Evidence Pack
A scoped bundle of verification artifacts assembled for a Release: PDF report, ReqIF export, JUnit results, optional MCAP recordings, LLM triage notes, SARIF static-analysis output, coverage matrix snapshot. Tamper-evident via SHA-256 hash chain.
Why It Matters
Audit handoffs are usually awful: a Confluence page with screenshots, a SharePoint folder of misc artifacts, an email thread. The auditor wants a single bundle they can verify hasn't been tampered with. The team wants "generate the bundle" to be one button click, not three weeks of coordination.
How Roboticks Implements It
Per-Release evidence pack assembles all relevant artifacts into a PDF, ZIP, and ReqIF. Files are added via append-only hash chain; the manifest carries SHA-256 of every file. A public verify endpoint walks the chain. S3 lifecycle: hot for 90 days, then Glacier for long-term retention.