The evidence pack,
versioned + citable.
This page is the spec for what an Importable evidence pack is. Auditors, journalists, AI crawlers, and the open-source @importable/verify npm package all reference this URL. Treat it as a public API — versioned, immutable per version, replaceable only by a newer version with a documented changelog.
What this spec is
An Importable evidence pack is an ordered set of 24 typed artefacts covering one trade from harvest to settlement. Each artefact carries a content hash (SHA-256). The full set is assembled into a Merkle tree, the root of which is signed by the Rotterdam hub master key (Ed25519). The pack is the canonical record of the trade; it is what we ship with the crate; it is what the buyer pays against.
Each artefact carries a tier: verified when externally backed by a registry or cryptographic signature; declared when operator-attested; predicted when model-derived. The tiers never blend. The verifier can audit the same pack with the same conclusions as the originator.
The spec is implemented by the open-source @importable/verify npm package (Phase 9). Anyone can use it to verify a pack from a SHA-256 alone, without contacting Importable.
The 24 artefacts
Order is part of the spec — the Merkle tree assembles leaves left-to-right by ordinal, padded with the SHA-256 of an empty string up to the next power of two (32 leaves for 24 artefacts). This means the root is deterministic across rebuilds.
| # | Artefact | Tier |
|---|---|---|
| 01 | Harvest GPS coordinates | Verified · GPS |
| 02 | Cooperative legal ID + member count | Verified · registry |
| 03 | Harvest date + grade-at-harvest | Declared |
| 04 | Cold-chain sensor stream (origin) | Verified · sensor |
| 05 | Phytosanitary certificate (origin) | Declared |
| 06 | BTOM pre-clearance documentation | Verified · CDS |
| 07 | Reefer container ID + sealing record | Verified |
| 08 | Origin packhouse hygiene log | Declared |
| 09 | Cold-chain sensor stream (transit) | Verified · sensor |
| 10 | Hub arrival timestamp + bay assignment | Verified |
| 11 | QC inspector ID + public key | Verified · key registry |
| 12 | QC weight measurement | Verified |
| 13 | QC grade reassessment | Declared |
| 14 | QC photo capture (hub bay) | Declared |
| 15 | Cold-chain summary (origin → hub) | Verified · sensor |
| 16 | Buyer acceptance signature | Verified |
| 17 | SWIFT/Wise payout confirmation | Verified · SWIFT |
| 18 | Stripe invoice reference | Verified |
| 19 | Settlement margin breakdown | Declared |
| 20 | FX rate locked + spread | Verified |
| 21 | Pack assembly timestamp | Verified |
| 22 | Merkle tree root | Verified · SHA-256 |
| 23 | Hub master signature | Verified · Ed25519 |
| 24 | Public pack URL | Verified |
Cryptographic primitives
- Content hashing
- SHA-256 (NIST FIPS 180-4). Every artefact file is hashed at rest; the hex digest is the artefact's canonical identifier across the system.
- Tree assembly
- Standard binary Merkle tree. Leaves left-to-right by ordinal; padded with the SHA-256 of the empty string to the next power of two; parents are
SHA-256(left ‖ right). - Signatures
- Ed25519 (RFC 8032). The hub master key signs the Merkle root; per-inspector keys sign their individual QC artefacts. Implementation: @noble/ed25519 (audited, browser + node).
- Key rotation
- Hub master key rotated annually. Inspector keys rotated on personnel change. Old keys remain in the sign-key registry (§ 05) with a
key_revoked_attimestamp so historical packs stay verifiable.
How to verify a pack
Three independent paths, any of which is sufficient to verify a pack externally.
- Website. Paste a pack ID or hash at verify.importable.io. The page resolves the artefact tree and confirms the signature.
- HTTP API.
GET https://verify.importable.io/api/v1/pack/<trade_id>returns a JSON document with the full Merkle proof. - npm client.
npm i @importable/verify— works in Node and browsers. Verifies signatures + Merkle roots locally; pack JSON can be fetched from anywhere.
Sign-key registry
The current set of public keys authorised to sign Importable artefacts. Phase 9 exposes this registry at GET https://verify.importable.io/api/v1/signers as JSON-LD Person. Until that endpoint goes live, the placeholder hub-master key fingerprint is below.
Versioning + changelog
Each version of the spec lives at its own URL (/standard/v1, /standard/v2, …) and never changes in place. A version is replaced by a successor when the artefact set, hashing, or signature scheme materially changes. Old versions stay reachable forever so historical packs remain verifiable.
The changelog lists every published version and the reason for the change. The machine-readable canonical at /standard/v1.json carries the same content as this page, structured for crawl + cite.