Skip to content

Claims ledger

Every headline claim this project makes, mapped to the one command a stranger runs to verify it — without trusting the maintainer and without reading the source. The machine-readable source of truth is claims-ledger.json; tests/test_claims_ledger.py is its build gate (every artefact, asserting test, and one-command must resolve; the human-track items must stay un-built).

Buildable + verifiable now

Each row is backed by a committed artefact and a test that exercises the shipped path. Run the command from a clean checkout.

Dimension Claim Verify with one command
Composition protocol (CACP v0.1) The reference server and an independent, from-scratch second server both pass the suite, 14/14 (L1/L2/L3). python -m conformance.cacp
escolib reusable library Standalone ESCO/ISCO reconciliation; 100% recall, 0 false positives on committed fixtures. python -m escolib Krankenschwester
biasprobe bias harness Reproduces the comparative per-persona bias report offline from committed caches. python -m biasprobe
Tamper-evident audit anchor A record edit / deletion / non-v2 injection is detected offline against a committed fixture. python -m unittest tests.test_audit_anchor
Reproducible build Deterministic, HEAD-commit-bound source tarball (same SHA-256 on any machine). ./scripts/verify_reproducibility.sh
Release signing Offline cosign sign→verify dry-run over the reproducible tarball. ./scripts/sign_release_local.sh
Multi-agent planner Golden-trace replay; per-step trust receipts are HMAC-chained + anchorable. python -m unittest tests.test_civic_agents
Compliance starter kit Every AI Act / GDPR article cites an artefact that exists; build breaks if one disappears. python -m unittest tests.test_compliance_traceability
Supply chain CycloneDX SBOM + cosign public key + sigstore bundle ship as hard requirements. python -m unittest tests.test_release_supply_chain

Human track — NOT buildable by code (operator-owned, dated Phase-2)

72 hours of coding can build the technical ceiling above; it cannot produce the human dimensions below, which need other people and elapsed time. They are never claimed as done — the ledger's gate fails if any is flipped to "built".

Item Status Why code cannot produce it
Real users with measured outcomes not built The seven personas are synthetic fixtures.
External security audit not built Needs a paid third party; internal review ≠ external audit.
Co-maintainers / contributor community not built Code cannot manufacture a community.
Signed institutional partners (MOUs) not built Outreach drafted but unsent.
Third-party adoption of CACP not built Buildable proxy: the reference server AND an independent 2nd server both pass conformance; a consumer composes with it.

This split — and the runnable one-commands above — is the project's integrity spine: claims are verifiable, and the limits are stated honestly.