A recovery you can't verify is just a claim. VERAQIS attaches evidence to every result and lets a third party re-check it — without trusting VERAQIS.
Every emitted byte, row or object carries an evidence record on one of two orthogonal axes. They are never collapsed into a single score, and a checksum the solver was fitted to counts for nothing (the tautology rule).
Strength is quantified: a CRC-32 that the solver was not fitted to contributes 32 bits; a checksum it solved against contributes zero. A result with zero evidence bits and no exact-erasure basis may not be emitted at all.
"Unique under the stated structural constraints" — e.g. a PDF object reachable from Root, a SQLite page consistent with exactly one schema. Validated empirically at false = 0 on a differential corpus. Health never rises on a guess.
The auditor produces a human console report and machine-readable output, written to a file or stdout.
Health bar, ranked issues, recoverability factors and a recommendation — the default human view.
A stable PlatformReport
(format_version 2.0) for pipelines, dashboards and OEM integration.
A self-contained report you can archive, attach to a ticket, or hand to a colleague.
# machine-readable report to a file VERAQIS analyze backup.zip --format json --output report.json VERAQIS report backup.zip --format html --output report.html
This is a live CLI-generated HTML report for
testdata/zip/truncated/ZIP_0006.zip. VERAQIS detected the missing ZIP end-of-central-directory
signature, scored health at 15/100, and the recovery run rebuilt the central directory.
zip-rebuild, with 0B lost
veraqis report. See the full
HTML report or the full
benchmark statistics page.Recovery tracks that compete on verified-correctness emit a self-contained certificate. The point is independence: a separate verifier re-checks it, and that verifier shares no code with the solver.
A standalone re-verifier validates a certificate against the damaged input — tamper, a wrong artifact, or a tautological "proof" are all rejected. Independence from the solver is enforced by a build-time fitness test.
Without the original, VERAQIS reports a bound — P(wrong) ≤ 2^(−evidence_bits) — never "verified correct." Genuinely unrecoverable regions can carry a negative certificate, gated so a recoverable region is never certified as lost.
# re-verify a certificate independently of the recovery tool phx-verify-cert cert.json --against damaged.bin --recovered out.bin
Certificate emission is wired per recovery path and expands during beta. The benchmark and certificate tooling are standing infrastructure today.
Core proof terms, stated directly.
An evidence record links a result to rule IDs, byte ranges, verifier type and confidence. It explains why a byte, row, part or object was emitted.
A verifier only counts if it is independent of the candidate generator. A checksum that a solver was fitted to contributes zero evidence bits.
It is a self-contained recovery certificate that a standalone verifier can re-check against the damaged input and recovered output without trusting the recovery solver.