Verify a Defensible Record

Drop an IR-OS Defensible Record bundle (a .json file) below. Your browser will independently recompute the SHA-256 hash chain and confirm the record has not been altered. Nothing is uploaded. No account required.

Drop a Defensible Record JSON file here or click to choose a file · schema: ir-os.defensible-record/v1

How verification works

Every event in an IR-OS incident is recorded in an append-only ledger. Each event's hash is computed from SHA-256(prev_hash | event_id | event_type | actor_id | payload | created_at), producing a chain where altering any past event breaks every hash that follows.

This page recomputes every hash in your browser using the WebCrypto SubtleCrypto.digest API and compares against the values in the bundle. A valid chain means the record has not been tampered with since IR-OS exported it.

On top of chain integrity, IR-OS signs an Ed25519 manifest binding the chain head, incident id, export time, and event count. The verifier checks the signature against the canonical IR-OS public key (key id ir-os-2026-04-key-1, also published at /.well-known/ir-os-signing-key.pub.json). A valid signature means the bundle was issued by IR-OS and is non-forgeable.