Sample evidence package · v1.0.0 · May 2026

Run the verifier on your laptop. Verify the receipt yourself, without trusting us.

A buyer-runnable sample of an Evidence Fabric package. Synthetic healthcare scenario. Real Ed25519 cryptography. Offline verifier with no vendor dependency. Download, install one Python package, run the verifier. PASS means the signatures and hashes verify against the published public key.

Open the package README How to verify (3 steps) Read the methodology

Files live at verticaledgeai.ai/sample-package/. Direct ZIP download at verticaledgeai.ai/sample-evidence-package.zip (RC packages at deploy time).

What is in the package

Eight files, all readable in any text editor. The cryptography is real Ed25519; only the data is synthetic. The six files below ship with two more — public_key.json (ships pre-committed; required by the verify command) and verifier_transcript.txt (the recorded verifier run).

FilePurposeApprox size
receipt.json One fully-signed receipt for a synthetic healthcare workflow (chart summarization for referral letter). Records inputs, classification, policy decision, provider routing, response, signature. ~3 KB
manifest.json Lists every artifact in the package with SHA-256 hash + audit period. Manifest itself is signed. ~2 KB
framework_mapping.md One-page table mapping receipt fields to AIUC-1, NIST AI RMF, ISO 42001, Article 50, HIPAA, SOC 2, Reg S-P. ~4 KB
README.md Package overview, verification instructions, sanitization notes, intended use. ~5 KB
verifier_cli.py Standalone Python 3 verifier. Single file. Depends only on the cryptography package. No vendor SDK, no phone-home, no version pinning beyond Python 3.9+. ~13 KB
sign_and_verify.py One-shot build script: generates a synthetic Ed25519 keypair, signs the receipt + manifest, runs the verifier, captures the transcript. Reproducible from scratch by anyone with Python 3. ~6 KB

The framework mapping and methodology are published as markdown; the build copies these files and packages them into the downloadable ZIP.

How to verify (3 steps)

Total time: under 5 minutes on a clean Python 3 environment.

  1. Download the package. Pull the individual files from sample-package/, or download the generated ZIP at verticaledgeai.ai/sample-evidence-package.zip after deployment.
  2. Install the one dependency. 
    pip install cryptography
    That is the only Python package the verifier requires. Tested against cryptography 41.x and 42.x on Python 3.9, 3.10, 3.11, 3.12, 3.13.
  3. Run the verifier. 
    python verifier_cli.py --receipt receipt.json --public-key-file public_key.json
    Expected output: 
    == VeilEngine Receipt Verifier ==
Loading receipt: receipt.json
Receipt: VERIFIED

Overall: PASS
    The verifier exits with code 0 on PASS.

To verify the manifest and its artifact hashes, point the verifier at the manifest: python verifier_cli.py --manifest manifest.json --public-key-file public_key.json.

What the package demonstrates (and what it does not)

The package demonstrates

The Evidence Fabric methodology produces real, structured, cryptographically-signed artifacts
The verifier runs without vendor dependencies (only cryptography + Python 3)
An auditor with the public key can verify a receipt’s signature, and the manifest’s artifact hashes, without trusting Vertical Edge AI (the sample verifier checks a single receipt and the manifest; cross-receipt chain-walk verification is on the roadmap)
The hash-linked chain-of-receipts pattern is expressed in the receipt schema today; the sample verifier validates single-receipt signatures and manifest hashes, not chain linkage
The signing path is documented and byte-for-byte reproducible (see sign_and_verify.py)

The package does not demonstrate

That Vertical Edge AI has deployed this in production with customers (sample is synthetic; customer claims live in case studies, not in sample data)
That the methodology is correct for your specific regulatory framework (your auditor and counsel interpret)
That the AI providers in the routing example (Claude, GPT, Gemini) retained or did not retain the data (vendor-side claim; this package records what the operator did, not what the provider then did)
That the policy versioning in your environment is equivalent to the sample (your operator configures policy; the Evidence Fabric records what was in force)

Synthetic-data notice

The receipt records a hypothetical workflow at a fictional mid-market healthcare clinic. The patient name, MRN, DOB, diagnosis codes, and clinician identity are entirely synthetic and are labeled "synthetic": true in the receipt metadata. No real clinical data appears in any artifact.

The signer key (vke_synthetic_2026-05) is a synthetic Ed25519 keypair generated solely for the sample. The private key is intentionally exposed in sign_and_verify.py so anyone can regenerate the signatures and confirm the verification path. In production, the signer key is the operator's, not Vertical Edge AI's.

The cryptographic primitives (Ed25519 signatures, SHA-256 hashes, JSON canonicalization) are real algorithms used the same way they would be in a production gateway. The verifier published here is a customer-facing subset of the production verifier.

Next steps

If the package verifies cleanly on your laptop and the methodology aligns with how your auditors think about evidence, the next step is a scoped conversation on your specific regulatory perimeter.

Request a consultation Re-read the methodology Visit the Trust Center

Email: cordero_ryan@verticaledgeai.ai
Vertical Edge AI is not an audit firm. The package is published to demonstrate the Evidence Fabric methodology, not to substitute for an audit opinion.