What’s included
- Isolated Branch (Wing), branded
- Residency/keys posture
- Allowlisted egress
- Monthly Receipts Core
We build, manage, and upgrade a private branch under your brand. You bring the audience and first-line support; we provide a lawful, audit-ready environment—without employee surveillance.
Receipts are pilot-ready: Inter-Wing map • WORM snapshot • ops-only SIEM, wired during pilot and exported within 10 business days..
Each month we deliver a Receipts Core snapshot: (a) Inter-Branch sharing map, (b) a WORM snapshot of policies/config, and (c) ops-only SIEM exports. It’s proof without people surveillance.
Open inter_wing_map.pdf (or PNG). Confirm Wing↔Wing flows and allowlisted egress match expectations for this period.
Open worm_manifest.json. Confirm created_at, zone, egress, and that a signature is present. The manifest lists file digests you can check locally.
Open siem_YYYY-MM.ndjson. Look for APPLY, ALLOW, and BLOCK lines that align with the map and policy. (No employee events—ops-only.)
macOS/Linux (Terminal)
# shasum (macOS) or sha256sum (Linux) shasum -a 256 inter_wing_map.pdf shasum -a 256 siem_2025-09.ndjson # compare output to the digest in worm_manifest.json
Windows PowerShell
Get-FileHash -Path .\inter_wing_map.pdf -Algorithm SHA256 Get-FileHash -Path .\siem_2025-09.ndjson -Algorithm SHA256
Signatures: production manifests are signed. We can provide the public key and a one-liner for verification on request.
GPG / PGP
# import our public key (first time only) gpg --import /media/por_receipts_public.asc # verify the manifest against its detached signature gpg --verify /media/worm_manifest_sample.json.sig /media/worm_manifest_sample.json
Minisign
# verify with minisign minisign -V -p /media/por_receipts_pubkey.minisign \ -m /media/worm_manifest_sample.json \ -x /media/worm_manifest_sample.json.minisig
Result should read “Good signature” or “Signature verified.” If you see a mismatch, the file or key is not correct.