Question 1

What is a DSSE pointer?

Accepted Answer

DSSE (Dead Simple Signing Envelope) is a signed envelope format. MVG uses DSSE statements to publish audit-friendly evidence pointers: what to attach to a ticket, what to verify, and what outputs to expect.

Question 2

What do PASS, FAIL, and HOLD mean?

Accepted Answer

PASS means the evidence and policy checks verify. FAIL means a check deterministically fails. HOLD means evidence is missing, unverifiable, or policy is uncertain; by design, HOLD is fail-closed and requires human review or corrected artifacts.

Question 3

What does offline-verifiable mean?

Accepted Answer

Offline-verifiable means a reviewer can replay verification locally without network calls or uploads, under pinned versions. This reduces supply-chain risk and makes audits reproducible.

Receipts, explained.

DSSE in 60 seconds

PASS / FAIL / HOLD

Offline verification

Where to start

Receipts — quick answers

What is a DSSE pointer?

What do PASS, FAIL, and HOLD mean?

What does offline-verifiable mean?