AXR/Verify/Runs in your browser

Drop in a log. Verify it yourself.

AXR's promise is that anyone can verify a log offline, from nothing but a public key. So here it is: drag in your own AXR receipts and keys, and this page re-checks every signature, recomputes the Merkle root against the signed tree head, and verifies the witness cosignatures — entirely in your browser. Nothing is uploaded; close the tab and it's gone.

Drop your AXR files here — or click to choose

receipts.jsonl + the public key (.pem) are required; sth.jsonl and control.jsonl add the tree-head, Merkle and witness checks.

— loads AXR's own signed dev-log and verifies it right here. Nothing of yours needed.

receipts.jsonl
waiting
public key (.pem)
waiting
sth.jsonl optional
control.jsonl optional · witnesses

Waiting for files. Everything runs locally — this page makes no network request with your data.

Status
No log yet
Receipts
Receipt signatures
Merkle root (recomputed)
Tree-head signature
Witness cosignatures

What this checks — and what it does not.

  • Checks Every receipt's Ed25519 signature against the public key you supply; the tree-head (STH) signature; the RFC 6962 Merkle root recomputed from your receipts, compared to the root the STH commits to; and each witness cosignature over the canonical STH, in order, against the threshold in your control file. All offline, in this tab.
  • Does not Fetch external timestamp anchors. Whether the STH was committed to an append-only backend (OpenTimestamps/Bitcoin, Rekor, RFC 3161) is what turns "tamper-evident" into "tamper-detectable" — that inclusion proof needs the network and the backend, so it lives in the CLI verifier, not here.
  • Does not Prove that any receipt was true when written. AXR is an integrity layer, not an oracle: it proves the record is unaltered since signing, not that the claim it records was correct.
  • Private Your files are read with the browser's local File API and never sent anywhere. This site ships zero analytics and zero third-party scripts; the verifier is the same bundled code that runs the dev-log page.

Don't have a log handy? Verify the real one, or run the CLI:

# the in-browser verifier, pre-loaded with AXR's own signed dev-log
open https://chrisconen.dev/axr/devlog/

# or, for the full check including external anchor inclusion proofs:
node axr-verify.js receipts.jsonl public-key.pem sth.jsonl anchors.jsonl \
  --control control.jsonl --require-witnesses