Version 0.2 — Public beta evaluation
Ethos Evidence Format is an open, local-first format for representing document evidence that can be parsed, cited, anchored, and verified. It is designed for humans, agents, RAG systems, parser authors, and CI jobs that need to inspect what a document pipeline actually proved.
The format is intentionally small at the packaging layer: a set of JSON, JSONL, Markdown, text,
and optional crop artifacts governed by the JSON Schemas in schemas/. If you can
read files from a directory and validate JSON Schema draft 2020-12, you can consume Ethos
artifacts.
schemas/README.md distinguishes consumer-facing product contracts from
internal process and guard schemas. Internal schemas validate repository governance records; they
are not EEF exchange contracts and their presence does not approve a public surface.
This document defines the exchange shape and conformance rules for the current Ethos artifact family. It does not introduce a hosted API, a new command, a benchmark claim, a production guarantee, OCR support, Windows packaged artifacts, bundled project-maintained PDFium, or semantic answer verification.
Many document and RAG systems can produce extracted text, chunks, or citations. Fewer systems make the evidence boundary explicit enough to answer:
- Which source bytes produced this document graph?
- Which page, element, text span, table cell, or region does a citation refer to?
- Is the cited evidence fresh relative to the source fingerprint?
- Did verification fail because the claim is wrong, the locator is stale, or the parser lacks a required capability?
- Can a reviewer inspect the cited source region instead of trusting a model-generated citation?
EEF takes the position that document-grounded AI needs portable, deterministic evidence artifacts: source fingerprints, stable IDs, parser capabilities, evidence refs, verification reports, and source-inspection artifacts that survive outside one application.
- Define the portable artifact set that Ethos producers can write and Ethos consumers can read.
- Keep source evidence, retrieval citations, evidence anchoring, and verification reports separate.
- Make deterministic identity explicit through canonical JSON, schema versions, fingerprints, stable IDs, and capability declarations.
- Allow native Ethos parser output and supported foreign parser output to share one verification
boundary through
GroundingSource. - Give agents and CI systems a small set of conformance rules for safe consumption.
- Replacing the field-level JSON Schemas in
schemas/. - Defining a general-purpose document conversion, OCR, ETL, or hosted parsing format.
- Claiming semantic truth, answer quality, arithmetic correctness, pixel-level proof, or model entailment.
- Requiring one directory layout for every CLI invocation. Current commands produce individual artifacts; this document defines the recommended bundle shape for exchange.
- Making public benchmark, parser-quality, table-quality, speed, footprint, hosted, production, or bundled-PDFium claims.
- Evidence Bundle — A directory or archive containing one or more Ethos artifacts for a single source document or a deliberately grouped set of related source documents.
- Source Document — The original document bytes, such as a born-digital PDF. Source bytes may be included, stored elsewhere, or unavailable; the source fingerprint remains the identity hook.
- Source Fingerprint —
sha256:<64 lowercase hex>over the source bytes when the producer can bind artifacts to exact bytes. - Document Artifact — The canonical Ethos document graph governed by
schemas/ethos-document.schema.json. - Stable Payload Projection — The canonical document payload subset used for payload hashing and document fingerprinting under the determinism contract.
- Document Fingerprint — The fingerprint of an Ethos document artifact, derived from source fingerprint, profile hash, config hash, payload hash, and schema version.
- Grounding Source — A parser-neutral evidence provider exposed through the
GroundingSourcecontract. Native Ethos JSON is one grounding source; supported foreign parser output can be another. - Capability Declaration — The grounding source's statement about what it can prove, such as spans, character offsets, tables, fingerprints, coordinate origin, and crop support.
- Evidence Ref — A caller-provided reference to page, text, text-region, table-cell, region, or
other source evidence, consumed by
ethos evidence anchor. - Citation Claim — A caller-provided claim consumed by
ethos verify --citations, such as a quote, value, presence, table-cell, or region claim. - Evidence Anchor Report — A deterministic report showing whether evidence refs bind to source document evidence. This is source tracing, not semantic answer verification.
- Verification Report — A deterministic report showing whether citation claims are grounded in a grounding source. This is literal evidence grounding, not semantic answer verification.
- Crop Descriptor — JSON metadata describing a source-bound crop target, with optional rendered PNG output when caller-provided source PDF bytes and PDFium are available.
- Deterministic Profile — A versioned profile that pins canonicalization, quantization, ID, font, backend, warning, and hash-input behavior.
An Evidence Bundle is a directory tree of artifacts. The directory structure is a packaging convention; the normative contracts are the schemas, deterministic profile, and command-specific input/output rules.
path/to/evidence-bundle/
├── source.pdf # Optional source bytes.
├── document.ethos.json # Primary Ethos document artifact.
├── document.md # Optional derived Markdown projection.
├── document.txt # Optional derived plain-text projection.
├── chunks.jsonl # Optional retrieval chunks.
├── security_report.json # Optional source/security findings.
├── citations.json # Optional verification input.
├── verification_report.json # Optional verification output.
├── evidence_anchor_request.json # Optional evidence-anchor input.
├── evidence_anchor_report.json # Optional evidence-anchor output.
├── crops/
│ ├── crop_descriptors.jsonl # Optional collection of crop descriptors.
│ └── <crop-ref>.png # Optional rendered crop artifacts.
└── profiles/
└── ethos-deterministic-v1.json # Optional copied deterministic profile.
An Evidence Bundle MAY be distributed as:
- a git repository or subdirectory;
- a tarball or zip archive;
- a build artifact emitted by CI;
- a directory passed between a parser, RAG system, verifier, and reviewer.
Consumers MUST NOT assume every optional artifact is present. A bundle containing only
document.ethos.json is valid if that artifact conforms to its schema. A bundle containing only
foreign parser output plus verification artifacts can still be useful when the foreign output is
adapted through GroundingSource.
The following filenames have conventional meaning when present:
| Filename | Purpose | Normative schema |
|---|---|---|
document.ethos.json |
Canonical Ethos document graph. | ethos-document.schema.json |
chunks.jsonl |
One retrieval chunk per line. | ethos-chunks.schema.json |
security_report.json |
Document-level risk and security findings. | ethos-security-report.schema.json |
citations.json |
Citation-claim input for ethos verify --citations. |
ethos-citations.schema.json |
verification_report.json |
Citation evidence verification output. | ethos-verification-report.schema.json |
evidence_anchor_request.json |
Evidence-ref input for ethos evidence anchor. |
ethos-evidence-anchor-request.schema.json |
evidence_anchor_report.json |
Evidence anchoring output. | ethos-evidence-anchor-report.schema.json |
crop_descriptor.json |
One crop descriptor. | ethos-crop-descriptor.schema.json |
crop_descriptors.jsonl |
One crop descriptor per line. | Each line follows ethos-crop-descriptor.schema.json. |
document.md |
Derived Markdown projection. | Deterministic derived artifact; not schema-bound here. |
document.txt |
Derived plain-text projection. | Deterministic derived artifact; not schema-bound here. |
Producers MAY use different filenames when a command or application needs them. Consumers SHOULD
prefer schema identity, artifact_type, schema_version, and surrounding metadata over filename
alone when possible.
The document artifact is the primary native Ethos artifact. It contains:
schema_version;- parser identity;
- deterministic profile identity;
- source fingerprint and source-byte metadata;
- config and payload hashes;
- document fingerprint;
- payload: coordinate system, pages, elements, spans, tables, chunks, regions, warnings, and security signals;
- optional runtime diagnostics outside canonical equality.
The normative shape is
schemas/ethos-document.schema.json. Native Ethos document
artifacts use a top-left quantized coordinate system. The current page, span, element, table,
region, chunk, warning, finding, and check ID schemes are defined in
docs/determinism-contract.md.
chunks.jsonl contains one self-describing RAG chunk per line. Each chunk carries source and
document fingerprints, text, token estimate, page refs, element refs, bounding boxes, and warnings
where applicable.
The chunk text is a deterministic projection from referenced document elements. Consumers MUST
treat chunk citations as source references, not proof by themselves. To prove a downstream answer
or citation, pass citation claims to ethos verify or evidence refs to ethos evidence anchor.
citations.json is input to ethos verify --citations. It may be a bare non-empty array of claims
or an envelope carrying an optional document fingerprint plus a non-empty claim list.
Supported v1 claim kinds are:
quote;value;presence;table_cell;region;other.
Unsupported or insufficiently specified claims are report data, not permission to approximate. The verifier reports unsupported kinds, missing locators, missing required text, stale fingerprints, and capability-blocked checks explicitly.
verification_report.json is output from ethos verify. It records:
- grounding parser identity and capabilities;
- capability limits;
- fingerprint freshness;
all_evidence_grounded;- per-check status, reason, and match method;
- unsupported claim kinds;
- warnings.
Per-check statuses are currently:
grounded;not_found;mismatch;stale;unsupported_claim_kind;capability_blocked;error.
all_evidence_grounded is true only when supported checks are grounded, no unsupported claim kinds
remain, and the evidence is not stale. A grounded report means the requested evidence matched under
declared rules. It does not mean the full answer is semantically correct.
Consumers MAY derive a proof-status view from the report for UI, CLI summary, or API wrapper use. This derived view MUST NOT change the canonical verification report. The derived vocabulary is:
verified:all_evidence_groundedis true;partially_verified:all_evidence_groundedis false, but at least one check is reusable;unverified: no check is reusable.
A check is reusable only when checks[].status is grounded, checks[].semantic_unverified is
false, and fingerprint_stale is false. partially_verified therefore means "some check IDs are
reusable"; it does not certify the request as submitted. Derived proof limitations SHOULD surface
capability limits, stale fingerprints, unsupported claim kinds, non-grounded checks, and
semantic-unverified checks.
evidence_anchor_request.json is input to ethos evidence anchor. It contains an
artifact_type of ethos.evidence_anchor_request.v1, schema version 1.0.0, an optional source
fingerprint, and caller-provided evidence refs.
Supported v1 evidence kinds are:
page;text;text_region;table_cell;region;other.
Required anchor levels are:
page;text;bbox;text_bbox;table_cell.
Evidence-anchor requests use ethos_quantized_top_left_v1 for coordinate-profile identity and
ethos_collapse_whitespace_v1 for text-normalization identity where those fields apply.
evidence_anchor_report.json is output from ethos evidence anchor. It contains an
artifact_type of ethos.evidence_anchor_report.v1, schema version 1.0.0, grounding identity,
capabilities, and one anchor result per input evidence ref.
Anchor statuses are currently:
bound;mismatch;not_found;stale_fingerprint;capability_limited;unsupported_evidence_kind.
Evidence anchoring answers the narrow question "does this evidence ref bind to source evidence?" It does not answer "is this natural-language answer true?"
A crop descriptor identifies a source-bound page and bounding box with a deterministic crop_ref,
document fingerprint, check IDs where applicable, text hash, and rendering status.
rendering_status is either:
descriptor_only;rendered.
Rendered crop artifacts are PNG when present. Rendering requires caller-provided source PDF bytes and a configured PDFium runtime. Logical crop descriptors remain useful even when rendered PNGs are not available.
security_report.json records document-level findings and inventories such as hidden text,
annotations, actions, attachments, scripts, links, and related warnings when supported by the
current extractor.
Consumers SHOULD surface security warnings near chunks, citations, and verification results when they affect trust in source evidence.
document.md and document.txt are deterministic derived projections from the canonical document
graph and exporter configuration. They are useful for human review and retrieval workflows, but
they are not the primary evidence identity. Use the document artifact, chunks, citations,
verification reports, and evidence-anchor reports for source-grounding decisions.
Ethos identity is hash- and schema-driven.
All prefixed fingerprints use:
sha256:<64 lowercase hex>
Important fingerprints and hashes include:
| Name | Meaning |
|---|---|
source.fingerprint / source_fingerprint |
Hash of original source bytes when available. |
payload_sha256 |
Hash of the canonical stable payload projection. |
profile.sha256 |
Hash of the deterministic profile artifact. |
config_sha256 |
Hash of the effective config subset that changes stable output. |
fingerprint / document_fingerprint |
Document-level fingerprint used for freshness checks. |
verification_config_sha256 |
Hash of verification config semantics stamped into reports. |
Canonical JSON follows c14n v1 in docs/determinism-contract.md:
UTF-8, no insignificant whitespace, sorted object keys, integers only, stable string escaping, and
no duplicate keys. Runtime diagnostics are outside canonical equality.
Consumers that compare fingerprints SHOULD compare the hash fields rather than reimplement every producer pipeline. Producers that emit new canonical Ethos artifacts MUST use the repository c14n implementation or an implementation proven against the same vectors.
Native Ethos IDs are deterministic functions of canonical order. Current native forms include:
| Kind | Format |
|---|---|
| page | p%04d |
| span | s%06d |
| element | e%06d |
| table | t%04d |
| region | r%04d |
| chunk | c%06d |
| warning | w%04d |
| finding | f%04d |
| verification check | v%04d |
Foreign grounding sources MAY expose different source-native IDs. Their adapters MUST keep page identity, element identity, table-cell identity, coordinate origin, and capability limits explicit instead of silently pretending to be native Ethos output.
Ethos separates four layers that are often collapsed in RAG systems:
source bytes
↓
document or foreign parser artifact
↓
GroundingSource
↓
evidence anchor report or verification report
Retrieval citations, source refs, evidence refs, and verification outcomes are related, but they are not the same object.
A grounding source SHOULD:
- return deterministic pages, elements, spans, tables, and regions in stable order;
- use explicit parser identity;
- expose a source fingerprint when it can bind evidence to exact bytes;
- declare missing spans, character offsets, tables, fingerprints, coordinate origin, and crop support as capability limits;
- fail closed on malformed locators, negative coordinates, impossible page references, and out-of-page boxes;
- keep table-cell text projection distinct from Markdown table rendering.
ethos verify checks caller-provided citation claims against a grounding source. It MAY use exact
text, normalized text, containment, table-cell lookup, bounding-box containment, or presence-only
matching depending on claim kind and available capabilities.
Verifier consumers MUST inspect:
fingerprint_stale;all_evidence_grounded;- every
checks[].status; - every
checks[].reasonwhen present; capability_limits;unsupported_claim_kinds;warnings.
Consumers MUST NOT treat a citation string, retrieval chunk, LLM answer, or model-returned evidence
ID as proof until the evidence has been checked against a trusted grounding source.
Wrappers MAY use the derived proof summary exposed by VerificationReport::proof_summary() for
product wording and release policy, but the canonical VerificationReport remains the audit
artifact.
If a wrapper exposes an invalid_request status, it is a process or API envelope for malformed
input and MUST NOT be derived from a VerificationReport.
Application layers that also need to decide question relevance, synthesis policy, or final answer
release SHOULD apply docs/app-answer-release-contract.md above the Ethos grounding result.
ethos evidence anchor checks caller-provided evidence refs against a single source artifact. It
is useful when a downstream application already has evidence IDs or locators and needs to prove
that those refs are still bound to the source.
Evidence-anchor consumers MUST inspect each anchor independently. A non-bound anchor is report data. Request/schema/source-shape errors are tool usage errors.
CLI consumers MUST branch on the process exit code before interpreting standard error. Exit 2
is a deterministic, plain-text usage diagnostic with the shape error (usage): <message>. Coded
failures at exits 3 through 12 are canonical JSON with the shape
{"error":{"code":"<stable_code>","message":"<stable_message>"}}. Consumers MUST NOT attempt to
parse exit 2 as JSON or infer a coded error from message text. Exit-code or stderr-shape changes
are breaking CLI contract changes.
EEF artifacts link through explicit IDs and fingerprints rather than markdown-only links.
Common relationships include:
- chunk
element_refs→ document payload elements; - chunk
page_refs→ document payload pages; - citation claim locator → grounding source page, element, span, table, or region;
- verification check ID → crop descriptor
check_ids; - evidence ref ID → evidence anchor report anchor;
- crop descriptor
document_fingerprint→ document artifact fingerprint; - source and document fingerprints → source freshness checks.
Consumers SHOULD preserve unresolved refs as unresolved. They MUST NOT guess a page, element, table cell, or crop when a locator cannot be resolved.
Human-facing source-inspection UIs SHOULD show:
- the cited text or cell;
- page identity and page index;
- bounding box where available;
- source fingerprint freshness;
- parser identity and capability limits;
- warnings that may affect trust in the evidence.
An Evidence Bundle is conformant with EEF 0.2 if every included Ethos artifact satisfies the schema and artifact rules that apply to it.
At minimum:
- Every
.jsonEthos artifact with a schema inschemas/MUST validate against that schema. - Every
.jsonlEthos artifact MUST contain one valid JSON value per non-empty line, and each line MUST validate against the corresponding schema. - Every declared
artifact_typeandschema_versionMUST match the schema that governs the artifact. - Every prefixed fingerprint MUST use
sha256:<64 lowercase hex>. - Native Ethos document artifacts MUST keep runtime diagnostics outside canonical equality.
- Producers MUST NOT silently upgrade missing source capabilities into stronger evidence claims.
- Consumers MUST tolerate missing optional artifacts.
- Consumers MUST tolerate unknown additive fields only when the governing schema version permits
them. Current public schemas generally use
additionalProperties: false, so unknown fields are rejected unless a schema deliberately allows them. - Consumers MUST preserve non-grounded, non-bound, stale, unsupported, and capability-limited outcomes as explicit states.
- Consumers MUST NOT reinterpret evidence anchoring or citation verification as semantic answer verification.
Recommended validation command from a source checkout:
python3 schemas/validate_examples.pyFocused verification and evidence-anchor guard targets include:
make verify-alpha
make evidence-anchor-v1-contract PYTHON=python3Use the repository's current documented Python environment requirements when running those targets.
EEF 0.2 follows the repository's v0.2.x compatibility policy:
- verification report schema shape and field meanings are stable across compatible
0.2.xupdates; - evidence-anchor request and report schema shape and field meanings are stable across compatible
0.2.xupdates; GroundingSourceobligations and default verification-config semantics are stable across compatible0.2.xupdates;- CLI JSON input/output shape for
ethos verifyandethos evidence anchoris stable across compatible0.2.xupdates.
Compatible 0.2.x changes may add diagnostics, warnings, examples, tests, documentation
clarifications, and bug fixes that make invalid input fail closed.
Breaking changes require a contract-change PR, changelog entry, migration note, schema/example
updates, and public-claims review. Examples of breaking changes include removing or renaming public
fields, changing report meaning, changing default fingerprint behavior, changing
GroundingSource obligations, or reclassifying normal verification verdicts as tool failures.
EEF is intentionally close to established file-based exchange patterns:
- JSON Schema-governed build artifacts;
- JSONL retrieval chunk exports;
- markdown and text projections for human review and lightweight retrieval;
- provenance metadata stored next to source outputs;
- parser adapters that expose a common trait rather than forcing one parser schema.
EEF differs by making the trust boundary explicit. It treats document evidence as something that can be fingerprinted, cited, anchored, downgraded by capability, and verified deterministically.
Foreign parser outputs do not need to become native Ethos JSON to participate. They need an adapter
that exposes the evidence they can actually prove through GroundingSource.
minimal-native/
├── document.ethos.json
├── citations.json
└── verification_report.json
Verification command:
ethos verify document.ethos.json \
--citations citations.json \
--fail-on-ungrounded \
--out verification_report.jsonConsumer rule:
- Validate
document.ethos.json. - Validate
citations.json. - Validate
verification_report.json. - Treat the answer as evidence-grounded only if
all_evidence_groundedis true, every supported check isgrounded,fingerprint_staleis false, unsupported claim kinds are empty, and no capability limit invalidates the intended use. - If deriving partial output, assemble it only from reusable grounded checks; the original request remains uncertified until all required checks pass.
minimal-anchor/
├── document.ethos.json
├── evidence_anchor_request.json
└── evidence_anchor_report.json
Evidence-anchor command:
ethos evidence anchor document.ethos.json \
--evidence-refs evidence_anchor_request.json \
--out evidence_anchor_report.jsonConsumer rule:
- Validate the source artifact and evidence-anchor request.
- Validate
evidence_anchor_report.json. - Inspect every anchor.
boundmeans the requested evidence ref binds at the achieved anchor level.mismatch,not_found,stale_fingerprint,capability_limited, andunsupported_evidence_kindremain explicit non-bound outcomes.
foreign-parser-verification/
├── source.foreign.json
├── citations.json
└── verification_report.json
Verification command shape:
ethos verify source.foreign.json \
--grounding opendataloader-json \
--citations citations.json \
--out verification_report.jsonConsumer rule:
- Treat the foreign parser output as source evidence only through the selected grounding adapter.
- Inspect grounding parser identity and capability limits before trusting the result.
- Do not assume missing spans, missing tables, missing fingerprints, unknown coordinate origin, or missing crop support are harmless. They are part of the evidence verdict.