# Verified Reality Auditor — desktop verification console for Truth Packets

> The Verified Reality Auditor is a desktop application that opens a Truth Packet, cryptographically proves every sealed file still matches the session certificate, validates the manifest chain, checks C2PA, and cross-checks encrypted Arweave kits against the immutable permaweb — no web app or Supabase database required. It also verifies audit PDFs, reads embedded EXIF from single sealed media files, and turns evidence into a pillar-by-pillar integrity verdict independent of Verified Reality the company.

## Key facts
- The Auditor is a desktop application that opens a Verified Reality Truth Packet (a ZIP vault) and proves it offline — independent of Verified Reality the company.
- Four input modes share one console: a full Truth Packet ZIP vault, a Verified Reality audit PDF (hash-matched against the Command Centre registry), a single VRA-captured media file (embedded EXIF read), or an encrypted Arweave kit (hash-matched against the immutable permaweb transaction).
- Encrypted Sovereign Decryption Kits downloaded from Arweave are verified by comparing the local ZIP SHA-256 against the Zip-SHA256 tag on the on-chain transaction — no Verified Reality web app or Supabase database required.
- Every sealed media file's bytes are checked against the session certificate (the Sacred Seal); the manifest checkpoint's rolling hash chain is walked end-to-end (the Golden Thread).
- Eight verification pillars are reported on a single status board: Software origin, Device integrity, Session integrity, Temporal integrity, Chain of custody, C2PA / content authority, Storage integrity, Forensic audit.
- C2PA detached manifests are read from the actual files in the vault; signer identity is surfaced from the real manifest — there are no placeholder vendor allowlists.
- Storage integrity is confirmed against the Verified Reality Command Centre when the operator is signed in — optional enrichment, not a gate to the cryptographic baseline.
- Truth Packets stamped to Arweave remain verifiable against the permanent blockchain even if Verified Reality the company disappears tomorrow.
- A local Cryptographic Audit Ledger records every audit performed against a vault hash, feeding the Forensic Audit pillar over time.
- Truth Packets are bearer assets — the Auditor lets the holder prove the bundle is intact even if Verified Reality, the cloud, or the original capture device disappear.

## Summary
The Verified Reality Auditor is the desktop verification console for Truth Packets. Don't trust us. Trust the math. Verify it yourself, offline, against the immutable permaweb. It is an Electron application that ingests evidence in four forms — a sealed Truth Packet ZIP vault, a Verified Reality audit PDF, a single sealed media file, or an encrypted Arweave kit — and runs the right verification pass for each without forcing a full unpack. The console is the same; what's checked depends on what was dropped in.

When given a vault, the Auditor unpacks it to a sandbox (the original archive is never modified), indexes the contents, runs deterministic cryptographic and structural checks, and renders the full eight-pillar status board. When given an audit PDF, it hashes the file and confirms the bytes still match the hash on record at the Command Centre. When given a single VRA-captured media file, it reads the embedded immutable core — EXIF, capture telemetry, PRNU reference, paired C2PA sidecar where present — straight from the file bytes. When given an encrypted Arweave kit, it decrypts locally (when credentials are supplied), hashes the resulting ZIP, and cross-checks that fingerprint against the Zip-SHA256 tag on the immutable Arweave transaction — independent of Verified Reality servers or our Supabase database.

Embedded data is read directly from the file bytes (PRNU, EXIF, C2PA sidecars) and kept separate from the JSON sidecars (certificate, manifest checkpoint, session logs). That separation is the point: the immutable core comes from the media, and JSON cannot silently replace it. The Auditor walks the manifest checkpoint's rolling hash chain, runs session seal verification against the certificate, validates any paired C2PA detached manifests, and — if the operator is signed in — calls the Command Centre to confirm durable storage tier (sealed, Forever Vault, Arweave) and surface published forensic reports tied to the same Truth Packet.

The product completes the ecosystem's transparency claim. A Verified Reality Truth Packet is a bearer asset: it carries its own proof, it survives the cloud, and it survives Verified Reality the company. For Arweave-stamped evidence, the permaweb is the anchor of last resort. The Auditor is how a recipient — a court, a buyer, a journalist, an opposing party — confirms that for themselves, offline if necessary, without trusting our website or our servers.

## Keywords
- Verified Reality Auditor
- Truth Packet auditor
- desktop verification console
- tamper-evident media verifier
- VRA audit PDF verification
- audit PDF hash check
- single file EXIF verification
- encrypted Arweave kit inspector
- C2PA validator
- PRNU audit
- session seal verification
- manifest checkpoint
- Sacred Seal
- Golden Thread chain of custody
- Cryptographic Audit Ledger
- offline permaweb verification
- Sovereign Decryption Kit
- Zip-SHA256 permaweb anchor
- bearer asset verification
- Electron forensic app
- VRA Truth Packet verifier

Canonical URL: https://verifiedreality.ca/technology/auditor
