# Phase 1 — Full Claim Inventory

Author: Joseph R. Goydish II
Sources parsed: `github.com/JGoyd` (97 repos), `JGoyd/Running-Ledger`, `JGoyd/JGoyd` private profile repo (`anchor.txt`, `anchor2.txt`), `JGoyd/README.md` profile repo, NVD CVE + CVE-History APIs, `cisagov/vulnrichment` issues #194/#200/#201, public press (BBC/Reuters on OLAF/Mandelson).
Verification status legend: **A** externally confirmed by neutral third party · **B** partially corroborated (name in reference chain, timing consistent) · **C** self-asserted, plausible but unverified publicly · **D** contradicted by public record or attribution belongs to others.

> **Discrepancies surfaced during inventory** — fix these before publishing anything new:
> 1. **Two PGP fingerprints in circulation.** `Running-Ledger/README.md` and `running-ledger.txt` declare `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`. `JGoyd/JGoyd/anchor.txt`, `anchor2.txt`, and `drops` repo description declare `6DCB 4235 1237 A98B B474 0070 B36F FC36 1AE5 DAF6`. Pick one canonical signing key, or publish a signed cross-attestation linking the two. Until then any external verifier will reject the chain.
> 2. **`running-ledger.txt.asc` is 0 bytes** in the public repo — the canonical detached signature is empty. The ledger is effectively unsigned right now.
> 3. **Lithuania receipt hash mismatch.** Running-Ledger row lists SHA-256 `603409F4…2BC17D` for the Lithuania case `01-1-03450-26`, but `anchor2.txt` records the Lithuania receipt as `2d1d18f3…995b31`. The `6034…` hash is the Slovakia receipt hash from the row above. Reconcile.

---

## Track B — Cybersecurity / Vulnerability Research

| ID | Claim Type | Subject | My Claimed Role (current public framing) | Date | External References Currently Visible | Verification | Notes |
|---|---|---|---|---|---|---|---|
| B-01 | CVE / CVSS reassessment | **CVE-2025-24085** (CoreMedia UAF) | Implied "discoverer/analyst" via Glass-Cage repo | NVD pub 2025-01-27; rescore 2025-11-12 by ADP 134c704f-9b21-4f2e-91b3-4a467353bcc0 | NVD record cites `github.com/JGoyd/Glass-Cage-…` and `cisagov/vulnrichment#194` as references; CISA ADP rescored to CVSS 10.0 hours after closing issue #194 | **A** (for *enrichment contribution*); **C** (for *original discoverer*) | Apple's own credit line points elsewhere; JGoyd contribution is impact reassessment, not original discovery. Use precise role wording. |
| B-02 | CVE / CVSS reassessment | **CVE-2025-24201** (WebKit OOB write) | Same as above | NVD pub 2025-03-11; rescore 2025-11-12 by ADP | NVD lists JGoyd repo + vulnrichment#194 as third-party advisory + issue tracking; CISA ADP added Secondary CVSS 10.0 | **A** enrichment; **C** discovery | Apple credits the original reporter in `support.apple.com/en-us/122281`; JGoyd is not on that credit. |
| B-03 | CVE / CVSS reassessment | **CVE-2025-31200** (CoreAudio decode RCE) | "Chain reconstruction + impact reassessment" via iOS-Attack-Chain repo | NVD pub 2025-04-16; rescore 2025-11-24 by ADP | NVD CVE-History entry `2025-11-24T15:15:47.917Z` shows ADP added **both** CVSS vector AND references to `cisagov/vulnrichment#200` AND `github.com/JGoyd/iOS-Attack-Chain-…/Remote%20Crypto%20Attack%20Chain%20.md` in the same write | **A** (strongest in the dataset) | This is the cleanest external anchor: a single ADP atomic action ties JGoyd's submission to the CVSS reassessment. |
| B-04 | CVE / CVSS reassessment | **CVE-2025-31201** (PAC bypass) | Co-component of B-03 chain | NVD pub 2025-04-16; rescore 2025-11-24 by ADP | NVD lists JGoyd repo + vulnrichment#200 as ADP-sourced references | **A** enrichment; **C** discovery | Apple credit goes to original reporter; JGoyd contribution is chain analysis + CVSS. |
| B-05 | CVE / CVSS reassessment | **CVE-2025-43300** (ImageIO OOB) | Chain context via vulnrichment#201 | NVD pub 2025-08-20; rescore 2025-11-26 | NVD references `cisagov/vulnrichment#201` (ADP-sourced); JGoyd repo not (yet) listed on this CVE | **B** | Weaker than B-03; only the vulnrichment issue is on NVD, not a JGoyd repo. The actual exploit PoC reference on NVD is `b1n4r1b01/n-days`, not JGoyd. |
| B-06 | CNVD certificate | **CNVD-2025-06744 / CNVD-YCGO-202503023656** "Apple iOS/iPadOS buffer overflow" | "Certified reporter" | 2025-03-18 | None published; certificate held offline by author; SHA-256 anchored in ledger | **C** | Publish the CNVD certificate PDF (redacted) + agency confirmation header. Until then strictly self-asserted. |
| B-07 | CNVD certificate | **CNVD-2025-07885 / CNVD-YCGO-202504012519** "Apple memory reuse" | "Certified reporter" | 2025-04-22 | None published | **C** | Same as B-06. |
| B-08 | MSRC case | **MSRC #112639** — M365 cross-tenant MIME type-confusion | "Reporter, defensive advisory published" | 2026-04-08 | `JGoyd/m365-mime-type-confusion` repo (self-controlled) | **C** | Strong candidate to upgrade to **A** as soon as the MSRC confirmation email is published with full headers. CVE assignment "pending" — track for status. |
| B-09 | NASA TLS misconfig disclosure | `webhosting-external.jpl.nasa.gov` cert chain | "Discloser" | 2025-04-22 | None public | **C** | Probably has a NASA/JPL acknowledgement email — publish headers. |
| B-10 | DOE-417 / NNSA | Electric emergency report | "Filer" | 2025-12-25 | None public; `anchor2.txt` references DOE HQ EOC reply | **B** | The "DOE-417" form is a regulatory *filer-side* report — publishing the EOC acknowledgement (headers + reply text, redacted) elevates this to A. |
| B-11 | Apple silicon / hardware research | Many repos (A16-FuseBypass, A17-Flaw, A18-AON_Design, A19-Runaway, dfu-hardware-gap-cs35l2, Apple-Silicon-A17-Flaw, Broadcom_Vuln, Project-Eclipse, NeuralNet, ams-failopen, ios-trust-collapse, iOS-Companion-Link-RCE, iOS-26.2-runningboard-vuln, iCloud-PCS-Corruption, Silent-ADP-Failure, ShadowShells, etc.) | Implied "discoverer" / "analyst" — language varies by repo | 2025-2026 | None of these claims have NVD/CVE entries naming JGoyd; many describe behaviors Apple has not publicly confirmed | **C** for all, with a few descending to **D** when the described phenomenon is contradicted or already attributed elsewhere | These are the highest-risk repos for skeptic pushback. Each one needs either a vendor acknowledgement, a CVE assignment, or an explicit "forensic observation, not a vendor-confirmed finding" framing. |
| B-12 | "iDrive-Exfil" / FBI IC3 | IC3 submission `067b3177c3524c80bce02cca08064d11` | "Filer" | 2026 | IC3 confirmation page only (self-shown screenshot) | **C** | IC3 confirmation IDs are not externally queryable; only the email header proves it. |
| B-13 | Cloudflare abuse report | `JGoyd/datalytic-shadow-collectors` | "Filer" | 2026-05-18 | Cloudflare abuse confirmation email (not yet published) | **C** |  |

## Track A — Government / Law Enforcement / Regulatory Filings

| ID | Filing Venue | Subject | My Claimed Role | Date | External References Currently Visible | Verification | Notes |
|---|---|---|---|---|---|---|---|
| A-01 | **SEC TCR** | `Submission #17780-976-067-126` | "Filer" | 2026-05-06 | None public (TCR submissions are confidential by SEC policy) | **C** today; **B** once intake email headers published | SEC TCR receipts are DKIM-signed by `sec.gov`. Publishing the redacted receipt with headers gets you to B (filed-and-received, not adjudicated). Adjudication never goes public unless an enforcement action is brought. |
| A-02 | **IRS Form 211** (IRC §7623(b)) | Southern Trust / Financial Trust / Epstein Estate | "Filer" | 2026-05-06 | None public | **C** → **B** with redacted IRS Whistleblower Office confirmation | IRS Form 211 acknowledgements are mailed paper-letter style with a claim number; if you have *only* email/CMS receipt, publish that; if you have paper, scan + hash + sign. |
| A-03 | **DOJ / FARA Public** | Karim Wade / Macky Sall / Epstein-funded lobby | "Filer" | 2026-05-05 | None public; FARA Unit confirmations come from `fara.public@usdoj.gov` | **C** → **B** with email headers | |
| A-04 | **OLAF** | `Ref #00Db00K8yP.!500Sk019RuGn` — Mandelson / Carbyne concealment | "Filer" | 2026-05-04 | **Topic** publicly confirmed: OLAF *did* open an investigation into Mandelson (BBC, Reuters, 2026-02-26 / 2026-04-24). User's submission is post-investigation-opening — frame as supplemental disclosure, not as cause. | **B** (topic exists publicly, user's specific submission verifiable only via OLAF intake email) | Strong candidate flagship Track-A case: agency reference number + publicly confirmed parallel investigation. |
| A-05 | **Singapore CPIB** | Tracking ID `69f824dfe5ef7daf3b78ccee` | "Filer" | 2026-05-04 | None public | **C** → **B** with CPIB form receipt email/PDF (DKIM `cpib.gov.sg` if email) | |
| A-06 | **FCA UK** | Bank of China (UK) Limited — `Case Ref #212278528` | "Filer, advisory acknowledged" | 2026-05-11 | None public | **C** → **B** with FCA acknowledgement (DKIM `fca.org.uk`) | |
| A-07 | **Japan ISA** | ICRRA Art. 70-1 visa-fraud referral re: Epstein/Joi Ito/Loftwork | "Filer" | 2026-05-13 | None public | **C** → **B** with ISA confirmation email | Note jurisdictional sensitivity. |
| A-08 | **Slovakia genpro.gov.sk** | "Potvrdenka po úplnom overení" — Tracking `260428070422263` | "Filer, verified" | 2026-04-28 | `genpro.gov.sk` electronic-services portal issues machine-signed PDF receipts (`Pouzivatelska_prirucka_ESGPSR_v3_27.pdf`) | **B** | The receipt PDF itself is a strong artifact — it's PAdES/CAdES-signed by the prosecutor's office. Publish the redacted PDF + the embedded signature → verifiable in any PAdES verifier; that gets you to **A**. |
| A-09 | **Lithuania Panevėžio OTNK skyrius** | Pre-trial investigation `01-1-03450-26`; doc reg. `IBPS-S-248320-26` | "Submitted info accepted into case file" | 2026-04-30 | None public; receipt held offline | **B**-equivalent if the receipt PDF is e-signed by the prosecutor's IBPS system | **Strongest Track-A flagship candidate.** A government prosecutor confirming material entered a numbered criminal case file is the gold standard for the "agency-controlled anchor" framing in the task description — provided the receipt is e-signed. Hash mismatch (see top of doc) must be fixed before publishing. |
| A-10 | **Taiwan NCC** | Decision ref `通傳基礎決字第11500091980號` — Taiwan Mobile relay-mesh complaint forwarded | "Filer; complaint forwarded" | 2026-03-24 | None public, but NCC decision letters use a public docket numbering scheme | **B** | Strong: NCC letterhead, formal decision number. Verifiability: photograph/scan of letter + hash; ideally OCR + cross-check the doc number with NCC public docket if available. |
| A-11 | **Massachusetts AGO** | MIT Media Lab governance complaint | "Filer" | 2026-05-05 | None public | **C** | AGO complaints rarely produce a strong public anchor unless docketed. |
| A-12 | **NASA disclosure** (Track-B-adjacent, agency-side) | TLS cert chain for `webhosting-external.jpl.nasa.gov` | "Discloser" | 2025-04-22 | None public | **C** | Cross-listed at B-09. |

---

## Summary counts

- Track B: **5 CVEs** in NVD where CISA ADP cited JGoyd-controlled URLs (B-01..B-05). Of those, **B-03 (CVE-2025-31200)** has the cleanest atomic external anchor (single ADP write attaches both the new CVSS vector and the JGoyd repo URL).
- Track B: **2 CNVD certificates** held offline (B-06, B-07) — currently C-tier.
- Track B: **1 MSRC case** (B-08) — high value, pending publication of headers + any CVE assignment.
- Track B: **1 NASA**, **1 DOE-417**, **1 FBI IC3** — each requires email-header proof to upgrade.
- Track B: ~15 hardware/iOS-research repos at **C** — these are the highest-risk for skeptic challenge unless reframed as "forensic observations, not vendor-confirmed findings."
- Track A: **12 filings**. Flagship is **A-09 Lithuania** (criminal case file number) backed by **A-08 Slovakia** (e-signed receipt) and **A-04 OLAF** (publicly confirmed parallel investigation).

## Repos that are NOT claims but supporting infrastructure
- `JGoyd/JGoyd` (private) — PGP key + anchor.txt + anchor2.txt + OpenTimestamps `.ots` files. **This is the closest thing to an existing canonical profile.** Move its content to a public canonical page; keep the OTS files alongside.
- `JGoyd/drops` (private) — described as "Bitcoin-anchored declarations". Inventory the BTC tx IDs and publish them with OpenTimestamps proofs.
- `JGoyd/Running-Ledger` — replace with rebuilt schema (Phase 6).