LOCAL RECEIPT + ARTIFACT INTEGRITY
Receipt Verifier
Recompute the receipt core, compare exact artifact bytes and export a reviewable verification record—without uploading the evidence packet.
Public protocol utility · locally reviewed · 2026-07-13
Verify bytes, not promises
PUBLIC METHOD
Deterministic verification with a bounded claim
Canonical core
The verifier removes only receipt_core_sha256, deterministically sorts object keys and hashes the resulting UTF-8 JSON bytes with Web Crypto SHA-256.
Local artifacts
Selected files are read as local Blob bytes. Nothing is uploaded; normal static page asset requests may still occur.
Worked sample
The sample is explicitly synthetic and includes one generated local artifact so PASS can be independently reproduced.
Sources
VERIFY A REAL RELEASE
Download the CLI and CI bytes with their own Receipt v1
FastTool Evidence v0.1.0 is distributed directly as immutable versioned archives. Compare the SHA-256 list, then load the release receipt and downloaded artifacts above to recompute their exact byte identities.
Byte integrity is verifiable; security, authorship, deployment, ownership and legal admissibility are not certified.
REPEATABLE WORKFLOWS
Create an evidence packet, then verify the bytes
The verifier does not decide whether a claim is true. It proves whether the supplied receipt core and artifact bytes still match the packet produced by a FastTool workflow.