Reading a VPEC — Auditor's Guide
This guide explains how to read and evaluate a VPEC (Verifiable Process Execution Credential) as part of an audit, regulatory examination, or counterparty due diligence.
Verification Modes
Recommended for production review and the strongest trust boundary. Can run with your own trust root and zero network calls.
Bundled local browser verifier for auditors and counterparties who do not want to rely on the hosted site.
Hosted convenience verifier for shared links and first-pass review. Some checks run in the browser; some hosted flows may use Primust services.
How to Read the Five Assurance Classes
Read the assurance class as the minimum trust assumption required. Primust exposes five buyer-facing classes, ordered strongest to weakest. Internally there are six proof levels —verifiable_inference and operator_bound both roll up into “Verified Model.”
| Class | What you can rely on |
|---|---|
| Mathematical | The check is a deterministic evaluation — a verifier can rerun it on the committed inputs and reach the same result. OPA and Cedar policies sit here. |
| Verified Model | The model output is bound by a cryptographic commitment to prompt, model, cost envelope, and response — or by an operator signature when the model call itself is not reproducible. Covers the legacy verifiable_inference and operator_bound subtypes. |
| Execution | The check ran on a real execution path and its result was committed. The underlying computation itself is not independently replayable. |
| Witnessed | A qualified human review or approval step happened and was bound to the record via display_hash + rationale_hash + reviewer signature. |
| Attestation | The issuer or process says something happened. No stronger execution or review evidence is bound to the record. |
Five Verification Checks
Across the supported verification paths, these are the core checks you should expect. Depending on the path, some checks may run fully locally and some may be provided by hosted services.
- Signature validity — Ed25519 signature verified against the issuer's public key. If invalid, the credential has been tampered with.
- Timestamp anchor — RFC 3161 timestamp verified against an independent TSA. Proves when the credential was issued.
- Schema compliance — The credential conforms to the declared schema version. Missing or extra fields are flagged.
- Assurance floor consistency — The declared assurance floor matches the weakest-link computation. If the issuer claims a stronger assurance floor than the evidence supports, verification fails.
- Gap honesty — Declared gaps are structurally valid. A VPEC with zero gaps is not suspicious by itself — it means no instrumented gaps were detected, not that governance is perfect.
What You Can See — By Visibility Mode
What you can verify depends on the visibility mode set per check by the issuing organization.
| What You Can Verify | Opaque | Selective | Transparent |
|---|---|---|---|
| Governance ran and passed | ✓ | ✓ | ✓ |
| Assurance floor and provable surface | ✓ | ✓ | ✓ |
| Cryptographic chain intact | ✓ | ✓ | ✓ |
| RFC 3161 timestamps valid | ✓ | ✓ | ✓ |
| Gap records honest | ✓ | ✓ | ✓ |
| Which types of checks ran | ✗ | ✓ | ✓ |
| Stage sequence and count | ✗ | ✓ | ✓ |
| Per-stage result with Merkle stubs | ✗ | ✓ | ✓ |
| Specific model (ID, version hash) | ✗ | ✗ | ✓ |
| Configuration values and thresholds | ✗ | ✗ | ✓ |
| Raw input or output data | ✗ | ✗ | ✗ |
Interpreting Results
You can verify governance ran and passed, but cannot assess the methodology. This is legitimate — AML screening criteria, credit scoring models, and claim adjudication logic are often confidential for good reason. You can request selective or transparent mode from the issuing organization. They may decline. Declining is a legitimate business decision, not a red flag. The red flag is an Evidence Pack claiming methodology without the transparency mode to support it.
A provable_surface of 0.73 means 73% of the governance surface is cryptographically provable. The remaining 27% is "ungoverned" — not instrumented. This is honest disclosure. Compare: "62% of our governance reached Mathematical or Verified Model assurance" is more useful than "our compliance score is 94."
The floor is the weakest link. A credential with an Assurance Floor of "Execution" means at least one check sits at Execution rather than Mathematical or Verified Model. That is not automatically a deficiency. It means some evidence is commitment-bound rather than independently replayable. The floor tells you the minimum trust assumption required.
Zero gaps means no instrumented governance gaps were detected during this run. It does not mean the governance surface is complete. An organization with a provable_surface of 0.43 and zero gaps has a 57% ungoverned surface — but the 43% that is instrumented ran cleanly.
By Role
The cedant adjudicated the claim. You received a VPEC instead of the claim file. Verify the VPEC here or via CLI. It proves adjudication ran per the declared policy terms. The claim file, policyholder PII, and adjudication logic stay with the cedant. Visibility mode will be opaque — this is expected.
The institution ran AML screening. The VPEC proves it — entity screening executed, results were committed, timestamps are anchored. Watchlist matching criteria are not disclosed (opaque mode). This is by design — disclosing them enables circumvention. The VPEC proves screening ran without requiring you to see the criteria.
Request transparent-mode Evidence Packs for methodology review. You'll see which models, versions, thresholds, and configuration were used. Still no raw data — only hashes. For SOC 2 Type II, the provable_surface_breakdown over the audit period is the evidence of continuous governance.
Credit decisioning rules applied consistently — cross-run consistency is detectable from commitment hashes without seeing applicant data. For SEC Rule 17a-4: the VPEC append-only hash chain satisfies the audit-trail alternative for AI governance records.
The CRO's data integrity checks ran before delivery. PHI never left the CRO environment — only commitment hashes transit. The VPEC proves the checks ran per ICH E6(R3) GCP requirements. retention_policy: "FDA_PART11_7Y" declares the 7-year retention obligation.
CLI Quick Reference
pip install primust-verify # Apache-2.0 · free forever · no account needed # Verify a single VPEC primust verify vpec.json # Verify with your own trust root (zero network calls) primust verify vpec.json --trust-root key.pem # Verify an Evidence Pack primust pack verify evidence-pack.json # Verify a signed Audit Report PDF primust verify-report audit-report.pdf