Verify any Civitas pack in under 2 minutes.

60-second executive summary

1. 1. Unpack CIVITAS-EPI-GOLDEN-v1.zip.
2. 2. Run epi-cli verify ... --json against a pack.
3. 3. Read pass/fail signals from the emitted verify JSON.

Pass/fail signals that matter

• ok: true means the pack passed schema and integrity checks.
• missing_files should be empty for valid bundles.
• file_hashes lists deterministic hashes for core artifacts.
• If ok is false, treat the pack as invalid until rebuilt.

Where identity lives

Pack identity metadata is stored in epi.decision_pack.v1.json under pack_meta.

Stable fields include pack_type, library, client, and engagement.

Non-technical: use EPI Viewer (drag pack.zip, export verify JSON).

Technical: use CLI commands below.

Troubleshooting / Support pack

.\tools\epi\epi-cli.exe verify .\public\proof\packs\vendor-security\pack.zip --json | Out-File -Encoding utf8 .\verify.vendor-security.json

.\tools\epi\epi-cli.exe verify .\public\proof\packs\soc2-readiness\pack.zip --json | Out-File -Encoding utf8 .\verify.soc2-readiness.json

.\tools\epi\epi-cli.exe verify .\public\proof\packs\dfir-incident-response\pack.zip --json | Out-File -Encoding utf8 .\verify.dfir-incident-response.json

.\tools\epi\epi-cli.exe verify .\public\proof\packs\iso-27001\pack.zip --json | Out-File -Encoding utf8 .\verify.iso-27001.json

.\tools\epi\epi-cli.exe verify .\public\proof\packs\nist-csf\pack.zip --json | Out-File -Encoding utf8 .\verify.nist-csf.json

DecisionPack.pdf is derived from DecisionPack.html. PDF hashes are logged, but Chromium can vary metadata fields such asCreationDate,ModDate, andID. Verification should treat the pack.zip + verify.json pair as the integrity anchor; PDF variance does not imply evidence drift.