# Faultline Sample Evidence Pack

This sample pack shows the artifact chain a focused Faultline evaluation should produce from real Go repository snapshots.

It is intentionally sanitized:

- Organization, repository, token, user, and package identifiers are examples.
- No source code is included.
- The sample mirrors the shape of Faultline evidence: snapshot receipt, governance map, weekly digest, and audit export.

## Artifact Chain

1. Local scanner runs where the code already lives.
2. Scanner emits a source-free `faultline.snapshot.v1` metadata document.
3. Enterprise ingests the snapshot and creates a receipt.
4. Dashboard normalizes owner gaps, risky packages, stale suppressions, policy drift, dependency health, and incident signals.
5. Weekly digest routes review work to verified recipients.
6. Signed audit export preserves reviewable evidence.

## Included Sample Files

- `faultline-sample-snapshot-receipt.json`
- `faultline-sample-governance-map.csv`
- `faultline-sample-weekly-digest.md`
- `faultline-sample-audit-export.md`

## What To Look For

- Can a platform lead identify the next review actions without reading source code?
- Can a VP Engineering see which repositories need ownership or suppression review?
- Can security or compliance reviewers verify that the export contains timestamped governance evidence?
- Can the team decide whether the signal is valuable enough to roll out across more production Go repositories?