This document defines the strict JSON contract for report/analyst_digest.json.
Design constraints:
- The digest is computed, not narrated.
- The digest must not add claims outside verifier outputs and structured evidence.
- All artifact references must be run-relative paths (no absolute paths).
- Missing, partial, or tampered evidence must fail closed.
schema_version(required): exact stringanalyst_digest-v1
schema_version: string, exact valueanalyst_digest-v1run: objecttop_risk_summary: objectfinding_verdicts: array of objectsexploitability_verdict: objectevidence_index: array of objectsnext_actions: array of non-empty strings
Unknown top-level keys are invalid.
run_id(required): non-empty stringfirmware_sha256(required): lowercase hex string, length 64generated_at(required): non-empty string timestamp
total_findings(required): integer >= 0severity_counts(required): object with all keys present:critical,high,medium,low,info- each value is integer >= 0
Each entry contains machine-derived status for one finding:
finding_id(required): non-empty stringverdict(required): enumVERIFIEDATTEMPTED_INCONCLUSIVENOT_ATTEMPTEDNOT_APPLICABLE
reason_codes(required): non-empty array of reason-code enum valuesevidence_refs(required): non-empty array of run-relative pathsverifier_refs(required): non-empty array of run-relative paths
state(required): same enum asfinding_verdicts[].verdictreason_codes(required): non-empty array of reason-code enum valuesaggregation_rule(required): exact stringworst_state_precedence_v1
Each entry:
ref(required): run-relative pathsha256(required): lowercase hex string, length 64
- Array of non-empty strings.
- Recommended actions only; no new exploitability claims.
Exact verdict values:
VERIFIEDATTEMPTED_INCONCLUSIVENOT_ATTEMPTEDNOT_APPLICABLE
NOT_APPLICABLE must only be used with explicit machine-checkable reason codes and must not be used to bypass failed or missing proof gates.
Allowed reason codes:
VERIFIED_ALL_GATES_PASSEDVERIFIED_REPRO_3_OF_3ATTEMPTED_EVIDENCE_TAMPEREDATTEMPTED_VERIFIER_FAILEDATTEMPTED_REPRO_INSUFFICIENTATTEMPTED_EVIDENCE_INCOMPLETENOT_ATTEMPTED_REQUIRED_VERIFIER_MISSINGNOT_ATTEMPTED_DYNAMIC_VALIDATION_MISSINGNOT_ATTEMPTED_RUN_INCOMPLETENOT_APPLICABLE_NO_RELEVANT_FINDINGSNOT_APPLICABLE_PLATFORM_UNSUPPORTED
Reason-code precedence (high to low, deterministic ordering):
ATTEMPTED_EVIDENCE_TAMPEREDATTEMPTED_VERIFIER_FAILEDATTEMPTED_REPRO_INSUFFICIENTATTEMPTED_EVIDENCE_INCOMPLETENOT_ATTEMPTED_REQUIRED_VERIFIER_MISSINGNOT_ATTEMPTED_DYNAMIC_VALIDATION_MISSINGNOT_ATTEMPTED_RUN_INCOMPLETENOT_APPLICABLE_NO_RELEVANT_FINDINGSNOT_APPLICABLE_PLATFORM_UNSUPPORTEDVERIFIED_ALL_GATES_PASSEDVERIFIED_REPRO_3_OF_3
reason_codes arrays must be unique and sorted by this precedence.
Aggregation rule ID: worst_state_precedence_v1
State precedence (worst to best):
ATTEMPTED_INCONCLUSIVENOT_ATTEMPTEDVERIFIEDNOT_APPLICABLE
Digest exploitability_verdict.state is selected as the highest-priority state present across finding_verdicts[].verdict.
Deterministic tie behavior:
- If multiple findings share the selected state,
exploitability_verdict.reason_codesis the set-union of reason codes from findings in that state, sorted by reason precedence. - If
finding_verdictsis empty, state must beNOT_APPLICABLEwith reasonNOT_APPLICABLE_NO_RELEVANT_FINDINGS.
- Digest fields are derived only from structured evidence artifacts and verifier outputs.
- Digest must not add freeform exploitability claims.
- Any referenced artifact path must remain run-relative.