Reproducibility Pack
The reproducibility pack is the subset of run artifacts that lets an operator or auditor reconstruct what was executed and verify that the reported outputs belong to that run.
Core artifacts
Expect the reproducibility pack to include at least:
repro_pack/manifest.jsonrepro_pack/environment/python.jsonrepro_pack/environment/system.jsonrepro_pack/environment/binaries.jsonrepro_pack/container/Dockerfilerepro_pack/container/build.shrepro_pack/container/run.shrepro_pack/container/verify.shrepro_pack/outputs/expected_output_hashes.json
Depending on the release, the results directory may also include summary and metrics artifacts that are useful for spot-checking completeness.
What the example reproducibility pack captures
The example pack captures:
- base image and entrypoint module
- environment defaults
- input references
- output artifact root
- Python package inventory
- OS package inventory
- binary presence and hashes
- container rebuild scripts
- output-hash verification support
This is the first place to look when an operator or auditor asks, "Can I rebuild or verify this run environment?"
What run_manifest.json still adds
The main run_manifest.json outside the pack still matters because it connects the repro materials to the run identity, input context, and entitlement/execution metadata.
What verify.sh is for
The example verification helper compares reproduced outputs against expected_output_hashes.json. That is different from seal verification. It is replay verification for the output files themselves.
Recommended audit workflow
- Confirm the
run_idand runtime metadata inrun_manifest.json - Review the captured environment and build scripts
- Rebuild or rerun in a controlled workspace if needed
- Use the output-hash verifier to compare reproduced outputs
- Cross-check customer-facing report claims against the main manifest and result artifacts
For the output inventory view, see Report Package Overview.