Recompute it — don’t trust it
The proof URL is not a screenshot and not a promise. It is the receipt of a deterministic computation, and the whole point is that you can run that computation again yourself. The run carries no wall time, no nondeterminism, and no silent defaults, so the same inputs produce the same Blotter — hash for hash — on your machine as on ours. Don’t trust the body’s own verdict; recompute it.
The one command
Point the CLI at the proof URL (or its bare proof id). certify is open recomputation: it re-projects the Blotter locally and reproduces the hosted result byte-identically. If a single byte differs, the command tells you. No key, no config, no signup — the proof is public because minting it is the point.
npx kestrel.markets@latest certify <proof-url>What “byte-for-byte” means (and does not)
Byte-for-byte is the determinism leg: the recomputed Blotter is identical to the hosted one, losing trades and all — the record includes them because a real record does. It is exactly that and nothing more. It is not a judged-Grade claim, and it says nothing about whether the strategy is any good; those are separate layers. What you are checking here is that the numbers on the page are the numbers the runtime actually produced.
Signature attestation vs. open recompute
A skeptic should know these are two different things. A signature is an attestation — it says “this body came from the platform,” which is exactly the kind of vouch a neutral notary is right to refuse to take on faith. Open recompute is the opposite: you re-run the computation and get the same bytes, so nothing has to be trusted. The recompute is the proof; the signature grants nothing.
Both legs are live: the published CLI’s standalone signature recheck (verify) returns VERIFIED on a genuine proof and UNVERIFIED on a doctored one, and certify reproduces the record byte-for-byte. Lead with certify anyway — it recomputes the record without leaning on any signature, which is the stronger check: nothing has to be trusted, not even the key.
One proof, five skeptics
The same command answers five questions. A builder confirms the runtime is deterministic. A backtester re-runs a replay of a market that already happened and gets identical bytes. A neutral notary recomputes a counterparty’s certified record instead of trusting a signed claim. A skeptic audits someone’s track record without either party surrendering keys or revealing a name they did not choose to reveal. And a benchmark reader audits the apparatus rather than reading the results on faith. One ritual, five jobs, no new product.