrow, the packages signed today remain verifiable. This is the intended design.
This package is distributed as RF-2026-Q1-04812.zip (size: 4.8 GB compressed, 23.1 GB uncompressed). The accompanying PDF (this document) is the human-readable cover.
RF-2026-Q1-04812.zip ├── README.md Plain English overview ├── manifest.json Top-level manifest, signed ├── cover.pdf This document ├── runs/ │ ├── run_8a7b3c2d-credit_review-20260314T114203Z.jsonl │ └── … 184,401 additional runs, one file per run ├── events/ │ └── events.parquet Columnar event store for analytics ├── manifests/ │ ├── 2026-03-01.manifest.json Daily signed manifest │ ├── 2026-03-01.manifest.sig RSA-4096 signature │ └── … 31 daily manifests ├── proofs/ │ ├── 2026-Q1-rekor-inclusion.json Sigstore Rekor inclusion proof │ └── 2026-Q1-rekor-meta-root.json Monthly meta-root ├── keys/ │ └── rf-acme-bank-uk-ltd-2026q1.pub Signing public key ├── mappings/ │ ├── runfile-controls-v1.4.yaml Control mapping applied │ └── runfile-controls-v1.4.sig Mapping publisher signature ├── verifier/ │ ├── binary.sha256 Expected verifier binary hash │ └── README.md Verifier usage notes └── appendices/ ├── A-edge-cases.pdf Multi-escalation runs, etc. ├── B-daily-kpi.pdf Day-by-day population breakdown └── C-control-mapping-detail.pdf Per-clause mapping documentation
The manifest.json at the top level is itself signed and lists the SHA-256 of every file in the package. The package’s integrity, as a whole, can be verified by recomputing this manifest.
| Package ID | RF-2026-Q1-04812 |
|---|---|
| Generated | 2026-04-01T18:32:14Z |
| Generator | Runfile Evidence Builder v1.0.4 |
| Cover document version | 1.0 |
| Page count | 12 |
| Distribution | Acme Bank UK Limited · Head of Internal Audit · Head of AI Risk |
In a production engagement, the customer is real, the runs are real, the Rekor entry is a real public commitment, and the verifier output is reproducible by any third party.
For an actual evidence package tailored to your remit (EU AI Act, DORA, SOX, HIPAA, FCA SS1/23, GDPR, or any combination), book a design-partner call at runfile.ai.