AttestLayerAttestLayer
Distribution PackStart qualification

Intake Engine

Automated PASS/FAIL under the active ruleset and validation version. No human handling in the core intake path.

Upload Requirements

  • ZIP or individual files (PDF, DOCX, XLSX, PNG, JPG, CSV, JSON, TXT)
  • Maximum upload size: 100 MB
  • If you upload individual files, the system bundles them automatically
  • Executable content is blocked
  • No nested archives beyond 2 levels

Note: the Verify portal has its own 25 MB limit because it verifies issued kit.zip files locally in the browser. That limit is separate from the intake ZIP upload limit.

Pipeline overview

  1. Upload: Submit a ZIP or individual files (PDF, DOCX, XLSX, CSV, JSON, PNG, JPG, TXT). Max 100 MB per upload. Individual files are bundled automatically.
  2. Extract & normalize: ZIP contents are extracted. Each file is renamed to a deterministic, conflict-free path preserving the original structure via mapping.json.
  3. Classify: Every file is classified into one of 10 artifact buckets: contracts, policies, reports, security, controls, tickets, exports, evidence, screenshots, unknown. Classification uses filename tokens, folder path analysis, content sniffing (PDF title, JSON keys, CSV headers), and extension-based type detection. Confidence scores are computed per bucket in [0, 1].
  4. Validate: The system checks that all required artifact groups are present with at least one file meeting the 0.90 confidence threshold:
    • policies — at least one policies file
    • reports_or_security — at least one reports or security file
    • contracts — at least one contracts file
    • evidence_or_controls — at least one evidence or controls file
    Missing groups produce a machine-readable checklist.
  5. PASS / FAIL: If all required groups are satisfied → PASS. Otherwise → FAIL with a detailed report listing missing groups, low-confidence files, and suggested remediation.
  6. Kit issuance (PASS only): On PASS, the system produces:
    • kit.zip — normalized evidence kit with kit/manifest.json, kit/receipt.json, kit/receipt.sig, kit/diff.json, kit/verifier/, and top-level registry/ proof files
    • diff.json — standalone diff payload returned on PASS; its status shows whether a previous comparable kit was available for the provided diff_scope_id

API endpoints

MethodPathDescription
POST/v1/intake/jobsCreate a new job (returns upload URL)
POST/v1/intake/jobs/{id}/uploadUpload ZIP or individual files for processing
GET/v1/intake/jobs/{id}Get job status
GET/v1/intake/jobs/{id}/artifactsGet download URLs for outputs

Supported file types

ZIP contents may include: .pdf, .docx, .xlsx, .csv, .json, .png, .jpg, .jpeg, .txt, .md, .html. Images are classified as screenshots and do not satisfy required artifact groups.

Determinism contract

The same input ZIP produces the same classification, PASS/FAIL result, and kit structure only under the same ruleset, schema version, adapter profile, and validation version. Versioned via FES-DIFF-1.0 scope. No LLM dependency is used in the core PASS/FAIL path.

← Back to docs