Executive Evidence — Forge Proof Layer Upgrade

This answers the ten IRS-auditor questions with objective evidence.

1. What exactly is being claimed? That the Proof Layer is now a mandatory,

non-bypassable gate that computes a certification state (one of seven), an Evidence Grade (A+..F), and a Trust Score (0–100), and that a fail-closed gate blocks delivery/publication/certification/benchmark/commit accordingly.

1. What evidence supports each claim? verify.mjs runs 23 checks against the

real tools (tools/forge-proof.mjs, forge-gate.mjs, forge-proof-verify.mjs) on disposable fixtures; results are in verification-report.json and proof/CLAIM_EVIDENCE.json, with raw output under proof/evidence/.

1. Can an independent engineer reproduce this claim? Yes — proof/REPRODUCE.md

gives exact commands; proof/CHECKSUMS.json pins every input and self-verifies.

1. What assumptions were made? That Node.js is available and that the

verification report's status/passed/total faithfully describe the build.

1. What limitations exist? See proof/LIMITATIONS.md. No official/external

benchmark exists in this environment, so Grade A/A+ and PRODUCTION_VALIDATED are defined but not exercised.

1. What seams exist? The Grade A/A+ and production-validation paths

(DISCLOSED_SEAM); fixtures stand in for the universe of real packages.

1. What was actually executed? The full toolchain end-to-end: engine on

passing and failing fixtures, the gate for every action, and the tamper-evident checksum self-test. Captured in proof/EXECUTION_TRACE.json.

1. What was inferred? Nothing material — each reported behaviour maps to an

executed check rather than an inference.

1. What remains unverified? External/official-benchmark behaviour and live

production validation (no such inputs available here).

1. What evidence would invalidate this claim? A failing check in

verify.mjs, a checksum mismatch from tools/forge-proof-verify.mjs, or any claim with no source in proof/CLAIM_EVIDENCE.json.