Anchored Replay
How a reviewer moves from package-internal replay to issuer continuity using a trust anchor obtained outside the package.
How do I verify a review package against a signer I trust without letting the package authenticate itself?
Anchored replay explains how a reviewer moves from package-local checks to continuity checks against a trust anchor obtained outside the package.
1. Problem this page solves
Bundle verification can prove internal consistency, but that alone does not establish issuer continuity beyond the package itself.
Anchored replay adds an external continuity point so reviewers can test whether package claims hold when compared to independently obtained anchor material.
2. What you should understand after reading
After this page, you should understand:
- what can be checked inside the bundle
- what requires an outside anchor
- how anchored replay extends package-local verification
- what anchored replay still does not independently prove
3. Mechanism-first anchored replay path
Use this exact order:
- Inspect bundle artifacts. Identify proof-bearing files and declared claim layers.
- Validate internal consistency. Check manifest, signatures, and declared internal links.
- Identify required anchor point. Determine which continuity claim needs external anchor (for example, signer continuity).
- Obtain anchor outside the package. Retrieve reviewer-trusted anchor through separate custody path.
- Compare package state to anchored state. Replay with reviewer-supplied anchor and evaluate match/mismatch.
- Determine continuity outcome. Decide whether continuity is established, untested, or failed.
Inside-package vs outside-anchor scope
| Scope | What you observe | What it can establish |
|---|---|---|
| Bundle-local replay | Package contents, hashes, signatures, chain links | Internal coherence of packaged claim set |
| Anchored replay | Same package + external trusted anchor | Whether claim continuity holds against reviewer-pinned trust point |
4. Observed vs inferred
| Layer | Observed material | Inferred claim |
|---|---|---|
| Package observations | Bundle files, digest matches, signature checks, chain references | Package is internally coherent |
| Anchor observations | External key/anchor material and replay result against it | Continuity relative to that anchor |
| Inference boundary | Combination of package + anchor checks | Broader trust conclusion over time/packages requires policy interpretation |
5. Trust assumptions
Anchored replay depends on explicit trust inputs:
- trust in anchor source authenticity
- trust in anchor retrieval path independence
- trust that replay tooling is correctly evaluating package-to-anchor comparison
What anchored replay confirms:
- package-local consistency still holds when checked against reviewer-supplied anchor
- signer continuity can be established for that anchor scope
What it does not independently prove:
- legal/organizational identity claims beyond reviewer policy
- timestamp trust or revocation unless separately anchored and checked
- exhaustiveness of evidence outside included artifacts
A bundle can prove internal consistency. Anchored replay tests whether that consistency survives comparison to an outside continuity point.
Replay is not magic. Replay is a bounded artifact-and-anchor comparison.
6. Next-page handoff
Next, read Verification for the deterministic procedure and verdict handling that operationalizes this replay model.