{
  "schema": "fairpoker.audit-status.v1",
  "appName": "Fair Poker",
  "appVersion": "0.1.0",
  "generatedAt": "2026-06-24T09:59:04.366Z",
  "commit": "source-fingerprint-only",
  "reportUrl": "/independent-assurance.html",
  "machineReadableUrl": "/audit/status.json",
  "summary": {
    "headline": "Third-party hosted public assurance evidence",
    "statement": "Fair Poker links to public GitHub, OpenSSF, and IPFS evidence for automated security checks and player-verifiable fairness records.",
    "disclosure": "This status page reports automated checks and reproducible evidence only. It does not claim paid laboratory certification, manual penetration test endorsement, or a signed casino compliance certificate."
  },
  "programs": [
    {
      "id": "github-public-evidence",
      "name": "GitHub public evidence repository",
      "category": "Third-party hosted evidence",
      "status": "active",
      "providers": [
        "GitHub"
      ],
      "evidence": "The audit evidence repository is public on GitHub and contains source evidence, manifests, verifier scripts, and license boundaries.",
      "detail": "GitHub provides independent hosting, history, timestamps, and public file access outside fairpoker.app.",
      "reportUrl": "https://github.com/Realfairpoker/fairpoker-core-audit"
    },
    {
      "id": "source-release-evidence",
      "name": "Source release and IPFS evidence",
      "category": "Public reproducibility evidence",
      "status": "active",
      "providers": [
        "SHA256",
        "IPFS CID",
        "GitHub evidence repository"
      ],
      "evidence": "Core fairness source archives, release manifests, SHA256 hashes, and IPFS CIDs are published for independent verification.",
      "detail": "Auditors can compare the public source package with the running client fingerprint and release manifest.",
      "reportUrl": "https://github.com/Realfairpoker/fairpoker-core-audit/blob/main/evidence/release.json"
    },
    {
      "id": "transcript-verifier",
      "name": "Hand transcript replay verifier",
      "category": "Player-verifiable fairness",
      "status": "active",
      "providers": [
        "Fair Poker verifier CLI",
        "Signed transcript hash-chain"
      ],
      "evidence": "Each completed hand can be replayed locally from a downloadable transcript.",
      "detail": "The verifier checks event order, signatures, pot flow, winners, and final hash-chain state.",
      "reportUrl": "https://github.com/Realfairpoker/fairpoker-core-audit/blob/main/scripts/verify-transcript.js"
    },
    {
      "id": "github-security-advisories",
      "name": "GitHub security advisories",
      "category": "Third-party security disclosure page",
      "status": "active",
      "providers": [
        "GitHub Security Advisories"
      ],
      "evidence": "GitHub hosts the public security advisories page for the evidence repository.",
      "detail": "This page is GitHub-hosted and shows whether repository maintainers have published security advisories.",
      "reportUrl": "https://github.com/Realfairpoker/fairpoker-core-audit/security/advisories"
    }
  ]
}