# Proof Manifest Format

Status: Draft format for public proof packets.

This document defines the machine-readable proof packet shape used by the public OnCallZero static site. The format is intentionally conservative: it records what evidence is present, what is missing, and which claims must not be made until a runtime export exists.

## File Location

Proof manifests live under `proof-runs/<scenario-slug>/manifest.json`.

The public proof index lives at `proof-runs/proof-index.json`.

## Required Fields

- `schema_version`: format version string.
- `proof_id`: stable local proof identifier.
- `scenario_slug`: URL-safe scenario identifier.
- `scenario_name`: human-readable scenario name.
- `validation_status`: one of `placeholder`, `partial`, or `complete`.
- `status_reason`: short explanation of the validation status.
- `public_claim_boundary`: conservative copy boundary for the public website.
- `action_under_review`: Kubernetes or remediation action under review.
- `evidence_present`: array of evidence items that actually exist.
- `evidence_partial`: array of evidence items that exist but are incomplete.
- `evidence_missing`: array of missing evidence items. Use `placeholder pending runtime export` when evidence is not present.
- `artifact_links`: object containing local/public paths to proof packet files and screenshots that actually exist.
- `unsupported_claims`: claims that must not be made from the current packet.
- `review_notes`: short notes for reviewers.

## Evidence Item Shape

Each `evidence_present` item should include:

- `status`: `present`.
- `kind`: evidence type, such as `screenshot`, `registry_entry`, or `manifest_placeholder`.
- `description`: what the evidence shows.
- `links`: array of local/public artifact paths.
- `limitations`: what the evidence does not prove.

Each `evidence_partial` item should use the same shape with `status` set to `partial`.

Each `evidence_missing` item should include `status: "missing"`, `kind`, `description`, and optional `links` when a placeholder file exists.

## Validation Status Rules

- `placeholder`: packet exists, but no runtime evidence is present.
- `partial`: at least one artifact exists, but the packet is missing a complete runtime export.
- `complete`: all runtime proof requirements are linked, including input signal, policy state, approval event, command output, result, post-action verification, and audit export.

Do not mark a packet `complete` until every required proof element is linked and reviewable.