AUDIT-FIRST · FAIL-CLOSED

External Verification Procedure

Any third party can verify an HBCE Evidence Pack without trusting the issuer. Deterministic canonicalization, SHA-512 pack root, ECDSA signature and append-only ledger.

Audit Flow

1 · Generate Pack

Use the Kernel to emit events and export an Evidence Pack v2 JSON.

Open Kernel →

2 · Verify Pack

Use the independent verifier to recompute hash, verify signature and ledger integrity. Result must be PASS or FAIL.

Open Verifier →

3 · Tamper Test

Modify one character inside the JSON file and verify again. System must return FAIL (fail-closed).

What Gets Verified

Canonical pack_root_hash (SHA-512)
ECDSA P-256 signature validity
Append-only ledger chain integrity
Per-record hash and signature integrity

Policy: UE_FIRST · AUDIT_FIRST · HASH_ONLY · APPEND_ONLY · FAIL_CLOSED