# Bonis Knox Verifier — Air-Gapped Independent Verifier Independent verification tool for Knox records produced by Bonis Systems LLC. This script does not depend on Bonis Systems servers. It makes exactly one HTTPS call in one mode (online lookup) and zero HTTPS calls in the other mode (air-gapped record verification). Auditors, regulators, opposing counsel, and federal contracting officers can run it on any machine with Node.js 18 or later. If Bonis Systems were to disappear tomorrow, this script and the associated OpenTimestamps client would still allow third parties to verify the integrity of Knox records produced during the firm's operational period. --- ## Installation Requirements: - Node.js 18 or later (uses the built-in `crypto` and `https` modules) - No npm packages required. No dependencies. No node_modules. ``` mkdir bonis-verifier && cd bonis-verifier curl -fsSL https://bonissystems.com/legal-kit/bonis-verify.mjs -o bonis-verify.mjs chmod +x bonis-verify.mjs ``` Or download the full bundle (script + README + future samples) in one file: ``` curl -fsSL https://bonissystems.com/legal-kit/bonis-verifier.zip -o bonis-verifier.zip unzip bonis-verifier.zip ``` That is the entire install. --- ## Usage ### Mode 1 — Online lookup (one HTTPS call) Verify that a given SHA-256 digest exists in the Knox chain: ``` node bonis-verify.mjs --hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ``` Output includes: anchor ID, sequence number, Merkle root, Bitcoin transaction ID (once confirmed), and the public verify URL. ### Mode 2 — Air-gapped record verification (zero network) Given a record bundle (JSON) exported from the Bonis admin console, verify the full chain locally: ``` node bonis-verify.mjs --record path/to/record.json ``` This mode makes no network calls. It recomputes the event hash, checks the Merkle inclusion proof against the declared root, and (if the OpenTimestamps proof is included) instructs the user on how to verify Bitcoin-block inclusion using the public OpenTimestamps protocol. --- ## Exit codes - `0` — all checks passed - `1` — verification failed (tamper detected, or a required field is missing) - `2` — usage error --- ## What this script verifies 1. **Event-hash integrity.** The declared payload hash is recomputed using the canonical Knox event hashing function (documented in the public TLA+ spec at https://bonissystems.com/bonis/spec). Any alteration of the payload after sealing produces a different hash, which this script will detect. 2. **Hash-chain linkage.** Each Knox event includes the hash of the previous event. This script confirms the previous-hash field is a well-formed SHA-256 digest. Full chain-continuity across neighboring events can be verified by requesting the surrounding event range. 3. **Merkle inclusion.** The Knox chain periodically aggregates event hashes into Merkle trees. When a record bundle includes a Merkle inclusion proof, this script walks the proof from the leaf to the root and confirms the event is included in the declared root. 4. **Bitcoin-anchor delegation.** The Merkle root is timestamped via the OpenTimestamps protocol, which commits the root to a subsequent Bitcoin block. This script does NOT perform the Bitcoin-block check directly; it delegates to the OpenTimestamps client (`npm install -g opentimestamps-client` or the equivalent standalone binary), which is maintained independently of Bonis Systems. --- ## What this script does NOT do - It does not prove the PAYLOAD of an event was what was claimed (only its digest). Payload-content authenticity is a separate question — see the FRE 902(13) / 902(14) affidavit attached to the record for the chain-of-custody declarations. - It does not verify the identity of the record creator. Knox records ASSERT a submitting actor; proof that the asserted actor actually submitted requires the corresponding API key or cryptographic signature. - It does not replace legal counsel. The script produces cryptographic verification output; admissibility under FRE 902(13) / 902(14) and any state analog is a question for the attorney of record. --- ## Source provenance - Operator: **Bonis Systems LLC** (Wyoming, UEI R2BPJDC5CBA3, CAGE 1TSP2) - Patent footer: USPTO provisional application 64/038,359, filed 2026-04-13 (inventor: Jonis Aaron Fields) - Formal spec: TLA+ model-checked specification of the Knox hash chain and event store, publicly downloadable at https://bonissystems.com/bonis/spec - Support: jonisfields@gmail.com · +1 (210) 452-3767 ## License This script may be freely redistributed, inspected, forked, and run on any machine, for the purpose of verifying Knox records. No attribution required beyond the existing header in the source file.