JGoyd/intake/SYSTEM-STATUS.md

JGoyd Evidence System — Status Snapshot

Auto-generated; refresh on every drop batch.

What "bulletproof" means in this system

A case is bulletproof when every claim in its README is grounded in at least one externally-controlled signature that cannot be forged short of compromising third-party infrastructure. The hierarchy is:

1. Tier 1 (strongest): DKIM signature from a known agency/vendor mail domain (e.g., sec.gov, cert.org, apple.com), CVE record at NVD, CISA KEV listing, court PACER entry, atomic NVD ADP write.
2. Tier 2: Server-issued case reference whose pattern only the agency's intake system produces (FCA 00Db*, SEC Submission Number, CPIB Response ID, VINCE VU number).
3. Tier 3: OpenTimestamps anchor + maintainer PGP detached signature on the source file.
4. Tier 4 (supporting only): Self-attestations, screenshots, print-to-PDF renderings. Never the sole anchor for a claim.

Case status (as of drop batch 2026-05-18, batch 12)

Track B — Cybersecurity

Case folder	Tier 1 anchors	Tier 2 anchors	Tier 3 (.ots/.asc)	Bulletproof?
TRACK-B-CVE-2025-31200-31201	DKIM cert.org ×2, DKIM amazonses.com ×2, DKIM yahoo.com, NVD CVE-History ADP write, CISA KEV (+1d), CVSS 9.8 ×2	CERT/CC case gen-41698, vulnrichment #200	PENDING (anchor script ready)	Strong — DKIM + NVD + KEV all third-party-verifiable
TRACK-B-CVE-2025-24085-24201-43300 (Glass Cage)	DKIM cert.org, DKIM amazonses.com, NVD CVSS 10.0 ×3, NVD Primary 10.0 ×2, CISA KEV (+0–2d) on all 5 chain CVEs	VINCE VU#395558 (case 2162), vulnrichment #194 + #201	PENDING (anchor script ready)	Strong — 3× CVSS 10.0 is structurally rare; KEV-same-day on 43300

Track A — Regulatory / whistleblower

Case folder	Tier 1 anchors	Tier 2 anchors	Tier 3 (.ots/.asc)	Bulletproof?
TRACK-A-SEC-TCR-17780-976-067-126	DKIM sec.gov (2048-bit, selector secomms)	SEC TCR Submission 17780-976-067-126, SEC Ombuds Matter ID 20260513-00019687	PENDING (anchor script ready)	Strong — sec.gov DKIM is the first federal-agency cryptographic anchor in the system
TRACK-A-FCA-BoC-StanChart	DKIM fca.org.uk (2048-bit, selector intactfcaorguk2) on FOUR inbounds: 2026-05-08 named-officer substantive reply (Supervision Hub, BoC UK + StanChart subjects), 2026-05-11 boilerplate ack, 2026-05-13 named-officer supervisory-referral attestation ("referred to the supervisory appropriate team for further investigation")	FCA reference 00Db0000000K8yP.500Sk000019RuGn (confirmed Salesforce Org-Link + Entity-ID via X-Sfdc-Lk / X-Sfdc-Entityid)	PENDING (batch 4 + batch 11 anchor scripts ready)	Strong-with-substantive-attestation — first UK fed-agency cryptographic anchor; two named-officer substantive inbounds on the same matter; supervisory-referral language is intake-routing only, NOT an adjudicative finding (Track A standing disclaimer applies)
TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee	DOUBLE DKIM: form.gov.sg (2048-bit, selector y7posmki4a5gkzqgrtnwseuajsr5wg4m) + amazonses.com (1024-bit, selector pd64dbxfdcqqbvadj6zks7h7qe3c33ao) inbound 2026-05-04	CPIB Response ID 69f824dfe5ef7daf3b78ccee	PENDING (batch 4 anchor script ready)	Strong — first Singapore-Gov cryptographic anchor; SES counter-signature provides defense-in-depth
TRACK-A-LT-CASE-01-1-03450-26	Letter from Prosecutor Aurelijus Navickas, Panevėžys Organised Crime & Corruption Investigation Div., 2026-04-30 (info attached to criminal case materials)	Case ref 01-1-03450-26	PENDING (batch 3 anchor script ready)	Strong — confirmed prosecutor letter on file
TRACK-A-SK-260428070422263	DKIM genpro.gov.sk (2048-bit, selector genprogovsk) 2026-04-28 + potvrdenka PDF enumerating 14 submitted docs w/ per-file SHA-256	Slovak General Prosecutor ref 260428070422263	PENDING (batch 2 + batch 4 anchor scripts ready)	Strong — first Slovak federal-agency cryptographic anchor; potvrdenka PDF document-corroborates the DKIM-signed inbound
TRACK-A-TW-NCC-11500091980	DKIM ncc.gov.tw (2048-bit, selector google) 2026-03-25 kick-off + Official NCC formal letter (函) ROC 115/3/24 = 2026-03-24, named officer 周金賢 jschou@ncc.gov.tw	NCC case NCC-1156500716, filing ref 通傳基礎決字第11500091980號	PENDING (batch 3 + batch 4 anchor scripts ready)	Strong — DKIM anchor + document-level letterhead corroboration; carrier rebuttal preserved as carrier-position evidence only
TRACK-A-Japan-ISA-ICRRA70-1	(pending — no MOJ/ISA inbound .eml yet)	MOJ kōeki-tsūhō mailbox referral, 2026-05-13	PENDING (batch 3 anchor script ready)	Provisional — outbound-only; needs inbound .eml from *.moj.go.jp to become Tier 1
TRACK-A-OLAF-Mandelson-Carbyne	DKIM ec.europa.eu (2048-bit, selector s2601) inbound 2026-05-04	OLAF subject "Tip submission: Mandelson / Carbyne"; Msg-Id <bc0371e438c145b7af6986637b8f4778@ec.europa.eu>	PENDING (batch 5 anchor script ready)	Strong — first EU-institutional cryptographic anchor in the system. PGP reconciliation issue still open: outbound ships secondary 6DCB key, not canonical 4A04.
TRACK-A-DOE-NE-2026-05-02	(pending — no inbound from DOE-NE / CFIUS / FinCEN yet)	Three-agency single-outbound 2026-05-02 21:41 UTC	PENDING (batch 4 anchor script ready)	Provisional — STRICT DOMAIN SEPARATION per user: DOE-NE / CFIUS / FinCEN are three distinct anchors that do NOT mix unless each has its own inbound. Capture each agency's reply individually.
TRACK-A-DOJ-FARA-Public	DKIM usdoj.gov (2048-bit, selector doj) reply 2026-05-05	DOJ FARA reply re: Karim Wade / Macky Sall public-registration matter	PENDING (batch 5 anchor script ready)	Strong — first US-DOJ executive-branch cryptographic anchor in the system. OFNAC (Senegal) was cc'd but has not responded; per user, no separate OFNAC folder until/unless they reply.
TRACK-A-FR-TJ-Paris-Parquet-Financier	DKIM justice.fr (2048-bit, selector pfai20240130) inbound 2026-05-18	PNF substantive reply requesting source document (NOT boilerplate)	PENDING (batch 5 anchor script ready)	Strong — first French Ministry-of-Justice cryptographic anchor. Outbound is also PGP-signed with the canonical 4A04 key (rare — most user outbounds use secondary 6DCB).
TRACK-A-Ossoff-Senate-DOJ-Redactions	DKIM senate.gov (2048-bit, selector senate-pp2408) inbound 2026-04-29	Sen. Ossoff (GA) staff reply from named David Jones, Senior Constituent Services Representative; in-person meeting attestation; explicit forward to DC office	PENDING (batch 5 anchor script ready)	Strong — first US-Senate cryptographic anchor. Substantively stronger than boilerplate per user.
TRACK-A-IRS-FORM-211	(pending — no *.irs.gov inbound yet; paper claim letter from Ogden, UT expected next)	13-page Form 211 Bates evidence packet (compiled 2026-05-06) submitted via IRS Whistleblower Office; on-screen confirmation noted at intake by filer; statutory basis IRC § 7623(b); filer-asserted recoverable estimate $75M–$110M (above $2M mandatory-award threshold)	PENDING (batch 7 anchor script ready)	Provisional — filer-prepared with on-screen submission confirmation only. Subject taxpayers: Southern Trust Company Inc., Financial Trust Company Inc., Estate of Jeffrey E. Epstein. Upgrades to Strong on receipt of IRS WBO paper claim-number letter or any *.irs.gov DKIM-signed inbound.
TRACK-A-MA-AGO-MIT-MediaLab	DKIM onbaseonline.com (2048-bit, selector 2k20x) inbound 2026-05-05	MA AGO OnBase intake acknowledgement; routing-to-NPC attestation in body	PENDING (batch 5 anchor script ready)	Strong — first state-AG enterprise-intake cryptographic anchor (Hyland OnBase platform contracted by MA AGO).
TRACK-A-Colombia-Consulate-Atlanta	(pending — no agency reply yet)	Hand-delivered referral packet COLOMBIA-EPSTEIN-01 (2026-05-14) to Embassy of Colombia / Atlanta consulate, 1117 Perimeter Center West, N401; signed on-face with canonical 4A04 PGP	PENDING (batch 6 anchor script ready)	Provisional — hand-delivered 2026-05-18; upgrades to Strong on any written acknowledgement from *.gov.co (Cancillería, Fiscalía General, Superfinanciera, or the Embassy's own institutional domain) or a stamped consulate paper receipt.
TRACK-A-USN-InsiderThreat-AirCenter-Tinney	(pending — no *.navy.mil / *.mail.mil / NCIS / DCSA inbound yet)	Outbound 2026-04-27 16:04:06 UTC to USN-InsiderThreat@us.navy.mil; primary subject Air Center Helicopters / Rod Tinney (cleared MSC contractor, ~$77.3M VERTREP contract through 2030-01-30); adjacent matter Lt. Col. William R. Bohlke Jr. (PRANG legislative liaison / CEO Bohlke International Aviation); adjacent matter #2 held pending Hub request; primary anchors EFTA01966277 (Visoski 2013 fleet summary), EFTA02173130 (Bohlke USAF-credential commercial signature)	PENDING (batch 7 anchor script ready)	Provisional — outbound-only insider-threat referral; filer invokes NISPOM 32 CFR Part 117, DITMAC #4 + #12, SEAD 4 E/J/F, SEAD 3 App-A; folder takes no position on those framings. Filer's own attestation: "This submission presents adverse information; it makes no finding of fact."
TRACK-A-CISA-INC0625285-iOS-Bypass	DKIM associates.cisa.dhs.gov (2048-bit, selector select1) inbound 2026-02-26 + DMARC=pass (p=reject on parent dhs.gov) + ARC-sealed by microsoft.com (CISA M365 tenant 69c613d2-b051-4234-8ed1-fd530b70d5d3)	CISA ServiceNow ticket INC0625285 "iOS Security Bypass"; named contractor Umar Farouq (CTR) at umar.farouq@associates.cisa.dhs.gov; 5 CISA To-line recipients (Central, TOC, SIM, vulnerability, filer) + 2 Cc (OCIO.TOC.FEDs, Troy Delucia); 5-deep Message-Id chain through Exchange Online nodes CO6PR09MB7319 → PH7PR09MB11913 → DS0PR09MB11798; Proofpoint transit mx0e-00376703.gpphosted.com 67.231.155.98	PENDING (batch 8 anchor script ready)	Strong — first US DHS/CISA cryptographic anchor in the system. Contractor-tenancy subdomain (associates.*.dhs.gov), not agency proper; cryptographic anchor still attaches to DHS/CISA infrastructure. Body PGP-encrypted to filer's key; envelope/headers preserved.
TRACK-B-CNVD-2025-06744	1 (cert PDF)	Sovereign-CERT certificate + CNVD ID CNVD-2025-06744 + cert no. CNVD-YCGO-202503023656	2025-03-18	Provisional (batch 11)
TRACK-B-CNVD-2025-07885	1 (cert PDF)	Sovereign-CERT certificate + CNVD ID CNVD-2025-07885 + cert no. CNVD-YCGO-202504012519	2025-04-22	Provisional (batch 11)
TRACK-B-DOE-417	DOUBLE DKIM: doe.gov (2048-bit, selector q2-2024-pp) + hq.doe.gov (2048-bit, selector selector1) inbound 2025-12-25	DOE-417 Submission ID 5941450-1585693, filed 2025-12-25 16:50:15 UTC, Schedule-1 boxes #2 + #14, Emergency Alert; DOE Emergency Operations Center (NA-40 / Team 3) acknowledgement "Watch Office acknowledges your message."	PENDING (batch 5 anchor script ready)	Strong on the agency-receipt anchor (Tier-1 double-DKIM from DOE EOC). 🟡 Filer-claim only on the substantive technical narrative — the DOE EOC acknowledgement confirms receipt and routing, NOT endorsement. Narrative claims (Broadcom BCM4388 silicon backdoor Poppy_CLPC_OS, 113GB+ exfiltration, Cisco/Google/Samsung coordinated disclosure) remain filer-statements only — no CVE, no vendor advisory, no third-party reproduction. Org name Intergalactic Auditing Systems is a working pseudonym, not a registered legal entity (per user).
TRACK-B-IC3-067b3177c3524c80bce02cca08064d11	Server-issued FBI IC3 Submission ID 067b3177c3524c80bce02cca08064d11 (Tier-2 sole-namespace pattern) + public-internet long-lived corroboration: the same ID is in the public-repo description field of github.com/JGoyd/iDrive-Exfil (created 2026-01-08T23:17:45Z, tree 810ab171…, last push 2026-04-07T15:35:51Z, 1 star) and has been indexable by archive services since (Tier-1.5 third-party-verifiable)	IC3 Submission ID + 3-file paired technical bundle (filer's published case README, JFIF carrier image 3024×4032 subject "filer's son in filer's backyard", filer's personal note to son)	PENDING (batch 9 anchor script ready)	Provisional → Anchor-Class candidate on the IC3-ID + public-repo-description combination. Upgrades to Strong on (a) *.ic3.gov or *.fbi.gov DKIM-signed inbound .eml, (b) paper IC3 acknowledgement letter, or (c) opened FBI field-office investigative file referencing this submission ID. Filer-attested technical surface (polyglot HEIF carrier, mdat entropy 7.9478, three Shadow UUIDs, passd Wallet bridging to iCloud Drive) preserved without endorsement. Personal-significance posture preserved: carrier subject is the filer's son in his backyard.
TRACK-B-MSRC-112639	DKIM vanderbilt.edu (2048-bit, selector selector1) on VUIT precursor .eml 2026-04-01 + ARC-sealed by Microsoft arcselector10001	VUIT TeamDynamix incident #86705 (precursor), MSRC Case 112639 (vendor case-ID, opened 2026-04-08), public GitHub repo JGoyd/m365-mime-type-confusion (Tier-1.5 third-party-verifiable; head c4bca665…, stego-withdrawal commit a75ce46a…)	PENDING (batch 6 anchor script ready)	Strong — first US higher-education cryptographic anchor in the system (vanderbilt.edu). Two-stage disclosure path (VU → MSRC) anchored on the precursor. No standalone MSRC-side .eml yet (open follow-up). No exploit code shipped; prior stego claim withdrawn in commit a75ce46a… as a discipline marker.
TRACK-B-NASA-JPL-TLS	(pending — no NASA SOC inbound .eml yet)	Outbound to soc@nasa.gov 2025-04-22	PENDING (batch 3 anchor script ready)	Provisional — outbound-only chain-misconfig report; forensic-observer role; needs SOC reply to become Tier 1
TRACK-B-Broadcom-BCM4387-BroadScope	DKIM broadcom.com (1024-bit, selector google) inbound 2026-03-10 + DLP-relay path through *.dlp.protect.broadcom.com (Symantec/Broadcom DLP, 144.49.247.117 (smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com))	Broadcom PSIRT reply from named engineer Daniel Edelson (daniel.edelson@broadcom.com); Cc Ken Williams (ken.williams@broadcom.com) + psirt@broadcom.com; outbound Message-Id locks threading via inbound References: header; Tier-1.5 public repo github.com/JGoyd/BroadScope (head commit ba55b3f3c86b60ed63890a8c0f0f650c926f3baa, tree bffbc5e4…, created 2026-04-03, last push 2026-04-07, public, 2 stars; contents: README.md, VULNERABILITY_REPORT.md 8228 B, THREAT_MODEL.md 12027 B, evidence/)	PENDING (batch 8 anchor script ready)	Provisional — first US private-sector hardware-vendor PSIRT cryptographic anchor. Vendor stance per filer (verbatim, preserved without endorsement): "them claiming diamin awareness, not tehncialy discsyting or anything at all.. comelte bs" — Broadcom's surface reply (domain-awareness acknowledgement) AND filer's characterization (substantive rejection) are both recorded. Reply body PGP-encrypted to filer's key. No exploit code shipped; repo + folder follow no-payload rule. Upgrades toward Strong on CVE assignment or vendor public advisory referencing BCM4387 coexistence SRAM.
TRACK-B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1	(pending — no *.apple.com or VulnCheck-broker inbound .eml yet staged)	Filer outbound disclosure 2026-02-09 to Apple PSIRT via VulnCheck (BLASTPASS V2 markdown, 4710 B) + filer rebuttal 2026-02-13 20:47 EST (5340 B) + paired binary tracev3 artifacts with internal cryptographic-consistency anchor (Build 23C71 trace SHA-256 905b5cc8… is cited inside the disclosure markdown; Build 23D127 trace SHA-256 161df0cb… is cited inside the rebuttal markdown — both match staged-file hashes byte-for-byte); 350-byte audit-tool stub check_offsets.py; filer maps five Apple iOS 26.3 CVE remediations (CVE-2026-20675 ImageIO, CVE-2026-20677 Messages-sandbox, CVE-2026-20678 Wallet/PassKit, CVE-2026-20634 ImageIO memory-handling, CVE-2026-20667 libxpc) onto the four subsystems named in the 2026-02-09 disclosure, with the iOS 26.3 release (2026-02-11) landing 2 days before Apple's 2026-02-13 written rejection	PENDING (batch 9 anchor script ready)	Provisional — closed-loop self-hash anchor between filer outbound documents and binary artifacts. Vendor stance preserved verbatim (Apple PSIRT 2026-02-13 17:14 EST: "standard system behavior" / "no technical validity"). The temporal-convergence claim (Apple iOS 26.3 release 2026-02-11 lands between filer's 2026-02-09 disclosure and Apple's 2026-02-13 rejection) is independently verifiable from Apple's own published security-update release dates. Per filer instruction, the paired private GitHub repository is NOT referenced in this folder, the ledger entry, or the anchor script. Upgrades to Strong on (a) *.apple.com DKIM-signed inbound, (b) Apple security-advisory cross-reference, or (c) third-party reproduction of the offset-displacement claim. No exploit code shipped.

What "bulletproof" requires going forward (per case)

For every case folder still labeled Stub or Provisional, the upgrade path is:

1. Drop the agency's inbound acknowledgement .eml (NOT the outbound copy — outbound has no signature you control). One per case.
2. Drop the portal confirmation PDF if the agency issued one.
3. If the agency uses a portal-only system (no email), drop a screenshot of the case page AND the case-page URL pattern that only the agency's server produces.
4. Run ANCHOR-COMMANDS-*.sh locally to attach .ots + .asc to every artifact.

Each inbound .eml you drop converts one Provisional case into Strong. The system is designed to absorb dozens of these without restructuring — just drop them, the intake workflow catalogs them.

Reconciliation issues still open

1. PGP key reconciliation: canonical 4A04…2D11 vs. secondary 6DCB…DAF6. Both the 2026-05-11 FCA supplement AND the 2026-04-27 OLAF reply ship the secondary fingerprint. Cross-attest both keys (sign each with the other) or formally retire one. See canonical/index.md.
2. Running-Ledger .asc is 0 bytes — needs re-signing.
3. Lithuania row hash mismatch in ledger vs anchor2.txt. RESOLVED (this audit pass): ledger row #20 prefix 603409f4b01b matches actual SHA 603409f4b01bfed46d22d7129ec22a1969f1a32921654b3559febbd4e62bc17d byte-for-byte.
4. TRACK-A-OLAF-Ref-00Db00K8yP vs TRACK-A-FCA-BoC-StanChart — reconciliation needed. RESOLVED (batch 4): FCA inbound .eml exposes X-Sfdc-Lk: 00Db0000000K8yP + X-Sfdc-Entityid: 500Sk000019RuGn — these are FCA Salesforce-internal Org-Link + Entity-ID, NOT an OLAF case number. The mislabeled TRACK-A-OLAF-Ref-00Db00K8yP folder has been deleted and replaced with TRACK-A-OLAF-Mandelson-Carbyne (the actual OLAF case is keyed by subject + Message-Id, not the 00Db* prefix).

Anchor scripts ready to run locally

• evidence/ANCHOR-COMMANDS-2025-05-18.sh — Track B batch (7 unique files across two cases)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch2.sh — Track A batch (7 files across three cases: SEC TCR, FCA BoC, CPIB)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch3.sh — mixed batch (7 files across three cases: NASA JPL TLS Track B, Japan ISA Track A, Taiwan NCC Track A)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch4.sh — batch 4 (9 unique-content files across seven cases: FCA, CPIB, OLAF-Mandelson, DOE-NE, TW-NCC Fa-Wen, SK-GenPro potvrdenka, DOE-417)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch5.sh — batch 5+6 (11 unique-content files across eight cases: SK-PP, MA-AGO ack + report, OLAF-inbound, DOJ-FARA, DOE-EOC, Paris PNF outbound+inbound, Ossoff Senate outbound+inbound, LT-PAIS transmittal)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch6.sh — batch 7 (5 unique-content files across two cases: TRACK-B-MSRC-112639 VUIT precursor + MSRC Update-1 zip + bin-payload zip + GitHub repo snapshot, and TRACK-A-Colombia-Consulate-Atlanta hand-delivered referral PDF)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch7.sh — batch 8 (2 net-new unique-content files across two cases: TRACK-A-USN-InsiderThreat-AirCenter-Tinney outbound and TRACK-A-IRS-FORM-211 Form-211 packet PDF)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch8.sh — batch 9 (5 net-new unique-content files across two cases: TRACK-B-Broadcom-BCM4387-BroadScope outbound headers + inbound .eml + inbound headers, and TRACK-A-CISA-INC0625285-iOS-Bypass inbound .eml + inbound headers)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch9.sh — batch 10 (9 net-new unique-content files across two cases: TRACK-B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 with 6 staged artifacts including 2 binary tracev3 captures, and TRACK-B-IC3-067b3177c3524c80bce02cca08064d11 Stub-to-Provisional upgrade with 3 staged iDrive-Exfil bundle artifacts)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch10.sh — batch 11 (2 net-new unique-content files across two cases: TRACK-B-CNVD-2025-06744 and TRACK-B-CNVD-2025-07885 sovereign-CERT certificate PDFs)
• evidence/ANCHOR-COMMANDS-2026-05-18-batch11.sh — NEW — batch 12 (2 net-new unique-content files in one case: TRACK-A-FCA-BoC-StanChart 2026-05-08 named-officer substantive inbound + 2026-05-13 named-officer supervisory-referral attestation inbound, both DKIM-signed by fca.org.uk selector intactfcaorguk2)

After running all eleven, 65 source files will carry .ots + .asc. Run ots upgrade *.ots ~1h later (then again ~24h later if not yet confirmed) to attach the Bitcoin block-header attestation to each.

Cumulative Tier-1 DKIM-signature domains (18 total, as of batch 10 — no new DKIM domains this batch; two new non-DKIM anchor classes recorded below)

Domain	Selector(s)	Bits	Jurisdiction	First batch
cert.org	(CERT/CC)	—	US (CMU SEI)	batch 1 (Track B)
amazonses.com	×3 selectors (CERT/CC + CPIB)	1024	(transport SES)	batches 1, 4
yahoo.com	(CERT/CC counter-sig)	—	US	batch 1 (Track B)
sec.gov	secomms	2048	US SEC	batch 2
genpro.gov.sk	genprogovsk	2048	Slovak Republic GP	batch 2
ncc.gov.tw	google	2048	Taiwan NCC	batch 3
fca.org.uk	intactfcaorguk2	2048	UK FCA	batch 4
form.gov.sg	(long)	2048	Singapore CPIB	batch 4
ec.europa.eu	s2601	2048	EU (OLAF)	batch 5
usdoj.gov	doj	2048	US DOJ (FARA)	batch 5
doe.gov	q2-2024-pp	2048	US DOE (EOC NA-40)	batch 5
hq.doe.gov	selector1	2048	US DOE HQ	batch 5
onbaseonline.com	2k20x	2048	MA AGO (Hyland OnBase)	batch 5
justice.fr	pfai20240130	2048	French Ministry of Justice (PNF)	batch 5+6
senate.gov	senate-pp2408	2048	US Senate (Ossoff office)	batch 5+6
vanderbilt.edu	selector1	2048	US higher-education (Vanderbilt University IT / VUIT TeamDynamix)	batch 7
broadcom.com	google	1024	US private-sector hardware-vendor PSIRT (Broadcom Inc.)	batch 9
associates.cisa.dhs.gov	select1	2048	US DHS/CISA (contractor tenancy within agency M365 tenant)	batch 9

Tier 1.5 (agency SPF-pass without DKIM): prokuraturos.lt (LT prosecutor; signed-PDF carries the cryptographic load). Tier 1.5 (third-party-verifiable public repo): github.com/JGoyd/m365-mime-type-confusion — public coordinated-disclosure repo paired with TRACK-B-MSRC-112639; head commit c4bca665…, stego-withdrawal commit a75ce46a…. Also: github.com/JGoyd/BroadScope — public coordinated-disclosure repo paired with TRACK-B-Broadcom-BCM4387-BroadScope; head commit ba55b3f3c86b60ed63890a8c0f0f650c926f3baa, tree bffbc5e4c458fdcd057db0f2c694c38f5bfabfb5, created 2026-04-03T18:57:56Z, last push 2026-04-07T15:50:18Z, public, 2 stars. Also: github.com/JGoyd/iDrive-Exfil — public repository paired with TRACK-B-IC3-067b3177c3524c80bce02cca08064d11; its public description field literally contains the IC3 Submission ID 067b3177c3524c80bce02cca08064d11, providing public-internet long-lived corroboration of the server-issued FBI submission token (visible since 2026-01-08T23:17:45Z, tree 810ab171bcefaff7942ebea0388fbec17214355a, last push 2026-04-07T15:35:51Z, 1 star). This is the first Tier-1.5 anchor in the system that uses a public-repo metadata field (not content) to corroborate a server-issued agency ID — a distinct anchor class from the content-snapshot pattern used by MSRC and BroadScope.

New non-DKIM anchor class added in batch 11

Class	Tier slot	First case	Why it's a separate class
Sovereign-CERT original-vulnerability certificate	Tier 1 (substantive issuing-body finding)	TRACK-B-CNVD-2025-06744 and TRACK-B-CNVD-2025-07885	The artifact is the issuing body's formal certificate naming the contributor under a sole-namespace server-issued certificate number. Distinct from DKIM-attested email (which proves message emission) and from public-repo content/metadata anchors (which prove third-party platform visibility) — the certificate document itself records a finding by CNCERT/CNVD that the named contributor's submission was recorded as an original-vulnerability contribution. Does NOT adjudicate vendor liability, patch mapping, or exploit reachability; Track B standing disclaimer applies.

Credit-asymmetry observation (filer-attested cross-reference, recorded as context not finding)

The Glass Cage flagship folder TRACK-B-CVE-2025-24085-24201-43300 documents that Apple's public security advisories credit other reporters for the underlying CVE-2025-24085 / CVE-2025-24201 / CVE-2025-43300 patches, and CISA has not formally acknowledged the filer's contribution either. Within the same 2025 timeframe, CNCERT/CNVD issued two formal original-vulnerability certificates to the filer (this batch). The filer attests the CNVD entries cover the same underlying material as the Glass Cage CVE cluster. This is preserved as filer-attested context and is NOT an adjudicated CVE↔CNVD mapping; the CNVD certificates themselves do not assert any CVE-ID cross-reference.

New non-DKIM anchor classes added in batch 10

Class	Tier slot	First case	Why it's a separate class
Closed-loop self-hash anchor	Tier 2.5 (between server-pattern IDs and OTS+PGP)	TRACK-B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1	Filer outbound disclosure documents cite SHA-256 hashes of binary artifacts inside their own body text. Any reader can recompute the hashes on the staged binaries and verify byte-for-byte. Defends against post-hoc artifact substitution at the cost of being one-party-generated.
Public-repo-description corroboration of server-issued agency ID	Tier 1.5 (distinct from content snapshot)	TRACK-B-IC3-067b3177c3524c80bce02cca08064d11	The agency-issued ID is embedded in a public-repo metadata field (description, not content), making it indexable by general internet archive services without requiring repo cloning. Survives even total content-bundle loss as long as one archive snapshot of the repo's metadata page exists.

Deferred items

None. The three Microsoft files deferred from batch 4 ("focus on all of the file except for the last 3 microsoft ones..we can take that nice and slow") are fully processed in batch 7 (MSRC + Colombia). The pairing stub TRACK-B-MSRC-112639 has been upgraded to Strong on the Vanderbilt vanderbilt.edu DKIM precursor anchor.

Re-export collisions and byte-identical duplicates tracked

Ledger #	Type	Canonical staged path	Notes
#63 (batch 8)	Re-export collision	TRACK-A-DOE-NE-2026-05-02/evidence/DOE-NE-CFIUS-FINCEN-referral-2026-05-02.eml	Second Proton export of the same nuclear-referral outbound; identical Message-Id and headers; only MIME boundary differs. Same send. Not re-staged.
#64 (batch 8)	Byte-identical duplicate	TRACK-B-DOE-417/evidence/DOE-EOC-NA40-acknowledgement-2025-12-25.eml	Re-affirmation of the canonical DOE EOC NA-40 Christmas inbound (SHA 5a8ff29de877…). Not re-staged.