# MVG Air‑gapped Verifier Kit — Release Commitments (Public‑safe) **Version:** v1.0.2 **Issued (UTC):** 2026-02-12T04:00:00Z > Boundary language: informational only and **non‑binding unless signed**. Public materials do **not** grant any patent license by publication. --- > v1.0.2 note: the kit bundle now includes the **Attachment bundle export** tool (procurement/audit attachables) inside the air‑gapped release ZIP. ## 1) What this adds (why it matters) A normal ZIP download is easy to tamper with in transit or in internal handoffs. This commitment layer makes kit distribution procurement‑grade: - **Private receipt (for the reviewer/counterparty)**: contains the real kit SHA‑256 + bytes and a private nonce. - **Public log (for transparency)**: contains only a blinded commitment `sha256(kit_sha256 || nonce)`. - **Signed head**: the log has a DSSE‑signed head so reviewers can verify the log itself offline. - **Headchain (log‑of‑heads)**: an optional append‑only chain of signed log heads, so log updates are also auditable. This converts release distribution into verifiable, replayable evidence — not email threads. --- ## 2) Files ### Tier A — Public - `MVG_Airgapped_Verifier_Kit_CommitmentLog_PUBLIC_v1.0.1.json` — blinded commitments (append‑only) - `MVG_Airgapped_Verifier_Kit_CommitmentLogHead_PUBLIC_v1.0.1.dsse.json` — DSSE‑signed log head - `MVG_Airgapped_Verifier_Kit_CommitmentHeadChain_PUBLIC_v1.0.1.json` — append‑only headchain of log heads (optional) - `MVG_Airgapped_Verifier_Kit_CommitmentHeadChainHead_PUBLIC_v1.0.1.dsse.json` — DSSE‑signed head of the headchain ### Tier B — Private (under agreement) - Private receipt DSSE (includes kit SHA‑256 + bytes + nonce) A public‑safe sample is provided: - `MVG_Airgapped_Verifier_Kit_ReleaseReceipt_SAMPLE_v1.0.1.dsse.json` --- ## 3) Verification (offline) 1. Verify the kit ZIP against its DSSE receipt. 2. Verify the signed keyring snapshot (DSSE) and use it to verify signing keys. 3. Compute `commitment = sha256(kit_sha256 || nonce)` from the private receipt. 4. Verify the commitment log integrity + inclusion. 5. (Optional) Verify the headchain so the signed log head is itself recorded in an append‑only chain. --- ## 4) Signed keyring + rotation Signing keys rotate. Verifiers use a **signed keyring snapshot** (DSSE) that is verified by a pinned root trust anchor. Files: - `MVG_Airgapped_Verifier_Kit_Keyring_PUBLIC_v1.0.0.dsse.json` — signed keyring snapshot (DSSE) - `MVG_Airgapped_Verifier_Kit_Keyring_TrustAnchors_PUBLIC_v1.0.0.json` — pinned trust anchors for verifying the keyring - `MVG_Airgapped_Verifier_Kit_KeyRotation_Policy_Spec_v1.0.0.md` — lifecycle / grace window policy --- ## 5) Non‑binding boundary language - **Non‑binding unless signed.** Binding terms exist only in executed agreements. - **No patent license by publication.** Public materials are informational. - **Not a certification.** This is a verification format + evidence toolchain.