REGRETTABLY VERIFIED
Authenticated usage data returned by the provider service.
providerCross-agent evidence office · public technical specification
Two thin agent adapters, one privacy-minimized local ledger, one versioned rules engine, and signed public certificates that reveal the distinction without uploading the private work.
Evidence path
Observe permitted events and retrieve only the evidence each platform can honestly provide.
Normalize time, discard prompt and path fields, deduplicate telemetry, and build append-only evidence digests.
Apply accepted sources, minimum verification class, threshold, window, and persistence requirements.
Sign the minimal result locally so the public registry can verify it without provider credentials.
Evidential dignity
Strong labels are reserved for strong sources. The badge does not get to overrule the evidence.
Authenticated usage data returned by the provider service.
providerConfirmed by CI, Git hosting, deployment, or another independent service.
externalDeterministically measured by the installed collector on a user-controlled machine.
localCalculated from disclosed inputs and assumptions with uncertainty preserved.
estimatedDeclared by the user without independent machine evidence.
self-attestedEvidence exists, but the definition or attribution remains incomplete.
disputedCollector capability register
| Source | Maximum class | Useful evidence | Boundary |
|---|---|---|---|
| Codex App Server | Provider when authenticated | Lifetime tokens, peak daily tokens, longest turn, streaks, daily buckets, and quota-window state. | Codex-services-backed authentication; API-key-only and Bedrock modes do not expose account/usage/read. |
| Claude Code adapter | Local by default | Lifecycle event names, tool names, task and subagent events, and privacy-minimized local telemetry. | The organisation Usage & Cost API is provider evidence only for eligible organisations with an Admin API key. |
| Filesystem collector | Local | Aggregate repository/source-footprint byte and file counts with default and user-configured dependency, cache, and build exclusions. | A determined user controls the machine; local evidence is auditable, not tamper-proof. |
| CI / deployment / Git hosting | External | Retries, rollbacks, production timestamps, remote history, and independent build results. | Connected only with explicit scope and stored outside public certificate payloads. |
Current implementation facts are checked against the official Codex App Server usage reference, rate-limit reference, Claude Code hooks reference, and Anthropic Usage & Cost API.
Runnable rules-engine fixture
Threshold satisfied by accepted evidence. The paperwork is unfortunately complete.
Unsigned public preview
{
"schema": "org.archivements.badge.v1",
"achievementId": "tokenburner-the-y-axis-broke",
"achievementVersion": 1,
"subject": "usr_fixture_ronova",
"metric": {
"name": "lifetime_tokens",
"value": 321900000000,
"threshold": 300000000000,
"unit": "tokens"
},
"verification": {
"level": "local",
"sources": [
"codex.account_usage"
],
"observedAt": "2026-07-15T14:32:00Z",
"evidenceDigest": "sha256:fixture-only-no-private-evidence-uploaded"
},
"issuedAt": "2026-07-15T14:32:04Z",
"issuer": "archivements.prototype"
}Deliberately unsigned: production certificates require a locally held Ed25519 private key. This site ships only the verification contract and will not fabricate a signature for fixture data.
Thin plugin surface
/archivements status/archivements scan/archivements evidence tokenburner/archivements profile/archivements privacy/archivements codex-sync/archivements exportAnti-cheating without theatre
Public certificate minimum
Achievement ID, displayed metric, verification class, date, evidence digest, rule version, issuer, and signature.
Prompts, conversation content, source code, filenames, repository paths, transcripts, access tokens, and provider credentials.
Institutional boundary
Archivements currently uses typed sample records. Any future private controls or connected sources remain behind the universal Ronova ID; this project does not create another login, session, or identity database.