Every deployment is cryptographically signed. Verify independently that this site matches our source code.
This page was built with cryptographically signed proofs. Verify it yourself.
SHA256:349b685e628d2894de982d238bd2b338f6aad29c5d25b7fc31bad9bcf3dc5627sha256:6a3f24dbe31f6b80c0ad8a25a9d5a36d51b96e2e35c5f8c1bd6a9edb0f4236beReplace the base URL if you are validating a preview environment. Both commands should output the values shown above.
export BASE_URL="https://railguard.ai"
node --input-type=module <<'VERIFY'
import { createPublicKey, verify } from "crypto"
const base = process.env.BASE_URL ?? "https://railguard.ai"
const attestation = await fetch(`${base}/.well-known/build-attestation.json`).then((res) => res.json())
const pubKey = await fetch(`${base}/.well-known/public-keys/railguard-build-ed25519.pub`).then((res) => res.text())
const { signature, ...unsigned } = attestation
const message = Buffer.from(JSON.stringify(unsigned))
const publicKey = createPublicKey(pubKey.trim())
const signatureBytes = Buffer.from(signature.signatureBase64, "base64")
console.debug("Verified:", verify(null, message, publicKey, signatureBytes))
VERIFYexport BASE_URL="https://railguard.ai"
curl -sS "$BASE_URL/.well-known/railguard-gateway-sbom.json" | openssl dgst -sha256
# Expected digest: sha256:6a3f24dbe31f6b80c0ad8a25a9d5a36d51b96e2e35c5f8c1bd6a9edb0f4236beAttestation and SBOM artifacts are available from /.well-known. Download everything at once via railguard-artifacts.zip or follow the verification guide for deeper instructions.
Available at /.well-known/public-keys/
Use any Ed25519 verification tool or our CLI: railguard verify
Match the deployment hash against our GitHub releases