Evidence Pack.

What it is

An Evidence Pack is the output Hoist returns after running one or more Australian source checks on your behalf. It is a structured, agent-readable bundle that contains everything needed to cite the result, explain the risk, and decide on a next action.

Your AI agent asks a question. Hoist checks the sources. Hoist returns an Evidence Pack. That is the full loop.

The Evidence Pack is the primary product object in Hoist. Every search, every verification, every register query produces one. It is not a raw API response. It is not a receipt in the payment sense. It is the answer, packaged for agent consumption.

Hoist is in S1 validation. Evidence Packs returned today are backed by in-browser sandbox fixtures. Real AFSA/PPSR and ABR traffic land at S2-gate. See /trust/afsa-b2g/ for the current AFSA access posture.

What is inside an Evidence Pack

Every Evidence Pack contains:

• Verdict. A concise statement of what the source checks found. Pass, flag, or indeterminate. Not a legal opinion.
• Source checks. One entry per register or data source queried. Each entry names the source, records whether the query succeeded, and states what the source returned.
• Timestamps. When the query ran. When the source responded. ISO 8601, UTC.
• Certificate metadata. Where a search produced an official source certificate (for example, an AFSA PPSR search certificate), the metadata records the certificate identifier, issue date, and hash. The certificate itself is the official source artefact; Hoist stores the metadata, not a copy of the certificate.
• Risk flags. Machine-readable flags raised by the source check. Examples: encumbrance found, ABN inactive, GST not registered, registration cancelled. Risk flags are drawn from source data. They are not model inferences.
• Confidence. A score that reflects source availability and response quality, not prediction accuracy. If a source was unavailable or returned a partial result, confidence reflects that.
• Human review items. Items that require a human to decide before acting. For example: "Registered security interest found. Confirm discharge before settlement." Hoist surfaces these; it does not resolve them.
• Due Diligence Record. Where a search produced a PDF, the Due Diligence Record is included inside the Evidence Pack. See the section below on how the Due Diligence Record differs from an AFSA certificate.

How agents use it

The Evidence Pack is designed to be cited directly by an AI agent. Your agent receives the Evidence Pack as a structured response. It can read the verdict, quote the risk flags, surface human review items to the user, and record the timestamp for audit purposes.

Common agent patterns:

• Check the verdict and risk flags before presenting a recommendation to a user.
• Surface human review items as action items before proceeding to the next step in a workflow.
• Store the Evidence Pack alongside a deal or loan file for later retrieval.
• Include the certificate metadata in a compliance note.
• Pass the Due Diligence Record to a document management system.

The Evidence Pack shape is stable across source types. Whether your agent ran a PPSR search, an ABN lookup, or a combined counterparty check, the outer shape is the same. Only the contents of source_checks and risk_flags vary by search type.

Try the fixture Evidence Pack in the sandbox. The sandbox returns deterministic fixture responses with no signup required.

How it differs from a receipt

A receipt in the accounting or payment sense confirms a transaction occurred and records the cost. An Evidence Pack is not that.

An Evidence Pack is the answer to a question about a business, asset, or counterparty. It contains source data, risk flags, and a recommended next action. It may include a Due Diligence Record PDF. It does not record a payment transaction.

The word "receipt" sometimes appears in casual conversation about Hoist ("show me the receipt for that search"). That usage is fine as conversation. It is not the product term. The product term is Evidence Pack.

Hoist provides source-backed evidence. It does not guarantee that a transaction is safe, legal, compliant, or financeable. Paid searches require confirmation. Bank account ownership is not verified unless a supported source says so.

How it differs from an AFSA certificate

An AFSA certificate (also called a search certificate) is the official PDF issued by the Australian Financial Security Authority when you run a PPSR search. It is a legal document. AFSA issues it. AFSA holds the authority over its content.

Hoist does not alter or reissue AFSA certificates. The Evidence Pack wraps the search result and records metadata about the certificate (identifier, issue date, hash). The certificate itself is the official source artefact. If you need to cite the official record in a legal or compliance context, cite the AFSA certificate, not the Evidence Pack.

The Due Diligence Record inside the Evidence Pack is Hoist's own PDF. It documents what Hoist found when the search ran: which source was queried, at what timestamp, what the certificate hash was. It is not the AFSA certificate. Do not call it the certificate.

See /trust/afsa-b2g/ for the current status of Hoist's AFSA B2G access application and what that means for live PPSR searches.

What Hoist does not infer

Hoist checks sources and reports what they say. It does not infer, predict, or guarantee.

Specifically, Hoist does not:

• Infer that a business is safe to transact with because the ABN check passed.
• Infer that an asset is free of encumbrances unless the PPSR search explicitly shows no registrations at the time of the search.
• Confirm that a counterparty's bank account belongs to the entity named unless a supported source says so.
• Infer legal compliance from source data.
• Predict future insolvency, default, or fraud risk.
• Guarantee the accuracy of AFSA register data. AFSA is the source; Hoist reports what AFSA returned.

The risk flags in an Evidence Pack are drawn from source data. They are not model predictions. The verdict reflects what the sources say, not what the sources imply. Your agent should surface human review items to the user before acting on a result. Hoist tells your agent what the sources say. It does not turn a risky transaction into a safe one.