# Verifying the Sample Evidence Pack

This sample pack was generated by PanGuard Migrator from 50 public SigmaHQ
rules with a placeholder customer ID (`DEMO-CORP-EU`). It is NOT a real
customer audit pack — it is a faithful demonstration of what the artifact
looks like.

## What's in the bundle

```
sample-pack/
├── eu-pack.html                EU AI Act audit pack — open in any browser
├── eu-pack.json                Same data, machine-readable
├── eu-pack.md                  Same data, plain Markdown
├── activation-demo.md          Live attack/benign event replay results
├── activation-demo.json        Same data, machine-readable
├── atr-rules-sample.zip        50 generated ATR YAML rules
├── MANIFEST.txt                SHA-256 of every file above
└── VERIFY.md                   This file
```

## Why a manifest

Files served from a CDN can be modified upstream of the user. The
manifest lets you confirm the bytes you downloaded match what PanGuard
intended to publish.

## How to verify (60 seconds)

### macOS / Linux

```bash
# Download all files into one folder, then:
cd /path/to/sample-pack
shasum -a 256 -c MANIFEST.txt
```

Expected output: every line ends with `: OK`. Example:

```
eu-pack.html: OK
activation-demo.json: OK
eu-pack.json: OK
activation-demo.md: OK
eu-pack.md: OK
atr-rules-sample.zip: OK
```

If any line says `FAILED`, the file in your folder differs from what we
published. Either the download was incomplete, or something modified the
file in transit.

### Windows (PowerShell)

```powershell
cd C:\path\to\sample-pack
Get-Content MANIFEST.txt | ForEach-Object {
  $parts = $_ -split '\s+', 2
  $expected = $parts[0]
  $file = $parts[1].TrimStart('*')
  $actual = (Get-FileHash $file -Algorithm SHA256).Hash.ToLower()
  if ($actual -eq $expected) { "$file : OK" } else { "$file : FAILED" }
}
```

## What the SHA-256 doesn't prove

The manifest proves the files weren't altered after we computed the
hashes. It does NOT prove who computed them — for that, the production
pack carries a PGP signature. This sample pack is unsigned because it is
not a real audit artifact. Production customer packs ship with a PGP
signature against the PanGuard signing key (key fingerprint published
on panguard.ai once the key is rotated to the production HSM).

## Pack-internal signature

The `eu-pack.json` and `eu-pack.html` themselves carry an internal
`signature` block:

```json
{
  "signature": {
    "pack_sha256": "<sha256 over the canonical JSON form, signature block excluded>",
    "rules_merkle_root": "<sha256-pairing of per-rule hashes, sorted by rule_id>",
    "algorithm": "sha256",
    "signed_at": "<ISO 8601 timestamp>"
  }
}
```

This is independent from `MANIFEST.txt`. The internal signature ties
together the rules in the pack; the manifest ties together the files
on disk. Both are useful — the internal signature for forensic review
of the pack content, the manifest for transport-integrity checks.

## Questions

- adam@agentthreatrule.org
- https://panguard.ai/migrator
- https://github.com/panguard-ai/panguard-ai/issues