# FES-1.0 Preview — Evidence Kit Schema

FES means Freeze/Evidence Schema. FES-1.0-preview is the public preview schema for AttestLayer evidence kits.

## Core files

- `binder.pdf` — human-readable packet summary.
- `manifest.json` — artifact inventory, hashes, scope metadata, and manifest root hash.
- `receipt.json` — signed issuance receipt bound to the manifest hash and root hash.
- `jwks.json` — public verification key material.
- `artifacts/` — accepted sample or customer-supplied records.

## Manifest fields

- schema_version
- receipt_version
- kit_id
- job_id
- issued_at
- issuer
- binder_path
- binder_sha256
- artifacts[]
- artifact.path
- artifact.sha256
- artifact.size_bytes
- manifest_root_hash
- boundary

## Receipt fields

- receipt_version
- job_id
- kit_id
- issued_at
- issuer
- public_key_kid
- manifest_sha256
- manifest_root_hash
- canonical_receipt_sha256
- signature_algorithm: Ed25519
- signature
- scope
- boundary

## Verification result

A verification result is PASS only when all checks pass:
- artifact hashes match the manifest
- manifest root hash matches artifact material
- manifest hash matches the receipt
- receipt canonical hash matches the receipt
- public_key_kid matches a JWKS key
- Ed25519 signature verifies successfully

Any missing file, malformed receipt, mismatched hash, missing JWKS key, wrong key ID, or invalid signature returns FAIL.

Boundary: Integrity and issuance evidence only. Not audit, certification, or compliance guarantee.