Accord Protocol GitHub
Learn

Audit manifests

Audit Manifests Explained

An audit manifest turns external review into software-checkable evidence: exact artifact identity, auditor signature and explicit mainnet permission.

Updated 2026-06-01 8 min read Accord Protocol

Why broad audit claims fail

Agent payment rails need exactness. Saying that a repository was reviewed is weaker than saying which script hash, bytecode hash, package version, deployment address and verifier assumptions were reviewed.

A broad badge can become misleading when code changes, deployments differ or a demo artifact is promoted beyond its reviewed scope.

What a manifest should identify

A useful audit manifest names the reviewed component, version, source hash, compiled artifact hash, deployment address where relevant, network domain, auditor identity, report reference and mainnetAllowed value.

Runtime bytecode or compiled script identity matters because source code alone does not prove what was deployed.

Default-deny is the safer gate

If a manifest is missing, expired, unsigned, mismatched or says mainnetAllowed: false, the safer production behavior is denial. That prevents old demos and testnet artifacts from quietly becoming production rails.

This is especially important for autonomous agents because they can repeat a bad action quickly and at scale.

What manifests do not prove

A manifest does not prove the auditor is infallible, the operator keeps keys safe, the verifier is honest, a bridge will remain solvent or every future integration is safe.

It proves a narrower but valuable claim: a named reviewer signed a claim about exact artifacts and the allowed deployment posture.

The Accord posture

Accord v0 keeps production mainnet use blocked until signed audit manifests allow exact scripts or contracts. That posture should appear in docs, site metadata, AI-facing files and launch copy.

Conformance, testnet evidence and live receipts make the protocol credible. External audits and signed manifests are what can move a rail toward controlled mainnet use.

FAQ

Is conformance the same as an audit manifest?

No. Conformance checks compatibility. A manifest records external audit evidence for exact artifacts.

Why include runtime bytecode or compiled script hashes?

Because deployed artifacts can differ from source, and software gates need exact identities.

Who should sign the manifest?

An external auditor or authorized audit process, not only the maintainer who built the artifact.

Sources and references

Audit-gated mainnet policy

Public explanation of the current default-deny mainnet posture.

Conformance, audits and mainnet gates

Checklist separating compatibility, audit evidence and production readiness.

Accord audit docs

Repository audit-gate materials and manifest documentation.

Next action

Open audit-gate docs

Review exact artifact identity, signed evidence and default-deny mainnet gates.

Open

Read next

Related Accord guides

Safety

Audit-Gated Mainnet Policy for Accord

Why Accord keeps mainnet use blocked by default until signed audit manifests explicitly allow relevant scripts or contracts.

 Safety

Conformance, Audits and Mainnet Gates for Agent Payment Rails

How to separate Accord compatibility, external audits, rail risk, verifier assumptions and mainnet readiness for agent payment systems.

 Safety

What Accord Conformance Does Not Prove

A safety-focused explanation of the limits of conformance testing and why compatibility is not production certification.