Glossary

Key terms

A quick glossary for procurement and audit teams reviewing MVG receipts.

EvidenceReceipts

Signed, replayable artifacts that are authoritative. Pages are display-only.

Verify hint: start at Trust Center or replay site release.

A signed envelope format. MVG uses DSSE statements as pointers to what to verify and attach.

Verify hint: open DSSE viewer or paste into Receipt Finder.

A bundle a reviewer can attach to a procurement ticket. It pins hashes and includes an offline verifier kit.

Verify hint: download from Procurement and run offline verification.

Stable identifiers explaining why a check outputs PASS/FAIL/HOLD. They make reviews consistent across teams.

Verify hint: paste a reason code into Receipt Finder to jump to the definition.

DecisionsFail‑closed

Deterministic verifier outputs: PASS verifies, FAIL deterministically fails, HOLD is uncertainty (fail‑closed).

Verify hint: see HOLD explainer for expected outputs and escalation rules.

If signatures or required evidence are missing, the system must not silently pass. It must HOLD.

Verify hint: missing signatures → HOLD by design. See site‑release posture.

Verification can be replayed locally without uploads or network calls, under pinned versions.

Verify hint: run offline verifier (PASS / FAIL / HOLD + reason codes).

An append‑only release log with replayable proofs. It makes release integrity auditable over time.

Verify hint: review Transparency (preview) and compare release roots.

Where to startOne URL

If you only attach one thing to a ticket, attach the DSSE pointer. It links the pack, proofs, and expected outputs.