# Verify your AuditSpine sealed delivery — 60-second QuickStart `CLASSIFICATION: CUI // INTERNAL` You received a **sealed delivery** from AuditSpine — a single `bundle.json` file. The point of this bundle is that **you do not have to trust us**. You can verify, on your own machine, with no network and no install, that: 1. The bundle's *container* has not been altered. 2. The cryptographic chain of seals inside it is internally consistent. 3. Every payload we embedded re-derives the exact hash we recorded. If any of those fail, the verifier prints **RED** and tells you exactly which check failed. Otherwise it prints **GREEN** — and the act of running it yourself is the evidence, not our word. --- ## What you need - Any machine with **Python 3.10 or newer** (`python --version` to check). Windows, macOS, Linux — all fine. No `pip install`, no internet. - Two files (both linked from the download page that pointed you here): - **`auditspine_verify_standalone.py`** — the verifier (a single ~250-line Python script you can read in one sitting). - **`bundle.json`** — your sealed delivery. Put them in the same folder. --- ## Run it ``` python auditspine_verify_standalone.py bundle.json ``` That's it. You'll see one of two things: ### GREEN — the bundle verifies ``` ======================================================================== AuditSpine -- offline verifier (STANDALONE) ======================================================================== Bundle: bundle.json Version: auditspine-bundle/0.1.0 Algorithm: sha256 Created: 2026-... Exporter: auditspine/0.1.0 Seals: N Payloads: N embedded [OK] bundle_hash + version re-derived [OK] chain N/N seals re-verified [OK] payloads N/N re-derived from embedded bytes ------------------------------------------------------------------------ RESULT: GREEN -- bundle verifies. The substrate did NOT vouch for this; you re-derived it yourself. ======================================================================== ``` The script exits with status `0`. **You're done — the delivery is intact and as claimed.** ### RED — the bundle has at least one problem ``` RESULT: RED -- 3 error(s): - bundle_hash mismatch (expected ..., got ...) - seal 2: seal_hash mismatch (...) - seal 3: previous_seal_hash mismatch (...) ``` The script exits with status `1`. **Do not accept the delivery.** Copy the full RED output (it names the exact errors) and contact your AuditSpine point of contact. --- ## What each check proves | Check | What it proves | |---|---| | `bundle_hash + version` | The container itself was not tampered with — no row added, removed, or altered after we sealed it. | | `chain` | The hash chain across all sealed events is internally consistent: each seal cryptographically references its predecessor; nothing in the middle has been replaced. | | `payloads` | The actual sealed *bytes* (embedded inside the bundle) match the hashes we recorded — what we claim was sealed is what is sealed. | If all three are **OK**, you have the same answer you'd get if you had been present at every sealed event. That is the AuditSpine claim. --- ## Tooling-friendly mode For scripts and CI: ``` python auditspine_verify_standalone.py bundle.json --json ``` prints a parseable JSON verdict (`{"ok": true|false, "errors": [...], ...}`) — same answer, machine-readable. `--quiet` suppresses output and only sets the exit code. --- ## Why a single Python file? Because *we* should not be in the trust path of the verification. The strongest possible expression of "verify it yourself" is a script you can read end-to-end before you run it. The file imports only the Python standard library (`hashlib`, `json`, `base64`, `argparse`, `sys`, `pathlib`). No package install, no network call, no hidden code path. If you do not trust us to ship a correct verifier, you can re-implement these few hundred lines yourself — the bundle format and seal-hash formula are documented in the file's comments and in the AuditSpine specification. --- ## Troubleshooting - **`python: command not found`** — install Python from python.org (3.10 or newer). On Windows, make sure "Add to PATH" is checked. - **`verify: bundle not found`** — the verifier prints the path it tried. Check the filename matches and you're running from the same folder. - **`verify: could not read bundle`** — the bundle file is corrupt or not JSON. Re-download it from the portal. - **You see RED unexpectedly** — keep the file as-is and contact your AuditSpine point of contact with the full output. Do not modify the bundle. --- `CLASSIFICATION: CUI // INTERNAL` *v0.1.0 — Story 7.31.5.1.1. Copyright (c) 2026 AuditSpine LLC / Viride LLC. All rights reserved.*