Verify our claims

Do not take our word for it.
Check it yourself.

We say AskQP seals every meaningful action into a tamper-evident record. Here is how you confirm that without trusting us, without an account, and without an AskQP install.

This sample carries illustrative records, never a customer's. The format, the seal, and the checker inside it are exactly what a real install produces.

What you are downloading

One file. Everything needed to check it.

A sealed evidence bundle is a single archive holding the records, the fingerprints that bind them, and the program that tests both. Nothing in it phones home.

The records

A stretch of AskQP's audit records, one per line, exactly as they were sealed. Each carries its own fingerprint.

The fingerprints

Every record carries the fingerprint of the record before it. Together they form a chain that cannot be edited quietly.

The checker

A small program that recomputes every fingerprint and walks the chain. It runs on your machine, not ours.

The honesty guarantee

A broken chain cannot be hidden.

Change one character in one record and that record's fingerprint changes. Every link after it stops matching. The checker walks the chain in order and names the exact record where the break happened.

AskQP will not paper over a break. If the chain is damaged, it refuses to build a bundle at all rather than hand you a clean-looking one. A bundle that exists is a bundle that held.

  • Sealed when it happensThe record is written as the action runs, not reconstructed afterward from a log.
  • Bound to its neighborsEach record commits to the one before it, so records cannot be reordered, dropped, or slipped in.
  • Checkable by anyoneYou never call our servers to confirm our claims. The checker ships inside the bundle.
  • Refuses to lieThe checker reports only what it actually tested, and fails loudly when something does not add up.

Three steps

Download. Run it. Read the answer.

Nothing to sign up for. Anything that runs Python can check our work. Most Linux machines already have it. On a Mac or a Windows box, install Python once and run the same line.

  1. 1

    Download the bundle and unzip it

    You get a folder with four files in it. Nothing else is needed.

  2. 2

    Run the checker that came inside it

    Open a terminal in that folder and run one line. The checker uses only what ships with Python itself, so there is no package to add for the fingerprint and chain proof. One optional library, which it names for you, unlocks the signature check on top of that. It makes no network calls either way, so it works on a machine with the network cable pulled out.

    your terminal
    $ unzip askqp-evidence-sample.zip
    $ python3 verify.py
  3. 3

    Read the result

    It prints a line per check and finishes with PASS or FAIL. Below is what the checker in this bundle actually prints on a machine that has never seen AskQP, with nothing installed. Only the long key is shortened, for reading.

    result
    askqp evidence bundle verifier
    format: askqp-evidence/1
    range: sequence 0..4 (5 capsules)
    [ok] capsules.jsonl digest matches the manifest
    [ok] 5 capsules: content hashes recomputed, chain linkage intact
    [ok] manifest chain_head_hash matches the last capsule
    [skip] Ed25519 signatures NOT verified (PyNaCl absent).
           Install it to verify: pip install pynacl
           manifest signer public key: fac54596fbf5d468...
    PASS (hash + chain verified; signatures unchecked)

    Look closely at that skip line. The checker had no way to test the signatures, so it says so, and it narrows its own PASS to the things it did test. Fingerprints and chain order are proven with nothing but Python itself. Add the one optional library it names and the same command verifies the signatures too. A checker that claimed more than it tested would be worth nothing.

Inside the archive

Four files. No black boxes.

capsules.jsonl

The records themselves, one per line, in order. Each carries its own fingerprint and signature.

manifest.json

What range this covers, a fingerprint of the records file, and a signature over the whole description.

verify.py

The checker. Reads the two files above and tests them against each other.

README.txt

Plain text: how to run it, and precisely what a PASS does and does not prove.

The manifest, as shipped

An excerpt from the sample bundle's manifest.json. The long values are trimmed here for reading; the full file is in the download. These records are illustrative, not a customer's.

manifest.json (excerpt)
{
  "format": "askqp-evidence/1",
  "created_at": "2026-07-02T15:04:11+00:00",
  "capsule_range": {
    "from_sequence": 0,
    "to_sequence": 4,
    "count": 5
  },
  "chain_head_hash": "cdfa5a2fc5696cfa33e9fbc496ebe811...",
  "files": {
    "capsules.jsonl": "e3784d316305949e9af40ae15247d230..."
  },
  "metrics": {
    "decisions_total": 5,
    "by_outcome": { "allow": 4, "ask": 1 },
    "gate_rate": 0.2,
    "by_guard": { "policy_guard": 5, "human_approval": 1 }
  },
  "signature": {
    "algorithm": "Ed25519",
    "public_key_hex": "fac54596fbf5d4687215f4285713c5bd...",
    "sig_hex": "c995077db509dbf093d4cab7550e01e8..."
  }
}

Reading the result honestly

What a PASS proves. And what it does not.

A proof that overstates itself is not a proof. Here is the honest boundary, the same one the checker prints for itself.

A PASS proves

  • The records file is byte for byte the one the manifest describes.
  • Every record still matches its own fingerprint, so no content was edited.
  • The records form an unbroken chain, in order, with nothing removed or inserted.
  • The last record in the chain is the one the signed manifest says it should be.

A PASS does not prove

  • It does not check the signatures unless you add the one optional library the README names.
  • It does not check the post-quantum signature material. It reports that the material is there and says it did not test it.
  • It does not tell you the records describe work you approve of. It tells you they have not been altered since they were sealed.

Try to break it

Change one character. Watch it fail.

This is the part we most want you to do. Open capsules.jsonl in any text editor, alter a single character of any record, save, and run the checker again.

It refuses the bundle, names what went wrong, and exits with an error code so a script can act on it. A record that could be edited without detection would not be evidence.

after tampering
$ python3 verify.py
askqp evidence bundle verifier
format: askqp-evidence/1
range: sequence 0..4 (5 capsules)
FAIL: capsules.jsonl digest mismatch (manifest e3784d31..., actual 5de50c03...)

$ echo $?
1

As with the passing run above, only the long hashes are shortened here. The checker prints them in full, on that one line.

Evidence that proves itself.

Every AskQP install can produce a bundle like this one over its own records. Your auditor checks it on their own machine, offline, without asking us for anything.