# Score proofs and replay

Purpose
- Provide deterministic score proofs with replayable inputs and attestations.

When to replay
- Determinism audits and compliance checks.
- Dispute resolution or vendor verification.
- Regression investigation after feed or policy changes.

Replay operations
- Trigger replay via CLI or API with scan or job id.
- Support batch replay with concurrency limits.
- Nightly replay jobs validate determinism at scale.

Verification
- Online verification uses DSSE and Rekor proofs.
- Offline verification uses embedded proofs and local trust bundles.
- Verification checks include bundle hash, signature, and input digests.

Bundle contents
- Manifest with inputs and hashes.
- SBOM, advisories, VEX snapshots.
- Deterministic scoring outputs and explain traces.
- DSSE bundle and transparency proof.

Retention and export
- Retain bundles per policy; export for audit with manifests.
- Store in Evidence Locker and Offline Kits.

Monitoring metrics
- score_replay_duration_seconds
- proof_verification_success_rate
- proof_bundle_size_bytes
- replay_queue_depth
- proof_generation_failures

Alerting cues
- Replay latency p95 > 30s.
- Verification failures or queue backlog spikes.

Related references
- operations/proof-verification.md
- operations/replay-and-determinism.md
- docs/operations/score-proofs-runbook.md
- docs/operations/score-replay-runbook.md