Primitive 05 — interactive demo
Evidence bundle
A portable, signed proof of what happened: the in-toto DSSE Statement v1
envelope, the predicate body, the manifest of bundled files, and an
ed25519 signature over a canonicalised hash. Verification runs in your
browser via SubtleCrypto.
in-toto DSSE Statement v1
https://in-toto.io/Statement/v1
Subject
run:01KR5SQZPDGTKE3MDP3ZRX8WP1sha256: 1215e8dd557a386b96a6517f4599560e…
Predicate type
https://novafabric.dev/schemas/run-capsule/v0.1.0Signature
- keyid
- demo-key-2026
- alg
- ed25519
- sig (b64)
- mehFh2YPsMVGv2GEp/CkPS+PeIHdEWH9/8f76DBYSTuuUPCT6WEMovN9jQivaYeSCL8RSjHQlatnb0Vgms9/Bw==
- message hash
- sha256:aa6b5d6559b287a48899d4464edee36c1979813dea9109a6b65b601c15fa7361
Bundle contents
10 files- ▸capsule/capsule.yaml
ba95ab536bdb…1,820B - ▸capsule/trace.jsonl
a8894b7ca2f8…312B - ▸capsule/model-calls.jsonl
4ea4bbb82a32…1,240B - ▸capsule/tool-calls.jsonl
679c2e2da9c5…880B - ▸capsule/env.lock
9cd67aa93a94…4,612B - ▸capsule/redaction-proof.json
dd999ecfc888…1,816B - ▸lineage.jsonl
9ea5107177d4…2,104B - ▸predicate.json
9f477be98c54…480B - ▸dsse-statement.json
39a7d55cf5d5…612B - ▸schemas/run-capsule.schema.json
vendored…8,420B
On your machine
nova export-evidence <run-id>
# verify with the standard openssl/cosign tooling against your deployment key
nova verify-evidence bundle.zip