Delete Bonis Systems today. The receipts still prove themselves in 2075.
A zero-dependency Node.js script — under 12 KB — that independently verifies any Knox record without contacting Bonis Systems. Auditors, regulators, opposing counsel, and federal contracting officers can run it on an air-gapped machine. The Continuity Guarantee, made tangible.
Download
Script (standalone)
Single .mjs file. Open it in any text editor to read the source before running it. ~12 KB.
bonis-verify.mjs →README (install + usage)
Markdown. Installation, two usage modes, exit codes, what the script does and does not verify.
README.md →Bundle (script + README)
Zip. Script and README together. Drop into any compliance archive or attach to an affidavit.
bonis-verifier.zip →Federal air-gap Docker bundle
Self-contained offline environment
Docker · ~934 KBA self-contained Docker bundle for federal air-gap demonstration. Includes the zero-dep verifier, a Dockerfile and docker-compose, a snapshot of the OFAC Specially Designated Nationals list (18,772 records, 5.48 MB), the FAR 889 covered-entity list, and a current Bitcoin chain tip. Builds on any machine with Docker; runs without internet. Intended for SCIF / federal-evaluator review where outbound network is not available.
bonis-airgap-docker-bundle.zip →curl -fsSL https://bonissystems.com/legal-kit/bonis-airgap-docker-bundle.zip -o bundle.zip unzip bundle.zip && cd air-gap docker compose up --build
One-line install
curl -fsSL https://bonissystems.com/legal-kit/bonis-verify.mjs -o bonis-verify.mjs node bonis-verify.mjs --help
No npm install. No node_modules. No package manifest. The script uses only Node.js standard library modules (crypto, https, fs).
Worked example — test --record mode now
Sample record bundle + deterministic regenerator
4-leaf Merkle tree · all 4 checks PASS offlineA reproducible Knox record bundle with a real 4-leaf Merkle tree, a valid inclusion proof, and a canonical event hash. Download the JSON, feed it to --record, watch all four steps pass with zero network calls. Then download the generator to confirm the bundle is not a magic fixture — every hash is recomputable from the declared inputs using only Node's stdlib SHA-256.
# Fetch the verifier + the sample bundle curl -fsSL https://bonissystems.com/legal-kit/bonis-verify.mjs -o bonis-verify.mjs curl -fsSL https://bonissystems.com/legal-kit/sample-record.json -o sample-record.json # Air-gapped verification — disconnect your network and run: node bonis-verify.mjs --record sample-record.json # → [PASS] event-hash · [PASS] chain-continuity · [PASS] merkle-inclusion · [PASS] OTS-delegation # Optional: regenerate the bundle and compare byte-for-byte curl -fsSL https://bonissystems.com/legal-kit/generate-sample-record.mjs -o gen.mjs node gen.mjs regenerated.json shasum -a 256 sample-record.json regenerated.json
Two verification modes
Mode 1 · Online lookup
1 HTTPS callGiven a SHA-256 digest, confirm the record exists in the Knox chain. One outbound HTTPS call to bonissystems.com/api/knox/verify. Prints anchor ID, sequence, Merkle root, Bitcoin transaction ID, and the public verify URL.
node bonis-verify.mjs --hash <sha256>
Mode 2 · Air-gapped
Zero networkGiven a record bundle (JSON) exported from the Bonis admin console, recompute the hash chain and verify the Merkle inclusion proof entirely offline. No network calls. Runs on a machine with no internet access.
node bonis-verify.mjs --record <path.json>
What the script checks
- Event-hash integrity. The declared payload hash is recomputed using the canonical Knox hashing function documented in the public TLA+ spec. Any alteration of the payload after sealing produces a different hash — detected.
- Hash-chain linkage. The previous-hash field on each event is confirmed to be a well-formed SHA-256 digest. Full chain continuity is verifiable by requesting the surrounding event range.
- Merkle inclusion. When a record bundle includes a Merkle inclusion proof, the script walks the proof from the leaf to the declared root and confirms the event is included.
- Bitcoin-anchor delegation. The Merkle root is timestamped via OpenTimestamps and committed to a Bitcoin block. This script does not perform the Bitcoin-block check directly — it delegates to the OpenTimestamps client, which is maintained independently of Bonis Systems.
Why this exists — the Continuity Guarantee
A reasonable concern when any compliance vendor is relied upon for record integrity:
"What happens if you disappear — acquired, bankrupt, out of business, under litigation hold, or just offline?"
The answer for Knox records is that nothing happens to the records. Every Knox record's integrity depends on:
- The SHA-256 cryptographic hash function (published 2001, part of the Node.js standard library).
- The Bitcoin blockchain (independent of Bonis Systems; thousands of node operators worldwide).
- The OpenTimestamps protocol (independent open-source client, independent calendar servers).
- This verifier script (under 12 KB, public, forkable, redistributable).
None of those depends on Bonis Systems being online, solvent, or in existence. This script is the tangible form of that guarantee — hand it to any skeptical engineer, lawyer, or auditor. They can prove the integrity of any Knox record without our cooperation.
Related artifacts
TLA+ formal spec
Model-checked specification of the Knox hash chain and event store. Re-verifiable in under five minutes by any reader with TLA+ Toolbox or TLC.
Open /bonis/spec →Legal Kit
Sample FRE 902(13) affidavit, admissibility brief, and the full legacy verify-knox-record.mjs script that operates on full record bundles.
Open /bonis/legal-kit →Operator: Bonis Systems LLC · UEI R2BPJDC5CBA3 · CAGE 1TSP2 · USPTO provisional 64/038,359 (inventor: Jonis Aaron Fields) · Contact: jonisfields@gmail.com · +1 (210) 452-3767.