NORTHSET

Proof-of-Pass Receipt — M-003

REHEARSAL — NOT EXTERNAL VALIDATION

Receipt ID
M-003
Run start
2026-07-10T19:33:56.672Z
Run finish
2026-07-10T19:33:57.860Z

Project

northset-oss/verification-pilot

Work

No issue or pull request recorded

Verification execution

runtime: northset-oss executor v0
human operator: aeziz

Code

base
af4fc4d4342dc40128828ebf95e3e49dad3934fa

Environment

image reference
node@sha256:2cf067cfed83d5ea958367df9f966191a942351a2df77d6f0193e162b5febfc0
repository digest
node@sha256:2cf067cfed83d5ea958367df9f966191a942351a2df77d6f0193e162b5febfc0
network
phaseA:bridge,phaseB:none

Declared checks

Execution summary
2/2 declared commands returned exit 0 in the recorded environment

  1. node bin/validate-mission.mjs missions/M-001/mission.json

    exit 0 · 0.2s

  2. node bin/bundle.mjs verify missions/M-001

    exit 0 · 0.2s

unclassified executor time (derived residual) 0.7s

run wall (derived from recorded timestamps) 1.2s

PASS — 2/2 declared commands

Every command listed returned exit 0 in the declared environment. Only the listed commands are in scope. Unlisted test, lint, typecheck, build, coverage, compiler, full-suite, and CI gates are not implied or recorded.

Record details

payment
none · not merge-contingent
redactions
none recorded
Bundle contents digest
sha256:70857aa3ed190d1bde8e468e6a6d7260aafaf0da83891f016031055feb13b1c3
Signed asset SHA-256
sha256:90ceabf13f47e43b4c8ff3e80128a88dac9881d9420579766da09c88b13f741b
Signed provenance recorded
verified 2026-07-14T14:21:48Z

NOT INCLUDED

  • Does not prove code quality
  • Does not prove security
  • Self-funded rehearsal on Northset's own repository; not external validation.

Signed bundle

Download signed bundle

Verify this receipt

gh attestation verify run-record-M-003.tar.gz --repo northset-oss/verification-pilot --signer-workflow northset-oss/verification-pilot/.github/workflows/attest-bundle.yml

Attestation confirms that Northset's signing workflow produced this exact bundle. The signer does not witness the recorded run, and verification does not turn it into maintainer verification.

QR → receipt page
Self-funded rehearsal. Not external validation.

Evidence of what ran — not a verdict that the code is good.

SELF-FUNDED FIELD-TESTING.

Redacted stdout
=== cmd 1: node bin/validate-mission.mjs missions/M-001/mission.json ===
=== cmd 2: node bin/bundle.mjs verify missions/M-001 ===
OK sha256:6a8bfdeb771e9b1515aa3fcdddda239dba417865fad29bff20f1ac187d372b62
Redacted stderr
=== cmd 1: node bin/validate-mission.mjs missions/M-001/mission.json ===
=== cmd 2: node bin/bundle.mjs verify missions/M-001 ===

FOR MAINTAINERS

Request a private run

Maintain an open-source project? Send Northset a PR already in your queue. We run its repository-declared checks in an isolated container and return the run record privately. We do not modify the PR. Nothing is published without your approval. Free during the pilot.

The issue form is public. Do not include secrets or private repository details there; use email instead.

Already onboarded? Add northset-verify to a PR to request a run on that PR.

Claims boundary

This page reports scoped proof-of-pass receipt evidence. It does not prove code quality, security, full CI coverage, production readiness, or maintainer approval. An attestation confirms bundle provenance; it does not broaden the receipt's claim.

Read the full Claims Boundary policy.