Independent verification

Verify the anchor on your own machine

frame-verify runs locally. It reads the evidence bundle, checks every cryptographic link, and confirms the anchor transaction on Arbitrum Sepolia. No Frame server involved. PASS or FAIL is the answer.

This is the same binary regulators and auditors use. The reproducible build recipe and PGP signatures are in the GitHub releases.

Install

curl -fsSL https://frame.xyz/install-verifier.sh | sh

Detects your platform (macOS, Linux x86-64, Linux arm64), downloads the signed binary from the GitHub release, verifies the SHA256, and places frame-verify on your PATH.

Run

frame-verify ./evidence

[verifier] checking manifest signature… ok [verifier] checking attestation chain… ok [verifier] checking anchor on-chain (Arbitrum Sepolia)… ok [verifier] all checks passed.

Point it at the ZIP you downloaded from GET /v1/settlements/{id}/evidence. Five seconds, no network calls to Frame.

What it checks

— Ed25519 signature on the bundle manifest — confirms the bundle was produced by the Frame signing key.
— SHA-256 integrity of every file in the bundle — confirms nothing was altered after export.
— Cryptographic chain from the settlement record through to the anchor hash.
— On-chain anchor transaction on Arbitrum Sepolia — confirms the hash was committed to a public chain.

For auditors — PGP verification and reproducible build

Each release is PGP-signed by the Frame signing key. Verify before running:

# Import the Frame release key
gpg --keyserver keys.openpgp.org --recv-keys <KEY_ID>

# Verify the binary
gpg --verify frame-verify-linux-amd64.sig frame-verify-linux-amd64

The build recipe is in BUILD-RECIPE.md in the repository. Every release is byte-for-byte reproducible from the tagged source.

Full auditor instructions are in cmd/frame-verify/README.md.

Next: read the production walkthrough →