Open Source

The attestr-engine is the core open-source project that powers independent verification of every Attestr evidence packet. It runs locally, requires no API access, and has zero dependency on Attestr infrastructure.

• SHA-256 hash chain verification — validate the unbroken sequence of every record in a ledger
• Ed25519 signature validation — confirm that each record was signed by the stated authority
• Merkle proof verification — efficiently verify individual records without processing the entire chain
• Self-contained — no network calls, no API keys, no vendor dependency

For a compliance product, open-sourcing the verification layer isn't optional — it's the entire point. If you have to trust Attestr to verify your evidence, the evidence isn't truly independent.

Every evidence packet Attestr generates is self-contained. It includes the record data, the SHA-256 hash, the Ed25519 signature, the Merkle proof, and the public verification key — everything needed to independently verify the record's integrity. No API call, no network access. Just math.

• Examiner independence — a regulator receives your evidence packet, runs the open-source engine locally, and gets a pass/fail verification result. No Attestr account, no API key, no trust relationship required.
• Zero vendor lock-in — self-host the engine and your evidence packets work forever, even if Attestr disappears
• Transparency — the cryptography is fully auditable, not a black box
• Community trust — security through openness, not obscurity

You can run the verification engine on your own infrastructure for complete independence. This is particularly useful for organizations that require air-gapped environments, on-premise compliance tooling, or full control over their verification pipeline.

The engine is a lightweight, stateless binary with no external dependencies. Install it, point it at an evidence packet, and get a cryptographic verification result. No cloud, no accounts, no phone-home.