Independent verification of any PhaseFolio signed export.

Paste a content hash

Hashes are 64-character SHA-256 digests, printed in the footer of every signed export. Direct URL form: app.phasefolio.com/verify/<hash>.

What the endpoint returns

• Signature validity. The export was issued by PhaseFolio and signed at the timestamp shown. Modification of any byte changes the content hash and breaks verification.
• Methodology version. The methodology version actually consumed by the engine is embedded in the signature payload. A reader can navigate to the corresponding section in /methodology to inspect the framework that produced the output.
• Engine version. The rNPV engine version is embedded too. If a future engine release changes numeric outputs for the same inputs (a major bump), the already-issued signature still resolves to the engine that produced it — signatures remain valid indefinitely.
• Dataset versions. For exports that consume reference datasets (PoS benchmarks, sponsor profiles, the JHTV cohort), the dataset snapshot version is recorded so the cited numbers can be re-derived.
• Source provenance. Verified exports return the evidence-count and source chain carried in the signed payload, so a recipient can trace the artifact back to the cited methodology and data inputs.

For programmatic consumers

Verification is also available as a JSON endpoint at GET /api/v1/verify/<hash>. AI agents and downstream systems consuming PhaseFolio output should verify provenance before relying on it. The MCP tool verify_export exposes the same surface to agentic clients.