Integrity Score
The Integrity Score measures how much of an audit is supported by independently verifiable evidence — not how confident it is.
High confidence, almost no evidence.
Inputs
claims · evidence · source quality · contradictions · coverage. A confident verdict with no captured evidence, no independent check and no signature scores near zero; a verdict carrying intercepted traffic, an adversarial disclosure check and a signature scores near 100.
How the 0–100 is built (real, checkable components)
| Component | Weight | What it proves |
|---|---|---|
| Capture self-test passed | 30 | A decoy beacon was emitted from the tool's own network context and appeared in the intercept — so the observation (egress OR its absence) is trustworthy, not a blind spot. |
| Captured traffic behind the claim | 30 | 3 outbound request(s) to the named host were actually intercepted and are published (redacted) as the raw artifact. |
| Disclosure independently verified | 15 | The observed flow was checked against the tool's full public doc surface and adversarially refuted before any 'undisclosed' was asserted. |
| Tamper-evident signature | 15 | The verdict is Ed25519-signed over its content hash; anyone can verify it was not altered after signing. |
| Pinned to an exact version | 10 | The verdict is tied to a specific published version (+commit), so it can't drift into a stale-but-confident claim about a newer release. |
Components that don't apply to a verdict (e.g. a disclosure check for a tool with no egress) are excluded and the rest are renormalised, so absence is never penalised as if it were a gap.
Output
A single integer, 0–100, published in every verdict's JSON and shown on its page. Because the verdict is signed, the score is itself auditable — you can recompute it from the evidence.