Public artifact
A URL anyone can open. Three trust labels.
A proof link travels with the artifact. Investors, hiring managers, auditors, and counter-parties open it without logging in and immediately learn who did the work, when, with what level of human attestation, and whether anything was off.
Before: LOW
After: LOW
The viewNo login. No portal. Click the link, see the label.
Human-Supervised AI
asha-q2-brand
WorkerAsha Raman
ArtifactQ2 Brand Refresh - Working Doc
Hash8a3f1e29c4
Created2026-06-06 06:44
CityMumbai, IN
Verify logclick verify ↑
Unverified
john-orphan-commit
WorkerJohn Mercer
Artifactfix(payments): suppress retries on idempotent failures
Hash8f3a91c
Created2026-06-06 08:15
Verify logclick verify ↑
Flagged
leo-parallel
WorkerLeo Park
ArtifactMigrate auth service to v2
Hash4d2c1a9
Created2026-06-06 16:48
CityNew York, US
Verify logclick verify ↑
What verification actually does
"Verify now" hits POST /api/signatures/verify/. The server rebuilds the canonical action payload from the stored signature, re-hashes it, and HMAC-checks the server proof signature against the same secret. Any byte changed in the payload, the slug, or the signature breaks the check.
{
"signatureSlug": "asha-q2-brand"
}
// → { ok: true, status: 'verified', verifiedAt: '…' }
Three labels, three meanings
Verified
A real human, a real passkey, a real action payload. Tamper-evident.
Supervised AI
An AI produced the output. A human stood behind it with a fresh passkey assertion.
Flagged
The signature exists, but the session that produced it has an open anomaly. The link tells the truth.
Demo catalog
Keep the tour going.
You've finished the tour. Open the dashboard, or share this demo with a teammate.