# Verifying your AI-Governance Evidence Pack (offline)

Your pack carries NO verdict — you re-derive it yourself under the PUBLIC pinned keys in `config.json`
(the signing parties' public keys; safe to publish). Any alteration to a signed leg, the policy, or the
cross-binding invalidates a signature and the pack BLOCKS.

    # clone github.com/brandonjsellam-Releone/verify-pqc  (or npm i -g @trelyan/verify-pqc)
    node pqgovern-cli.mjs evidence-pack.json config.json     # exit 0 = ADMIT, 1 = BLOCK

**IMPORTANT — confirm the pins.** ADMIT proves the pack is internally consistent with the PUBLIC keys in
`config.json`; it does NOT prove those keys belong to the right parties. Before you trust the verdict,
confirm each pin matches the expected signer's *independently published* key (declarant / evaluator / runner /
compliance owner) out of band. Optionally, transparency-log inclusion (if the admission was anchored) verifies
programmatically via `pqgovern-anchor` — a separate step this base pack does not require.

Order: demo-sample · Signed, self-attested AI-governance evidence produced with the TRELYAN verify-pqc toolchain. This is NOT a
certification, NOT an audit opinion, NOT a conformity assessment, NOT a legal-compliance certification, and NOT a
guarantee of quantum safety or model safety. It proves WHO signed WHAT (an AI Bill of Materials, an evaluation, an
execution trace) and that a signed policy admitted the model under the pinned owner keys — it does not attest the
model is adequate, safe, or compliant. Supports (does not constitute) NIST AI RMF / EU AI Act preparation; not
legal or compliance advice.
