Public Documentation

Primust Docs

Governed execution and verifiable evidence for consequential decision systems.

Current public docs for developers, security teams, and relying parties using Primust today.

Verification Hierarchy

primust-verify and bundled verify.html are the trust-minimized verification paths. verify.primust.com is the hosted convenience verifier for shared links and quick inspection.

Most Developers Should Read These Pages In Order

  1. Common Scenarios if you want to start from the problem you actually have
  2. Quickstart for installation, keys, setup, and the first runtime path
  3. User Guide for the current dashboard, onboarding, and proof-sharing flow
  4. SDKs & Adapters for choosing zero-code, explicit SDK, checks harness, or connectors
  5. Package Guides when you already know the package name and want the exact setup surface
  6. CLI for local verification and Evidence Pack workflows
  7. Technical Reference only when you need exact fields, objects, or routes

If you are evaluating Primust from the outside rather than integrating it, skip ahead to the Audit Guide.

If your consequential logic lives in Cedar, Drools, IBM ODM, or OPA, go straight to Policy & Decision Engines.

What Primust Is

Primust is the governed execution layer for consequential decision systems. It turns governance requirements into executable controls, captures runtime evidence from live systems, preserves lineage in an append-only evidence graph, and issues portable credentials that relying parties can verify without trusting the issuer.

AI is the first market, not the category boundary. Primust is built for AI and agent runtime, deterministic decision engines, regulated enterprise platforms, workflow systems, supply-chain governance, and data pipelines that feed consequential decisions.

The Canonical Governance Flow

  1. Select governance programs
  2. Create an ApplicabilitySnapshot
  3. Compile an ObligationPlan
  4. Compile a ControlPlan
  5. Approve the plan
  6. Run the system and emit evidence
  7. Append proof artifacts and export relying-party packages

Primust does not certify compliance by dropdown. It makes the governance chain explicit, reviewable, and cryptographically bound to runtime evidence.

The Four Assurance Classes

Read these as dependence levels. Proven requires the least trust in the issuer. Attested requires the most. Most users should reason about the class first and ignore the subtype unless they are reading raw artifacts or verifier output.

Class Plain-English meaning Wire subtypes
Proven A verifier can check the evidence itself independently. mathematical, verifiable_inference
Execution Primust can prove the check ran on a real execution path, even if the underlying computation is not fully independently proven. operator_bound, execution
Witnessed A named person reviewed or approved something, and that act is bound to the record. witnessed
Attested The issuer or process says something happened, but the evidence is weaker and more trust-dependent. attestation

Public product surfaces lead with these four classes. Wire-level subtypes still exist for compatibility and verifier detail, but they are secondary for most readers.

What Primust Produces

VPEC

The signed runtime credential for one governed execution, with assurance, gaps, governance-chain linkage, and proof-artifact references.

Evidence Pack

A portable package for auditors, insurers, regulators, and counterparties. It carries the chain, verifier assets, and exports.

Proof Artifacts

Backend-specific proof objects appended as upgrades without mutating the core governance meaning of the run.

External Exports

W3C VC, in-toto / DSSE, SCITT, and related relying-party formats alongside the canonical internal VPEC and Evidence Pack.

Verification Modes

primust-verify CLI

The canonical trust-minimized verifier for production review, pinned trust roots, and long-term archival verification.

Preferred Offline-capable Explicit trust roots

Evidence Pack verify.html

The portable local/browser verifier for relying parties who do not want to depend on the hosted Primust site.

Portable Browser/local Pack-bundled

verify.primust.com

The hosted convenience verifier for shared links, first-pass review, and quick inspection. Useful, but not the canonical zero-trust path.

Hosted Convenience Shared links

App Surfaces

The dashboard and verify-site surface the same governance chain: applicability, obligations, controls, approvals, runtime evidence, proof artifacts, lineage, and exports.

Governance context Lineage Exports

Who Each Surface Is For

Persona Primary Need Primary Surface
Developers Low-friction runtime evidence and reproducible capture Quickstart, dashboard setup, runtime adapters
Security & Compliance Applicability, obligations, control plans, approvals, drift Governance Center in the dashboard
Relying Parties Offline-verifiable evidence with explicit governance context Audit Guide, Evidence Packs, CLI, verify.html
Start Here

New implementation: use Quickstart. Relying-party review: use Audit Guide. Object model and current routes: use Technical Reference.

Primust Docs · public docs organized for normal implementation first, audit review second, and deeper reference only when needed.