The first public verifier release packages the Python runtime, Lean corridor, public specs, evidence schemas, conformance scripts, and synthetic ExampleCo corridors into one replayable bundle. It is still synthetic and scoped, but it is no longer only a private monorepo execution path, and the release is now rebuilt and revalidated through one scripted private release path before publication.
opencompliance-verifier-0.9.0The release bundle lives in the public examples repository because it is a stitched, public-safe snapshot of the verifier runtime plus the synthetic corridors it can replay.
opencompliance-verifier/0.9.0All current public corridors now report one stable verifier version rather than a different version string per fixture. The current release line also exposes a local HTTP/JSON Verify API alongside the CLI, so the public bundle now carries a pinned runtime contract instead of only filesystem-oriented scripts.
The bundle ships the verifier runtime under src/opencompliance/ plus runnable scripts for fixture verification, local HTTP/JSON API serving, Lean batch inspection, transparency verification, and signed-artifact verification.
The bundle ships the Lean 4 corridor source under lean4-controls/. On first use it bootstraps the local Lake build state instead of assuming a prebuilt private workspace.
The bundle includes open-specs/, evidence-schema/, and conformance/ so the artifact shapes and the replay checks travel with the release. The release manifest now points at a machine-readable verifier contract instead of leaving the runtime surface implicit, and the current release line is rebuilt, smoke-checked from a temporary bundle copy, and republished through one scripted private workflow instead of a hand-sequenced local checklist.
The bundled fixtures cover minimal, failed, stale, medium, issued, cyber-baseline, and ai-governance, plus the showcase, lifecycle, and signing packs.
python3 scripts/verify_fixture.py --fixture-root fixtures/public/minimal --check
python3 scripts/serve_verify_api.py --port 8788
python3 scripts/run_lean_batch.py --fixture minimal
python3 conformance/scripts/validate_public_examples.py --fixture all
python3 scripts/verify_signed_artifacts.py --manifest signed-artifact-manifest.json --artifact-root .The release proves that a third party can take the public bundle, rerun the verifier, rerun the Lean slice, validate the synthetic corridors, verify the signed file manifest, and read one explicit contract describing which release artifacts, fixture artifacts, typed-boundary tags, and outcome policies are meant to stay stable.
It does not yet prove live-connector operation, real-organisation evidence ingestion, or a production release pipeline. It is still a synthetic public reference release, not a claim of full audit readiness for arbitrary organisations.