FILE 10Provenance
Verify this archive
You are reading an archive that publishes its own fingerprints. Check them. That is not paranoia. That is the whole book.
At every deploy, an automated workflow hashes every published file with SHA-256 and commits the manifest — build time, commit ID, and a fingerprint of the entire tree. The manifest travels with the site. Any visitor, on any device, can re-hash what they actually received and compare. A book about testing claims should not ask to be taken on faith about its own bytes.
Press the button. Your browser fetches a sample of this site's published files, computes their SHA-256 fingerprints locally, and compares them against the manifest committed at deploy time. Nobody's word is taken — including ours.
A mismatch usually means a stale cache or an in-between deploy — reload once before suspecting tampering. A persistent mismatch is worth reporting.
The build history is public in the repository's commit log and Actions runs.
The first edition of this site is sealed, byte-identical, at /archive/v1/.