Reviewer Guide

Step-by-step guide for humans executing witnessed-level governance checks. Reviewers never interact with Primust infrastructure directly.

Assurance Classes

Primust presents five buyer-facing assurance classes, strongest to weakest. Start with the class because it tells you the minimum trust assumption required. Internally there are six proof levels — verifiable_inference and operator_bound roll up into Verified Model. Reviewer witnessed-level work is class 4 below.

Mathematical
Deterministic evaluation — a verifier can rerun it on the committed inputs and reach the same result. OPA and Cedar policies sit here.
Verified Model
Model output is bound by a cryptographic commitment to prompt, model, cost envelope, and response — or by an operator signature when the call itself is not reproducible. Covers the internal verifiable_inference and operator_bound subtypes.
Execution
The check ran on a real execution path and its result was committed. The underlying computation itself is not independently replayable.
Witnessed
A human review or approval step is bound to the record. This guide applies here: a qualified reviewer examines display_content and signs their approval.
Attestation
The issuer or process says something happened, but the evidence is weaker and more trust-dependent. The check result is recorded, but no stronger execution or review evidence is available.

Witnessed Level Flow

  1. Receive review request with display_content (rendered, not raw input).
  2. Review display_content for minimum min_duration_seconds (default 30 minutes). Timing enforced: check_open_tst to check_close_tst.
  3. Sign: SHA-256(key_id || role || signed_content_hash || display_hash || rationale_hash || open_tst) using reviewer's Ed25519 private key.
  4. Submit signature + rationale (rationale committed locally via poseidon2).

Key Privacy

The reviewer's Ed25519 private key NEVER leaves the reviewer's environment.

Only the following transit to Primust: reviewer_signature, display_hash, rationale_hash, key_id.

The private key, raw display content, and raw rationale text are never sent to the Primust API.

Witnessed-Related Gap Types

Three gap types can be raised during witnessed-level reviews:

reviewer_credential_invalidCritical
The reviewer's Ed25519 signature could not be verified against the registered public key. This may indicate a compromised key or incorrect signing process.
witnessed_display_missingHigh
The witnessed record is missing display_hash. Without it, there is no proof of what the reviewer actually saw during their review.
witnessed_rationale_missingHigh
The witnessed record is missing rationale_hash. Without it, there is no proof of the reviewer's reasoning for their approval decision.