Vault Integrity Validator

Kerekes Handshake — Evidence Anchoring Framework

Enter a domain (e.g. jeffreykerekes.com — nothing more) that implements the Kerekes Handshake framework.
File Status Expected Hash Verified Hash

Claims Registry

How to read these results
✓ PASS The file on the server is exactly what was signed. Think of it as a tamper seal — PASS means the seal is unbroken. The file has not been altered since the vault owner signed the manifest.
✗ FAIL The file does not match the signed record. Either the file was changed after signing, or the manifest is out of date. This is a flag worth noting — ask the vault owner to re-sign.
⚠ CORS The file exists but your browser was blocked from reading it due to a cross-origin policy. This is a configuration issue on the server, not evidence of tampering. The file could not be verified.
✗ FETCH ERR The file could not be retrieved at all — it may have been moved, deleted, or the server is unreachable. A missing evidence file is itself a gap in the vault.
Verification Strength Scores (1–10)
1–2Self-authored document only — no independent corroboration.
3–4Third-party authored (e.g. press article), but no live verification link.
5–6Third-party source with an external link to the original.
7–8Government record — permit, inspection report, FOI ruling.
9Live government endpoint — license board lookup, congressional record.
10Live QR-verified vital record (e.g. Italy-style embedded issuer verification).

Scores are self-declared by the vault owner and independently assessed by an AI auditor. A large gap between the two scores is itself worth investigating. Higher scores mean independent records exist to cross-check the claim against — lower scores mean the claim rests primarily on the owner's own documentation.

What this validator checks: It fetches the PGP-signed manifest (site_manifest.json.asc), extracts the expected SHA-256 hashes, then fetches each listed file and re-computes its hash in your browser. Green = file matches the signed manifest. Red = mismatch or fetch failure.

Note on directory listings: evidence/index.html and archive/index.html are auto-generated by the server and excluded from the manifest by design — their content changes on each deploy. A FAIL result on these files in older manifest versions is expected and harmless.

What this validator does not check: Whether the underlying documents are authentic. A PGP signature proves who signed the manifest and that files have not changed since signing — not that the original files are genuine. Self-certification is self-lying; this tool verifies integrity, not authenticity. See LEGAL.md for the full legal posture analysis.