AttestLayerAttestLayer

Intake Engine

100% automated, deterministic PASS/FAIL — no human handling.

Upload Requirements

  • ZIP or individual files (PDF, DOCX, XLSX, PNG, JPG, CSV, JSON, TXT)
  • Maximum upload size: 100 MB
  • If you upload individual files, the system bundles them automatically
  • Executable content is blocked
  • No nested archives beyond 2 levels

Note: the Verify portal has its own 25 MB limit because it verifies issued kit.zip files locally in the browser. That limit is separate from the intake ZIP upload limit.

Pipeline overview

  1. Upload: Submit a ZIP or individual files (PDF, DOCX, XLSX, CSV, JSON, PNG, JPG, TXT). Max 100 MB per upload. Individual files are bundled automatically.
  2. Extract & normalize: ZIP contents are extracted. Each file is renamed to a deterministic, conflict-free path preserving the original structure via mapping.json.
  3. Classify: Every file is classified into one of 10 artifact buckets: contracts, policies, reports, security, controls, tickets, exports, evidence, screenshots, unknown. Classification uses filename tokens, folder path analysis, content sniffing (PDF title, JSON keys, CSV headers), and extension-based type detection. Confidence scores are computed per bucket in [0, 1].
  4. Validate: The system checks that all required artifact groups are present with at least one file meeting the 0.90 confidence threshold:
    • policies — at least one policies file
    • reports_or_security — at least one reports or security file
    • contracts — at least one contracts file
    • evidence_or_controls — at least one evidence or controls file
    Missing groups produce a machine-readable checklist.
  5. PASS / FAIL: If all required groups are satisfied → PASS. Otherwise → FAIL with a detailed report listing missing groups, low-confidence files, and suggested remediation.
  6. Kit issuance (PASS only): On PASS, the system produces:
    • kit.zip — normalized evidence kit
    • manifest.json — SHA-256 hashes for every file
    • receipt.json — issuer-signed receipt (Ed25519)
    • Offline verifier bundle for hash + signature validation without internet
    • diff.json (optional) — file-level diff vs previous kit when diff_scope_id is provided

API endpoints

MethodPathDescription
POST/v1/intake/jobsCreate a new job (returns upload URL)
POST/v1/intake/jobs/{id}/uploadUpload ZIP or individual files for processing
GET/v1/intake/jobs/{id}Get job status
GET/v1/intake/jobs/{id}/artifactsGet download URLs for outputs

Supported file types

ZIP contents may include: .pdf, .docx, .xlsx, .csv, .json, .png, .jpg, .jpeg, .txt, .md, .html. Images are classified as screenshots and do not satisfy required artifact groups.

Determinism contract

Same input ZIP → same classification, same PASS/FAIL result, same kit structure. Versioned via FES-DIFF-1.0 scope. No randomness, no LLM dependency, no human judgment.

← Back to docs