# Sample Evidence Packet

This is a sanitized sample Evidence Packet summary. It demonstrates shape and review expectations without including customer source, real secrets, compact license JWS values, backup keys, proxy secrets, private signing material, or SIEM bearer tokens.

## Packet Summary

| Field | Example |
| --- | --- |
| Packet id | `evidence_packet_sample_001` |
| Packet hash | `sha256:sample-evidence-packet-hash` |
| Run id | `run_sample_20260612_001` |
| Passport class | `coding` |
| Repository scope | `example/repository-maintenance-agent` |
| Reviewer decision | `limited-go` |
| Redacted values | `3` |
| Event hash algorithm | `sha256` |

## Redaction Summary

- `secret_like_token`: replaced with `redacted:secret_like_token:hash`.
- `environment_value`: replaced with `redacted:environment_value:hash`.
- `credential_path`: replaced with `redacted:credential_path:hash`.

## Example JSON Shape

```json
{
  "packet_id": "evidence_packet_sample_001",
  "packet_hash": "sha256:sample-evidence-packet-hash",
  "run_id": "run_sample_20260612_001",
  "passport_class": "coding",
  "repo_or_workspace_ref": "example/repository-maintenance-agent",
  "reviewer_decision": {
    "result": "limited-go",
    "summary": "Proceed only under restricted repository and CI authority."
  },
  "recommended_permissions": [
    "repo:read",
    "pull_request:comment",
    "ci:test:trigger"
  ],
  "recommended_restrictions": [
    "no_protected_branch_push",
    "no_secret_access",
    "human_approval_for_protected_paths"
  ],
  "evidence_events": [
    {
      "event_id": "evt_sample_scope",
      "event_type": "scope_declared",
      "hash": "sha256:sample-event-scope-hash",
      "redacted": false
    },
    {
      "event_id": "evt_sample_test",
      "event_type": "test_output",
      "hash": "sha256:sample-event-test-hash",
      "redacted": true
    }
  ],
  "artifact_hashes": {
    "trust_passport_json": "sha256:sample-passport-json-hash",
    "sarif": "sha256:sample-sarif-hash",
    "opa_bundle": "sha256:sample-opa-hash",
    "enforcement_mapping": "sha256:sample-enforcement-mapping-hash"
  }
}
```

## Review Notes

The packet is intended to help the customer decide whether to allow, limit, deny, or require human approval for the requested agent authority. It is not a legal certification and does not replace customer-owned security controls.