Attested AIVerify Sample

What is a Policy Artifact?

A Policy Artifact is a sealed cryptographic object that encodes governance parameters for autonomous systems. Once sealed, it cannot be modified without invalidating its signature.

Key Components

  • Subject Identifier: Cryptographic binding to the evaluated entity
  • Policy Reference: Content-addressable hash of the governing policy
  • Sealed Hash: Reference hash for runtime comparison
  • Enforcement Parameters: Measurement cadence, TTL, triggers
  • Signature: Ed25519 signature binding all fields

Why It Matters

Policy Artifacts transform passive audit records into active governance workflows. The artifact dictates rules; the runtime enforces rules; the system writes back proof of enforcement.

Unlike traditional configuration files, a Policy Artifact provides cryptographic guarantees that the governance rules in effect at runtime match exactly what was intended at build time.

Technical Details

{
  "policy_v": "1.2.1",
  "policy_id": "sha256:a1b2c3...",
  "subject_id": "sha256:d4e5f6...",
  "selection_rules": [...],
  "enforcement_mapping": {
    "DRIFT_DETECTED": "QUARANTINE",
    "SIGNATURE_INVALID": "TERMINATE"
  },
  "signature": "Ed25519:..."
}

Related Terms

Policy ArtifactEvidence BundleContinuity ChainSelective InterceptionOffline Verification

See It In Action

Download a sample Evidence Bundle and verify it offline with our CLI tool.

Download Sample Bundle