Open-source verifier

A 100-line, MIT-licensed Python file that validates Orphograph receipts against the public Bitcoin chain — without trusting any Orphograph infrastructure. The trust artifact, hosted at the canonical URL.

Download

• verify.py — single Python 3.9+ file, no dependencies
• README.md — usage + design
• LICENSE — MIT
• orphograph-verify-0.1.tar.gz — all four files + bundled sample receipt

One-liner usage

# Download just the verifier:
curl -O https://orphograph.com/verify/verify.py

# Verify any receipt + original file:
python3 verify.py path/to/receipt.json --file path/to/original

# Exit code 0 = valid, 3 = file mismatch, 4 = ots proof failed

Try it on the bundled sample

curl -O https://orphograph.com/verify/orphograph-verify-0.1.tar.gz
tar xzf orphograph-verify-0.1.tar.gz
python3 verify.py examples/sample/receipt.json --file examples/sample/sample.txt

Expected output: all 5 .ots proofs marked [OK], file hash matches, SHA-512 sibling matches. Exit code 0.

Why is this hosted on orphograph.com instead of GitHub?

Same trust property, narrower attack surface. The verifier is served as plain static files from the canonical domain — same place the service runs, audited under the same security posture (see /status and our terms). If we shut down, the files are MIT-licensed: clone them, mirror them, anchor them to Bitcoin via Orphograph itself for meta-trust.

Read the source

The whole verifier: verify.py (~100 lines). Audit it in five minutes. There are no dependencies, no hidden network calls, no telemetry. SHA-256 of the file is in the tarball's manifest below — anchor your downloaded copy with Orphograph itself if you want a tamper-evident timestamp.

License

MIT. Use the verifier in your own products, fork it, vendor it, distribute it. Full text at /verify/LICENSE.