Template
Safety & Impact Report — public‑safe template
This is a one‑page structure you can publish annually without revealing sensitive customer data. The core rule is simple: every claim maps to a replayable receipt query.
1) Scope
- Risk surfaces: agent tool execution, regulated change control, clinical / revenue‑cycle automation.
- Operating principle: missing signatures or pointers → HOLD (fail‑closed).
- Evidence format: DSSE envelopes + pinned artifacts + transparency log.
Public safeDescribe categories and mechanisms, not customer specifics.
2) Metric families
- Side effect prevention: unpermitted action attempts routed to HOLD/DENY.
- Audit replay success: % of audits reproduced offline with deterministic outputs.
- Time‑to‑approval: ticket completion time before/after evidence packs.
Receipt‑nativeDefine each metric as a query over reason codes + receipts.
3) Measurement method (publish this)
For each metric, publish: (a) definition, (b) inputs (URLs), (c) verifier command, and (d) expected outputs. If a verifier cannot reproduce results offline, the correct conclusion is HOLD until evidence is repaired.
Copy‑paste block
Metric: Audit replay success (offline)
Inputs:
- Site release DSSE: https://meridianverity.com/trust/site-release/latest/site-release.dsse.json
- Transparency: https://meridianverity.com/trust/transparency/
Verifier (offline):
$ python3 public_verify_site_release.py --dsse site-release.dsse.json --offline
Expected output:
PASS (or HOLD with a reason code if any signature/pointer is missing)
NoteReplace the verifier command with your current public verifier entrypoint.
4) Disclosure posture
- Publish methods and schemas first.
- Publish aggregated numbers only when they are reproducible and non‑sensitive.
- Customer‑specific evidence stays NDA‑bound; public pages link to the receipts that define the process.