What a PASS means

Plain-language verdict semantics for auditors and dispute teams reading the output of farigate-cli verify-evidence-pack or the browser verifier. Adapted from docs/WHAT-PASS-MEANS.md in the FARIGATE repository.

PASS

A PASS on an agent-transaction dispute pack means the verifier answered, in this order and from cryptographically verified material only:

1. Was the action authorized? The decision receipt is signed, intact, and records the gate's decision for this exact action digest.
2. By whom? The presenting actor recorded in the pack plus the mandate user principal key (and, for human-not-present flows, the agent key bound in the mandate chain).
3. Under what policy? The policy set id and policy snapshot hash bound into the signed receipt, with the recorded Cedar policy decision replayed.
4. Within mandate? The attached AP2 mandate bundle re-verified offline at the decision time recorded in the signed receipt, and the result matches the gate's recorded verification.
5. Is the record intact? Manifest artifact digests, the receipt hash-chain link, the signed receipt binding, and the signed evidence-pack binding all verified.

Each question is reported as YES, NO, or NOT VERIFIED, with the checks that produced the answer. A PASS is a statement about the evidence in the pack — nothing more.

What a REFUSE pack proves

A denied payment produces a complete, verifiable pack with the same structure. PASS on a refusal pack means the refusal itself is proven: the signed receipt records the deny decision, and the verifier reproduces the recorded failure offline. A refusal that cannot be reproduced from the attached material fails verification. (Stated exception: gate-side failure kinds are reported as recorded, with the verifier's own re-verification outcome reported but not matched.)

Trust labels: demo vs. FARIGATE Cloud

Every verdict names the trust that produced it.

• DEMO TRUST — the repo's demo fixture material. A verdict over it proves pack shape and verifier behavior, never production or customer readiness. The CLI refuses to combine --require-regulated-evidence PASS with demo roots.
• FARIGATE CLOUD TRUST (HOSTED GATE) — the published hosted-gate trust: a per-deployment signing key generated at first boot plus the published FARIGATE Cloud governance/mandate set. It proves a pack was signed by that hosted gate under that governance. It is NOT a key ceremony and proves no production or customer readiness.

PARTIAL

Everything present verified, but something was not established (for example: no agent-mandate trust supplied, so mandate re-verification is reported NOT VERIFIED (skipped) — never silently passed). Label nuance between surfaces: the CLI reports PARTIAL by default even when every present check verified (its standing reminder that --require-regulated-evidence was off), while the browser verifier reports PASS in that case and reserves PARTIAL for packs where something present could not be verified. The underlying check results are identical. A partial result is never a pass.

What tampering looks like

Verification fails closed at the first broken link, naming it — a manifest digest mismatch, a receipt signature failure, a mandate whose recorded verification no longer matches, a broken chain link. All five dispute questions then read NOT VERIFIED. One changed byte anywhere in a bound artifact produces a FAIL, not a degraded PASS.

What FARIGATE does NOT guarantee

• Not an enforcement guarantee. FARIGATE is evidence infrastructure. A PASS proves what the gate decided and verified; it does not prove the payment (or any action) could not have happened through some other system.
• Presence mode is structural — derived from the AP2 mandate chain shape, not from a biometric or liveness check.
• Cumulative and velocity limits are gate-side. The pack records the constraint and the policy decision; offline verification replays that decision but cannot re-derive the gate's runtime state.
• Policy replay carries an engine-version caveat. The verifier replays the recorded Cedar policy with the engine version it was built with (stated in its output).
• A verdict over demo trust material is local validation; a verdict over FARIGATE Cloud trust is hosted-gate validation. Neither is production or customer readiness.