Explainer

PASS / FAIL / HOLD

HOLD is not “best effort”. It is the fail‑closed output for uncertainty: missing signatures, missing artifacts, unverifiable pointers, or policies that cannot be proven.

Verify offline Open DSSE viewer Site release integrity

PASSGO

PASS

Evidence verifies and policy checks pass under pinned versions. Outputs are reproducible offline.

FAILDeterministic

FAIL

A check deterministically fails (tamper, mismatch, disallowed action surface). The correct outcome is STOP.

HOLDFail‑closed

HOLD

Evidence is missing or uncertain. HOLD requires human review or corrected artifacts — never silent PASS.

Design postureNo ambiguity

Why HOLD exists

In high‑stakes systems, uncertainty is itself a risk. MVG treats missing signatures and missing receipts as a first‑class state: reviewers must HOLD until the evidence chain is complete.

Reason codes Transparency log Procurement flow

FAQ

What does HOLD mean?

HOLD means “missing or incomplete evidence.” It is fail‑closed: uncertainty never yields silent PASS.

When does HOLD become FAIL?

When evidence is present but invalid (bad signature, hash mismatch, or proof failure). That is an explicit FAIL.

How do we resolve a HOLD?

Publish the missing receipt/signature, attach the correct evidence pack, then re‑run offline verification until PASS or FAIL is deterministically produced.