# OBP — Sample Trusted Evidence Package

This is a **representative** OBP evidence package. It demonstrates the exact integrity
structure of a production record so you can verify it **yourself, without trusting OBP**.

## Contents
- `manifest.json` — the sealed record: participants, composite, per-file SHA-256, the
  hash-of-hashes integrity chain, and the COMPLIANCE-WORM retention declaration.
- `p-*.mp4` — the per-participant recordings.
- `recordings.mp4` — the single composite replay.
- `verify.mjs` — a standalone, zero-dependency verifier (Node.js built-ins only).

## Verify it yourself
```
node verify.mjs .
```
It recomputes every file's SHA-256 from the bytes on disk and re-folds the integrity
chain, then compares against the sealed manifest. Exit code 0 = intact, 1 = tampered.

## Try to break it
Change a single byte of any `.mp4` (or edit `manifest.json`) and run `verify.mjs`
again — it will report **TAMPERING DETECTED** and point at the exact file.

## Honesty note
The media is **synthetic test content** (labelled colour bars + tone), not footage of a
real meeting. Everything that carries the trust guarantee — the schema, the SHA-256 file
hashes, the hash-of-hashes chain, and the WORM retention declaration — is **identical** to
a production Trusted Evidence Package. WORM immutability (Object-Lock, COMPLIANCE) is a
property of OBP's object store, declared here and independently verifiable against it.
