Custody report

Operation Ledger — procurement irregularities

A signed, self-contained record of every item in this case — each receipt, the full append-only custody trail, and any redactions (with the original hash preserved). It verifies offline with just the public key below.

← Back to case
Offline verification result
report-verification.log
$ verify-report --offline
document signature: VALID ✓
receipt cmr1exj7…: VALID ✓
receipt cmr1exj7…: VALID ✓
receipt cmr1exj7…: VALID ✓
redacted cmr1exj7… original hash intact: YES ✓
overall: REPORT VERIFIES ✓
Preview report JSON
custody-report-operation-ledger-procurement-irregularities.json
{
  "version": "chain-of-custody-report:v1",
  "case": {
    "id": "cmr1exj6s00008x7p2vxj5xfv",
    "title": "Operation Ledger — procurement irregularities",
    "status": "open"
  },
  "generatedAt": "2026-07-01T22:53:29.484Z",
  "publicKey": "06e4b20eb506273408c360bd2e169ef3d113927187300ef3d88944698a64d409",
  "evidence": [
    {
      "id": "cmr1exj7n00028x7pacvpig2m",
      "filename": "memo-leaked-budget.pdf",
      "sha256": "92c4f60ec3ef28ecc5566db15e9ff89f81f0a7f973c8a89f02e43726d4f29e62",
      "originalSha256": "92c4f60ec3ef28ecc5566db15e9ff89f81f0a7f973c8a89f02e43726d4f29e62",
      "sizeBytes": 184320,
      "source": "confidential source A",
      "capturedAt": "2026-06-30T22:44:38.501Z",
      "receipt": {
        "sha256": "92c4f60ec3ef28ecc5566db15e9ff89f81f0a7f973c8a89f02e43726d4f29e62",
        "capturedAt": "2026-06-30T22:44:38.501Z",
        "signature": "90e1a50a97a52f27b8d58732b5ff81f71817079350378452d75771f987f830b6b10583aaea64a1779425acb31756a2cf26cc4e1314fde92cb1c85ba9b1e2ab0b",
        "publicKey": "06e4b20eb506273408c360bd2e169ef3d113927187300ef3d88944698a64d409"
      },
      "custodyEvents": [
        {
          "actor": "reporter",
          "action": "add",
          "at": "2026-06-30T22:44:38.501Z"
        },
        {
          "actor": "editor",
          "action": "view",
          "at": "2026-06-30T23:14:38.501Z"
        },
        {
          "actor": "reporter",
          "action": "redact",
          "at": "2026-06-30T23:44:38.501Z"
        }
      ],
      "redactions": [
        {
          "region": {
            "reason": "masked source name and direct phone on page 2",
            "kind": "metadata"
          },
          "appliedAt": "2026-06-30T23:44:38.501Z"
        }
      ]
    },
    {
      "id": "cmr1exj7t000a8x7pusjvf6u0",
      "filename": "site-photo-0431.jpg",
      "sha256": "977ac703dd14eeb6be3456063cb3fdc5b8d1a5d5ba2e9b069e4c2c8ecd4653e2",
      "originalSha256": "977ac703dd14eeb6be3456063cb3fdc5b8d1a5d5ba2e9b069e4c2c8ecd4653e2",
      "sizeBytes": 2457600,
      "source": "field photographer (codename Osprey)",
      "capturedAt": "2026-06-30T23:44:38.535Z",
      "receipt": {
        "sha256": "977ac703dd14eeb6be3456063cb3fdc5b8d1a5d5ba2e9b069e4c2c8ecd4653e2",
        "capturedAt": "2026-06-30T23:44:38.535Z",
        "signature": "374078ce529c7e91781c755d7dd0d4c23caf202b643fdbd52acde4bdd5102d4b91e5f10653803a391d07f45ac91e2e47e20c404ca8b60d6b85f1bc572c073004",
        "publicKey": "06e4b20eb506273408c360bd2e169ef3d113927187300ef3d88944698a64d409"
      },
      "custodyEvents": [
        {
          "actor": "reporter",
          "action": "add",
          "at": "2026-06-30T23:44:38.535Z"
        },
        {
          "actor": "editor",
          "action": "view",
          "at": "2026-07-01T00:14:38.535Z"
        }
      ],
      "redactions": []
    },
    {
      "id": "cmr1exj7x000e8x7ps2d60utq",
      "filename": "interview-recording.m4a",
      "sha256": "37170de8ea1c952f09db7faeacc06248d2426b977ef4ff7471b3f4fea1975f3c",
      "originalSha256": "37170de8ea1c952f09db7faeacc06248d2426b977ef4ff7471b3f4fea1975f3c",
      "sizeBytes": 11010048,
      "source": "whistleblower (sealed)",
      "capturedAt": "2026-07-01T00:44:38.538Z",
      "receipt": {
        "sha256": "37170de8ea1c952f09db7faeacc06248d2426b977ef4ff7471b3f4fea1975f3c",
        "capturedAt": "2026-07-01T00:44:38.538Z",
        "signature": "acf3b57981d9597e8bd0694b796c58335dbe020e5ee19d6e6f0173eed769842bdc6f7538a013bfafb13e52ef1b7798674d76d4126af4a645667841381bb7b707",
        "publicKey": "06e4b20eb506273408c360bd2e169ef3d113927187300ef3d88944698a64d409"
      },
      "custodyEvents": [
        {
          "actor": "reporter",
          "action": "add",
          "at": "2026-07-01T00:44:38.538Z"
        },
        {
          "actor": "editor",
          "action": "view",
          "at": "2026-07-01T01:14:38.538Z"
        }
      ],
      "redactions": []
    }
  ],
  "signature": "eff0dd55531018a83866c555930eedb9e7e3299d5742a439c30e2085dc205ca57a933a21e529e16bc0eb0f7ad8baf2f784c5ba007c0d80bf52d66a69cddce700"
}

How a third party verifies this — no app, no server

  1. Take the downloaded custody-report-*.json and remove the top-level signature field.
  2. Canonicalize the remaining body (sort all keys recursively, compact JSON) — that is the exact message that was signed.
  3. Verify the Ed25519 signature against that message using the embedded publicKey. Each evidence receipt verifies the same way over chain-of-custody:v1:<sha256>:<capturedAt>.
  4. A ready-made offline checker ships at scripts/verify-report.mjs (Node + @noble, no network).

public_key: 06e4b20eb506273408c360bd2e169ef3d113927187300ef3d88944698a64d409

Ask AI

AI can be wrong. Not medical, legal, or financial advice.