Public verification

Verifiable in your browser. Bundle bytes never leave your device.

Drag a bundle here. Watch the checks execute. Bundle bytes never leave your device. The verifier is the same code path as the native Go CLI, compiled to WebAssembly from the open-source source tree at github.com/nuwyre/cli.

Drop a bundle here

.zip · up to 50 MB

Or click to choose a file. Verification runs in your browser — bundle bytes never leave your device.

How this works

Seven independent integrity checks. Each check is documented in the public spec; each check produces a per-check verdict; the bundle verifies as pass when every check passes (or every warn maps to a V1 opt-in flag and the operator has set it). A future v1.x will close the surplus-TSA gap; today, a 3-of-3 TSA-verified bundle reports partial_verification per spec §14.4 — the bundle's integrity is verified, but the verifier does not yet fold the extra-confirmation warn into pass.

  1. 01

    Manifest signature

    The bundle's manifest is Ed25519-signed; the verifier confirms the signature against a pinned issuer key.

  2. 02

    Artifact integrity

    Every file declared in the manifest is present and its SHA-256 matches; no missing or modified bytes.

  3. 03

    Hash chain reconstruction

    Events form a tamper-evident chain; the verifier recomputes each link from the canonical pre-image bytes.

  4. 04

    Merkle proof verification

    Each event has a Merkle proof to the daily root; the verifier walks every proof and confirms the root.

  5. 05

    OpenTimestamps Bitcoin anchor

    The daily root was timestamped to Bitcoin via OpenTimestamps; the verifier confirms the Bitcoin-chain proof (confirmed receipts) or the calendar attestations (pending receipts awaiting block confirmation).

  6. 06

    RFC 3161 timestamp anchor

    Three RFC 3161 TSAs independently timestamped the root; the verifier validates ≥2-of-3 tokens against pinned cert chains.

  7. 07

    GitHub anchor cross-check

    The daily root was published to a public GitHub repo; the verifier confirms the anchor commit exists and matches.

Methodology →Bundle format spec →Verifier source →

Why a web verifier

The WASM binary is compiled from the same Go source as the native CLI — open source at github.com/NuWyre/cli. A third party who wants to confirm the verifier hasn't been tampered with can clone the repository, rebuild from source, and re-run the conformance suite to confirm identical verdicts.

The conformance fixture suite at docs/spec/fixtures/bundle-format-v1/ validates the reference Go verifier across 27 fixtures — 14 v1 (10 customer-export + 4 audit-log-export) plus 13 v2 dual-signature (1 valid + 5 signature-tampered + 5 structural-tampered + 2 audit-log) — one valid plus a set of tampered variants per category. The test TestConformanceFixtures runs the verifier against every fixture and asserts the output matches the committed results.json shape; any divergence fails CI. Cross-language byte equivalence with the TypeScript reference writer is additionally pinned at the primitive layer via KAT vectors at apps/cli/internal/checks/testdata/v2_dual_sig_kats_v1.json.

Drop a bundle here today and you're running the same verifier code path the conformance suite validates — only now the bundle bytes never leave your browser.

The Go source, the conformance fixture suite, and the native CLI are open source at github.com/NuWyre/cli — clone it, rebuild, and re-run the 27 fixtures to confirm this verifier behaves identically.

For scripted workflows

Prefer the CLI for offline verification or scripted CI integration

The native binary runs the same checks without a browser — for verifying on a sealed forensic workstation or wiring verification into a CI pipeline. The CLI is open source: install it with go install, or download a cosign-signed release binary (with SLSA provenance). The in-browser verifier above runs the same checks with no install.

Install

go install github.com/nuwyre/cli/cmd/nuwyre@latest

Or grab a signed release binary from github.com/NuWyre/cli/releases and verify its cosign signature + SLSA provenance.

Private Beta

Records you can defend.

NuWyre is in private beta with methodology reviewers from healthcare and financial services. If your AI agents are talking to your customers, we'd like to talk to you.

Request a quoteRead the methodology