VERAQIS / Documentation

Documentation

Installation, commands, supported formats, safety rules and verification references for v0.2.1 beta.

Get started

Download the reviewed Windows beta and verify its checksum. Always analyze before recovery.

# downloaded Windows beta
veraqis.exe --version
veraqis.exe analyze damaged.zip --format json

# audit first — read-only, never changes the source
veraqis analyze damaged.zip

# preview the rule-keyed repair plan without writing output
veraqis recover damaged.zip --plan

# recover into a new folder; never overwrite the source
veraqis recover damaged.zip --output out/

The VERAQIS command surface

Recovery is opt-in and gated by default. analyze is the permanently-free, read-only auditor.

CommandWhat it does
veraqis analyze <file>Read-only audit. Use --format json|md|html; use --recursive for nested containers.
veraqis verify <file>Human "is it healthy?" check.
veraqis report <file>Write a structured analysis report without recovering data.
veraqis score <file>Print the calibrated recoverability assessment.
veraqis recover <file> --output out/Beta-free: default exact, provenance-backed recovery.
veraqis recover … --semantic sqlite|opc|pdf|7z|rarBeta-free: opt-in Tier-3 semantic reconstruction.
veraqis recover … --salvageBeta-free: partial-decompression salvage (bzip2 / xz).
veraqis recover … --reconcileBeta-free: intra-file redundancy mining (ISO 9660 / ZIP).
veraqis protect shield <file>Create a producer-side parity sidecar (.phxs) before damage occurs.
veraqis protect check <path>Read-only check of a protected file or folder manifest.
veraqis protect repair <path>Reconstruct protected content into a separate output path.
veraqis license info|verifyOffline license inspection (no network).
phx-verify-cert <cert> --against <file>Standalone source-built certificate re-verifier; not in the current Windows download set.

Optional modes are never enabled silently. Semantic recovery, salvage, reconciliation and exact-copy reconstruction require their explicit flags.

Concepts

Safe recovery workflow

The source file stays read-only. Every write goes to a separate output location.

01

Analyze

Detect the format, encryption state, structural findings and recoverability without modifying the input.

02

Plan

Run recover --plan to see the rule-keyed operations that would be attempted. This mode writes no recovered data.

03

Recover separately

Choose a new output directory. Review the manifest and keep the original until the result has been independently checked.

Encryption is not bypassed. Unknown passwords, unsupported encryption and encrypted formats outside the narrowly supported user-supplied traditional-ZIP opening path are detected and refused.

Recovery modes

Higher-trust methods run first. A mode emits only what its verifier can support; otherwise it reports an unknown region.

ModeEnable itOutput and proofMain limits
Structural recoverydefault recoverFormat-aware structural bytes with checksum or parser confirmation.Abstains when surviving structure cannot prove a repair.
Semantic recovery--semantic sqlite|opc|pdf|7z|rarVerified rows, parts, objects or inventory with provenance.Partial output is labelled partial; unproven objects are not promoted to verified.
Block salvage--salvageIndependently CRC-verified bzip2 or xz blocks.No recovery claim for LZ-coupled lz4/zstd blocks.
Reconciliation--reconcileISO/ZIP values accepted only when independent copies agree.Ambiguous or contradictory copies are refused.
Shield reconstruction--shield file.phxsByte-exact reconstruction checked against the protected original's hash.The sidecar must have been created while the file was healthy.
Exact-copy research--xcr --index owner-setExact same-owner duplicate chunks with independent placement confirmation and a certificate.Experimental; same-owner only; no cross-user search.

Formats and current limits

Support is damage-dependent. A listed format is not a promise that every damaged file can be recovered.

FormatCurrent verified surfaceImportant limitation
ZIP / JAR / APKStructural repair, safe extraction and duplicate-field reconciliation.Encrypted input is refused unless it is a supported traditional ZIP opened with the password supplied for that operation.
DOCX / XLSX / PPTXCRC-verified parts plus content-type and relationship-graph checks.Missing application content is not invented merely to make a document open.
TAR / GZIP / DEFLATEHeader repair, resynchronization and exact continuation where independent checks survive.Compressed regions without a surviving verifier remain unknown.
bzip2 / xzPartial-decompression salvage of independently checked blocks.Single atomic streams and missing block-size information can limit salvage.
ISO 9660Descriptor repair and dual path-table reconciliation.Conflicting copies without a unique result are refused.
SQLiteSchema, verified rows, WAL overlay and overflow-chain recovery.Deleted/free-list content is excluded unless the separate forensic opt-in is explicitly selected.
PDFObject scan, xref reconstruction and objects reachable from a recovered Root.Encrypted PDFs are detected and refused; unreachable objects are not labelled verified.
7zSignature/start-header repair, verified inventory and intact non-solid folder extraction.Solid LZMA payload corruption and encrypted headers remain unrecoverable by the current engine.
RARRAR4/RAR5 detection, verified inventory and stored-entry extraction.Compressed proprietary payload recovery is not claimed.

Reports, manifests and certificates

Analysis report

JSON, Markdown and self-contained HTML reports contain rule IDs, severity, byte ranges and calibrated health or recoverability information.

Recovery manifest

Recovery writes a provenance sidecar by default. It records what changed and why; --no-manifest disables that sidecar and is not recommended for evaluation.

Proof certificate

Certificate-enabled recovery paths can be checked by phx-verify-cert, a separately built verifier that does not depend on the recovery solver.

# produce a self-contained HTML analysis report
veraqis report damaged.zip --format html --output report.html

# source-built standalone certificate check
phx-verify-cert cert.json --against damaged.bin --recovered recovered.bin

Without the original ground truth, VERAQIS reports the evidence bound and certificate result. It does not claim measured correctness in the field.

Verify the release

Product source and development repositories are private. Verify the public beta artifact before running it.

# verify downloaded artifacts before running them
CertUtil -hashfile veraqis.exe SHA256
Public beta access: every current Recovery capability is temporarily free. The offline entitlement implementation remains in the source for later development, but no license file is required by the current public-beta build.

Documentation questions

Fast entry points for developers and evaluators.

What is the first command to run?

Run veraqis analyze <file> first. It is the free, read-only audit path and does not modify the input file.

Where are the detailed recovery benchmarks?

See the public Test Record for measured outcomes and Reports & Verification for proof and certificate details.

Can the certificate verifier be run separately?

Yes. Build phx-verify-cert from the source workspace as a separate executable. It is not included in the current Windows beta download set.