OffSec + WitnessOps wiring (R1)
OffSec Shield — local server audit sample
OffSec collects read-only posture and ships a receipt-backed proof bundle. WitnessOps proves named workflows on /verify for PV/QV/WV receipt stages. This sample shows the Shield deliverable shape and honest limits — not a claim that your environment was audited.
Run metadata
- Receipt id
- secsvc-local-fixture-a
- Run id
- local-fixture-a
- Module
- local-audit
Download artifacts
- RECEIPT.json
sha256 297a03f1a355a41f02807912c52ff618965dadf02c5f0a65dea6c13a740ac1c4
- evidence_manifest.json
sha256 7dc6aaf728baa73e4d670422b4d7a6b1f602c7ce350d4d8d4b709d1d32252e65
- MANIFEST.sha256
sha256 0e85033e0d83f6ae28d0489b62f37cc8cca201a2aee521ce020a60c8f2ee5643
- evidence/posture.json
sha256 63e2d3917b2b9ce3edf28a9e60708a0d1e2004fa95783308e8fe1d074150118a
- evidence/findings.json
sha256 d1c590aa730d5b5bfa1f7c92b7b031b2aab78a16f7e295f712f28102ad44136d
- evidence/authority.json
sha256 f732264f1ae592e4d4e24818c49e734e5ed27b2bbba7b710d998abfebad87db1
- evidence/scope.json
sha256 571823760f1f1d3510e3484527d5c0f6765ce27f12698913ae0d06246cb73f6a
- VERIFY_NOTE.json
sha256 dee8b4dcfe774c300162538d291ebea1138cd4fa8403bd4368ab55d706a902c8
- README.md
sha256 9aba02f52ff5a45de88eef6d273d9bbc4a05e223d6b4082e130d0ea1a84e64e9
- proofpack-demo-host-local-fixture-b.zip
Optional portable proof-pack (fixture B drift demo). Verify with OffSecShield CLI offline.
Proof boundary
- Integrity checks use Shield
MANIFEST.sha256semantics (READY / MISMATCH / MISSING). - Does not prove regulatory compliance, EDR coverage, or that your production hosts match this fixture.
- Schema map:
offsecshield.receipt.v1→run_receipt.schema.jsonperSCHEMA_RECONCILIATION.md(R2: POSTRECEIPT.jsonto/api/verifyfor structural checks only).
Sample id: offsec-shield-local-server-audit. Regenerate via OffSec-Lane publish-shield-sample-witnessops.sh.