Installation, commands, supported formats, safety rules and verification references for v0.2.1 beta.
Download the reviewed Windows beta and verify its checksum. Always analyze before recovery.
# downloaded Windows beta veraqis.exe --version veraqis.exe analyze damaged.zip --format json # audit first — read-only, never changes the source veraqis analyze damaged.zip # preview the rule-keyed repair plan without writing output veraqis recover damaged.zip --plan # recover into a new folder; never overwrite the source veraqis recover damaged.zip --output out/
VERAQIS command surfaceRecovery is opt-in and gated by default. analyze is the permanently-free,
read-only auditor.
| Command | What it does |
|---|---|
| veraqis analyze <file> | Read-only audit. Use --format json|md|html; use --recursive for nested containers. |
| veraqis verify <file> | Human "is it healthy?" check. |
| veraqis report <file> | Write a structured analysis report without recovering data. |
| veraqis score <file> | Print the calibrated recoverability assessment. |
| veraqis recover <file> --output out/ | Beta-free: default exact, provenance-backed recovery. |
| veraqis recover … --semantic sqlite|opc|pdf|7z|rar | Beta-free: opt-in Tier-3 semantic reconstruction. |
| veraqis recover … --salvage | Beta-free: partial-decompression salvage (bzip2 / xz). |
| veraqis recover … --reconcile | Beta-free: intra-file redundancy mining (ISO 9660 / ZIP). |
| veraqis protect shield <file> | Create a producer-side parity sidecar (.phxs) before damage occurs. |
| veraqis protect check <path> | Read-only check of a protected file or folder manifest. |
| veraqis protect repair <path> | Reconstruct protected content into a separate output path. |
| veraqis license info|verify | Offline license inspection (no network). |
| phx-verify-cert <cert> --against <file> | Standalone source-built certificate re-verifier; not in the current Windows download set. |
Optional modes are never enabled silently. Semantic recovery, salvage, reconciliation and exact-copy reconstruction require their explicit flags.
The source file stays read-only. Every write goes to a separate output location.
Detect the format, encryption state, structural findings and recoverability without modifying the input.
Run recover --plan to see
the rule-keyed operations that would be attempted. This mode writes no recovered data.
Choose a new output directory. Review the manifest and keep the original until the result has been independently checked.
Higher-trust methods run first. A mode emits only what its verifier can support; otherwise it reports an unknown region.
| Mode | Enable it | Output and proof | Main limits |
|---|---|---|---|
| Structural recovery | default recover | Format-aware structural bytes with checksum or parser confirmation. | Abstains when surviving structure cannot prove a repair. |
| Semantic recovery | --semantic sqlite|opc|pdf|7z|rar | Verified rows, parts, objects or inventory with provenance. | Partial output is labelled partial; unproven objects are not promoted to verified. |
| Block salvage | --salvage | Independently CRC-verified bzip2 or xz blocks. | No recovery claim for LZ-coupled lz4/zstd blocks. |
| Reconciliation | --reconcile | ISO/ZIP values accepted only when independent copies agree. | Ambiguous or contradictory copies are refused. |
| Shield reconstruction | --shield file.phxs | Byte-exact reconstruction checked against the protected original's hash. | The sidecar must have been created while the file was healthy. |
| Exact-copy research | --xcr --index owner-set | Exact same-owner duplicate chunks with independent placement confirmation and a certificate. | Experimental; same-owner only; no cross-user search. |
Support is damage-dependent. A listed format is not a promise that every damaged file can be recovered.
| Format | Current verified surface | Important limitation |
|---|---|---|
| ZIP / JAR / APK | Structural repair, safe extraction and duplicate-field reconciliation. | Encrypted input is refused unless it is a supported traditional ZIP opened with the password supplied for that operation. |
| DOCX / XLSX / PPTX | CRC-verified parts plus content-type and relationship-graph checks. | Missing application content is not invented merely to make a document open. |
| TAR / GZIP / DEFLATE | Header repair, resynchronization and exact continuation where independent checks survive. | Compressed regions without a surviving verifier remain unknown. |
| bzip2 / xz | Partial-decompression salvage of independently checked blocks. | Single atomic streams and missing block-size information can limit salvage. |
| ISO 9660 | Descriptor repair and dual path-table reconciliation. | Conflicting copies without a unique result are refused. |
| SQLite | Schema, verified rows, WAL overlay and overflow-chain recovery. | Deleted/free-list content is excluded unless the separate forensic opt-in is explicitly selected. |
| Object scan, xref reconstruction and objects reachable from a recovered Root. | Encrypted PDFs are detected and refused; unreachable objects are not labelled verified. | |
| 7z | Signature/start-header repair, verified inventory and intact non-solid folder extraction. | Solid LZMA payload corruption and encrypted headers remain unrecoverable by the current engine. |
| RAR | RAR4/RAR5 detection, verified inventory and stored-entry extraction. | Compressed proprietary payload recovery is not claimed. |
JSON, Markdown and self-contained HTML reports contain rule IDs, severity, byte ranges and calibrated health or recoverability information.
Recovery writes a provenance sidecar by default.
It records what changed and why; --no-manifest disables that sidecar and is not
recommended for evaluation.
Certificate-enabled recovery paths can be checked
by phx-verify-cert, a separately built verifier that does not depend on the recovery solver.
# produce a self-contained HTML analysis report veraqis report damaged.zip --format html --output report.html # source-built standalone certificate check phx-verify-cert cert.json --against damaged.bin --recovered recovered.bin
Without the original ground truth, VERAQIS reports the evidence bound and certificate result. It does not claim measured correctness in the field.
Product source and development repositories are private. Verify the public beta artifact before running it.
# verify downloaded artifacts before running them CertUtil -hashfile veraqis.exe SHA256
Fast entry points for developers and evaluators.
Run veraqis analyze <file> first. It is the free, read-only audit path and does not modify the input file.
See the public Test Record for measured outcomes and Reports & Verification for proof and certificate details.
Yes. Build phx-verify-cert from the source workspace as a separate executable.
It is not included in the current Windows beta download set.