Status · Transparency record
How the office watches itself.
A service that issues notarial records about other people's files should be willing to publish its own. This page describes, in plain English, the three independent checks the office runs against itself, where the results live, and how a visitor can confirm the live state without trusting anything on this page.
1 · Live state, right now
The strip below updates on page load by hitting the public health endpoint from your own browser. If the endpoint is reachable you will see reachable; if not, unreachable. The check happens in your browser; the office sees only that you loaded the endpoint, the same way any visitor would.
https://orphograph.com/api/health2 · The three independent checks
Continuous probe (every five minutes). A small process running on the founder's machine fetches / and /api/health every five minutes. On the second consecutive failure it asks the host to restart the production machine; on the third it raises an alert. The probe writes a per-tick record to an append-only log; the script is the one anyone can audit at scripts/orphograph_watchdog.py in the public repository.
On-demand transparency probe. A workflow runs against the live site from a different network than the founder's machine and verifies that every documented page returns 200 OK and that the served HTML contains none of the deny-listed terms. The workflow is at .github/workflows/pii_probe.yml and may be re-run by anyone with repository access; results land in the public Actions log.
Daily on-chain attestation. Each day the repository's working state is hashed into a Merkle root and the root is submitted to OpenTimestamps, which commits it to the Bitcoin chain. The receipt history is recorded locally with the founder; the on-chain commitments are recoverable by anyone from the Bitcoin block at the recorded time. This is the same instrument the office sells to customers, applied to the office's own working set.
3 · How a visitor can confirm the office without trusting this page
The office does not ask anyone to trust the strip in section 1. Three steps reproduce the public state without any reference to this page:
- Open a terminal and run
curl -sS -o /dev/null -w "%{http_code}\n" https://orphograph.com/api/health. A response code of 200 confirms the service is reachable. - Inspect the public source. The repository contains the watchdog script, the transparency-probe workflow, and the verifier itself. None of the three depend on any service the office runs.
- For a customer with a receipt: run the MIT verifier under
dist/orphograph-verify/. It reads the receipt and reproduces the Bitcoin proof locally with no call to the office.
The principle that supports the rest is the same one the office sells to customers: a public, neutral chain is a stronger witness than any vendor's word. The office is willing to be witnessed by it on the same terms it asks customers to accept.
4 · Where the records live
| Record | Location |
|---|---|
| Live health endpoint | orphograph.com/api/health |
| Continuous-probe script | github.com/Orphograph/Orphograph — scripts/orphograph_watchdog.py |
| Transparency probe | github.com/Orphograph/Orphograph — .github/workflows/pii_probe.yml |
| Daily auto-anchor script | github.com/Orphograph/Orphograph — scripts/auto_anchor_repo.py |
| Open-source verifier | github.com/Orphograph/Orphograph — dist/orphograph-verify/ |
| Public deploy log | github.com/Orphograph/Orphograph/actions |
| Offline verifier kit | orphograph.com/dist/orphograph-verify.zip |
5 · Disclosures
The office uses one hosting provider, one transactional-mail provider, one payment processor, and one optional cryptocurrency payment processor, listed at /legal/. An outage at any of these may affect the office's ability to issue new receipts. Already-issued receipts do not depend on the office for verification — that is the property the protocol is designed to provide.
Security findings and policy questions belong at [email protected]; everything else at [email protected]. No personal email address of any individual operator is published as a formal channel; see SECURITY.md.