GET /runs/{id}/report.pdf

Generates a comprehensive audit report PDF for the specified run. The PDF is outcome-aware: different content and proofs depending on whether the run resolved to ok, pepg_deny, ccv_halt, macc_halt, or stage_error.

Print-ready, single-file, rendered in the following order:

Request

GET /runs/{id}/report.pdf
X-Verdifax-Key: vfx_...

Response

200 OK:

Content-Type: application/pdf
Content-Disposition: attachment; filename="verdifax-audit-run-42.pdf"

The body is the PDF binary. Typical size: 5–15 KB.

Example

curl -s http://localhost:9090/runs/42/report.pdf \
  -H "X-Verdifax-Key: vfx_..." \
  -o /tmp/verdifax-audit-run-42.pdf
open /tmp/verdifax-audit-run-42.pdf

PDF anatomy

Every Verdifax audit PDF follows this structure:

1. Executive Summary (two paragraphs)

First paragraph: Run-specific opener with timestamps, artifact hash prefix, actor, model.

Second paragraph: Outcome-aware infrastructure framing. Sample framings:

• ok: "This artifact is independently verifiable offline to confirm: the request was permitted under active policy, the system executed without deviation, the tenant was within enforced constraints at execution time, and the result has not been altered since sealing."
• pepg_deny: "This artifact is independently verifiable offline to confirm: a specific deny rule fired before execution, no AI model was invoked and no execution charges were incurred, the system halted at the policy gate without producing a manifest, and the sealed denial has not been altered since sealing."
• ccv_halt: "This artifact is independently verifiable offline to confirm: the request was admitted under active policy, the per-run runtime budget was breached during execution, the system halted at the constraint boundary, and the sealed halt evidence has not been altered since sealing."
• macc_halt: "This artifact is independently verifiable offline to confirm: the request was admitted under active policy, the bound tenant's cumulative budget was at or beyond cap at execution time, the system halted at the cumulative-constraint boundary, and the sealed halt evidence has not been altered since sealing."
• stage_error: "This document records a pipeline failure for operational diagnosis only. No sealed manifest was produced; this record is not a verifiable execution attestation and should not be relied on as legal evidence of execution."

2. ENFORCEMENT NOT OBSERVATION callout

"Verdifax enforces execution, it does not observe it. If a request violates policy or constraints, it is halted before execution, and a sealed denial artifact is produced instead."

Followed by a smaller italic line: "Sealed deny and halt artifacts use the same canonical-preimage format as the manifest above and are independently verifiable offline via the same verdifax-pepg-verify CLI."

3. How to Verify callout

curl -H "X-Verdifax-Key: $VERDIFAX_KEY" https://api.verdifax.com/runs/{id}/artifacts | verdifax-pepg-verify

4. Outcome-specific sections

For OK runs: Decision section, Outcome Summary, Model & Execution Context (with MODEL ATTESTATION STATUS sub-block), Policy Evaluation Summary, Policy Evaluation Detail, Plain-English Interpretation, Policy → Outcome Binding, Authorization Summary (with AUTHORIZATION REQUIREMENT sub-block), Approval Chain, Risk Assessment, Request Substance, Runtime Budget State, Tenant Budget Snapshot, At-Execution Tenant State (sealed, with era version note), Real-World Effect (effect_log or "No external system action attested").

For non-OK runs: The corresponding Sealed Receipt section (DenyReceipt, CCVHaltReceipt, or MACCHaltReceipt).

5. OUTCOME-AWARE PROOF section

The title and banner vary by outcome:

• ok: Title "Proof, Cryptographic Seal", banner "MANIFEST HASH SHA-256" + manifest_hash
• pepg_deny: Title "Proof, Deny Receipt Seal", banner "DENY RECEIPT HASH SHA-256" + receipt.hash + disclosure paragraph
• ccv_halt: Title "Proof, CCV Halt Receipt Seal", banner "CCV HALT RECEIPT HASH SHA-256" + receipt.hash
• macc_halt: Title "Proof, MACC Halt Receipt Seal", banner "MACC HALT RECEIPT HASH SHA-256" + receipt.hash

6. Run Metadata table

Contains field "Pipeline Duration" (NOT "Duration (ms)"). Sample values:

• For sub-millisecond runs: "0.413 ms (sub-millisecond, gate evaluation only; Verdifax does not invoke AI models)"
• For legacy v2-schema runs without duration_micros: "12 ms (legacy v2 schema; sub-millisecond precision unavailable)"
• For runs with both durations as 0: "< 1 ms (sub-millisecond, gate evaluation only; Verdifax does not invoke AI models)"

7. Sealed Manifest Fields OR Pipeline Execution State

For OK: 18-row table with all pipeline-stage hashes.

For pepg_deny: "Not applicable, execution halted at PEPG (the Pre-Execution Policy Gate) before any pipeline stage produced a sealed artifact. No downstream pipeline artifacts (DTL transport hash, DKEC kernel execution IDs, AER, ZK transcript, hardware attestation, formal-verifier status, ledger entry, final VFA artifact) exist for this run. The DenyReceipt above is the complete sealed evidence of this outcome."

For ccv_halt/macc_halt: Similar note indicating which stages DID run before the halt.

8. Outcome-aware Verification Statement

Five different texts dispatched on outcome_kind. See Errors for exact wording.

Use cases

• Attaching to a regulator's data request
• Including in an internal change-management ticket as evidence
• Sending to a counterparty as proof of a model decision
• Long-term archival alongside the model output it certifies

Sample PDFs

Four example PDFs from canonical test runs:

• Run 63 (ok), Download
• Run 64 (pepg_deny), Download
• Run 65 (ccv_halt), Download
• Run 76 (macc_halt), Download

Continue

• Compliance, EU AI Act, Article 13
• Compliance, HIPAA audit trail