Transparency-log verification
Re-derive VisIQ’s transparency log from scratch — recompute every Merkle root, hash-chain
link and Ed25519 signature yourself, trusting none of the product’s own flags. Runs with zero
credentials (demo mode).
Governance EDA
Exploratory data science over the harness corpus — a business-function atlas, a rule-attribution
meta-audit, an egress graph and volume seasonality. Needs a sandbox-reader key.
Run them
- In your browser (zero install)
- Run locally
A fully static JupyterLite build runs the notebooks entirely in your browser via Pyodide
(WASM Python) — no install, no server, no account, and for the transparency notebook no
credentials. It is live below — give it a few seconds to boot, then choose Run → Run All
Cells to re-derive every Merkle root, hash-chain link and Ed25519 signature yourself:
The scientific stack (
numpy, pandas, matplotlib, networkx, cryptography) loads on first
run; the notebook’s Ed25519 known-answer self-test passes in-browser. Prefer a full-screen tab, or
want the exploratory notebook?Open the verifier full-screen →
The transparency-log verifier in a full JupyterLab tab — the complete Ed25519 verification, still with zero credentials.
Open the governance EDA →
The exploratory notebook — set a sandbox-reader key inside to pull real seeded data.
The embed runs everything client-side (Pyodide/WASM) — nothing you type or run leaves your
browser. Nothing to install; or use Run locally below.
Get a sandbox-reader key
A read-only sandbox-reader key resolves to the shared exemplar showcase tenant and is clamped read-only — it can never reach a real tenant. Mint one, then:Transparency-log verification
VisIQ commits every governed decision into an append-only transparency log: a Merkle-batched, hash-chained, Ed25519-signed ledger. This notebook ignores everyverified flag
the API returns and re-derives the guarantees itself with ~40 lines of hashlib + cryptography.

The audit-verdict dashboard — honestly gated on mode. In demo mode it proves the verifier itself; with a key it verifies the real VisIQ ledger.
- Hash-chain linkage — recompute
chain[k] = SHA256(0x02 ‖ chain[k−1] ‖ root[k]), verifyprevRootlinks and gap-freebatchSeq. A single altered or deleted batch is caught. - Root signatures — Ed25519-verify each checkpoint’s root under its returned key.
- Receipt inclusion — replay each retrieval receipt’s Merkle proof and require its root to be one we signature-verified (so a forged “proof” to an unsigned root is rejected).

The append-only ledger, block by block — each checkpoint coloured by its independent verdict.
Honest trust boundary. The notebook is explicit about what a read client cannot verify and
records as server attestation, never as proven: the identity of the signing key (pin VisIQ’s
published Ed25519 key out-of-band), the RFC-3161 timestamps (the token bytes are never exposed),
and the KMS / RECORD-inclusion legs (they need credentials or data a read client lacks). It also
ships a known-answer self-test and a tamper demonstration that proves the verifier genuinely checks.
Governance exploratory analysis
Exploratory data science over the harness corpus: a business-function → action atlas, a rule-attribution meta-audit (which honestly flags that seededrule_ids are noise), an egress
graph, and STL volume seasonality. It reads the paginated decision logs
(/v1/allow/audit-log, /v1/recall/audit-log) plus /allow/agents and /rules, so it needs a
sandbox-reader (or management) key — set VISIQ_API_KEY as above.