# Sample Audit Bundle

Static artifacts published from `/for-banks` so a bank's vendor-intake team
can inspect the exact shape of a signed Audit Bundle before scheduling a
sales call. Regenerate with:

```
cargo run -p ledger --example sample_audit_bundle -- marketing/public/samples
```

## Files

- `sample-audit-bundle.json` — canonical bundle (payload + SHA-256 + Ed25519 signature).
- `sample-audit-bundle.pdf` — the same bundle rendered for an LC document packet.
- `sample-jwks.json` — JWKS containing **only the sample public key** scoped to
  verifying this file. Production bundles are signed by a different key served
  at `https://getsovereignledger.com/.well-known/jwks.json` and will not verify
  against this JWKS.

## Verify the signature

1. Parse `sample-audit-bundle.json`.
2. Serialize the `payload` field back to canonical JSON bytes (sorted keys,
   no whitespace — the object is declared in alphabetical field order so a
   `serde_json::Value` round-trip produces byte-identical output).
3. SHA-256 those bytes; hex must equal `payload_sha256_hex`.
4. Decode `signature_hex` and verify the Ed25519 signature over the SHA-256
   bytes with the public key in `sample-jwks.json` (keys[0].x, base64url).