Appendix E — Verification cookbook

Status: placeholder. Ships in v1.0.0.

For each pattern in Tiers 1–3, a one-liner that confirms it’s in place — gh api, grep, jq, or a single CLI invocation. Useful for reviewers, useful for CI in downstream consumer projects, useful for periodic self-audit.

Also covers the artifacts each pattern produces (SARIF files, provenance bundles, SBOM JSON) and how to interpret them.