← INDEX/WORK/AUTHYR

№ 04 — CRYPTOGRAPHIC TRUST RAILS

Authyr

Neutral evidence for every dispute — receipts that can’t be rewritten.

TYPEVenture · Startup
YEAR2026
ROLEFounder · Sole engineer
STATUSMarketing live · MVP in build (Aug 2026)
SCOPEApplied cryptography · SaaS · IP strategy
LIVEauthyr.com ↗

Why this exists

Every dispute forum — BBB, chargebacks, small claims, licensing boards — adjudicates without neutral evidence. Authyr is that evidence: a portable, independently verifiable, cryptographically signed receipt that a real customer interaction happened, plus a 30-day pre-publish mitigation window that gives businesses a chance to fix things before a review goes public. Affirmation, not censorship.

The design is deliberately patent-aware: engineered around GPS-location prior art (Chen US 9,842,340) with a multi-signal, non-GPS verification stack — and its own provisional patent filed at the USPTO (App # 64/069,215).

What I engineered

TRUST RAILS

Append-only ed25519 hash chains

Each business gets a chain where every entry hashes canonical({payload, prevHash, publicKeyId}) from a genesis hash. Mutate any past attestation and every later link breaks. Third parties verify fully offline against published .well-known keys.

CRYPTO AGILITY

Built to outlive its own algorithms

Key IDs encode rotation years and every signed envelope stamps its hash algorithm, so keys and hashes (SHA-256 → SHA-3) can migrate with zero chain rewrites. Distinct envelope types prevent cross-replay between attestations, articles, and reviews.

PRODUCT

The resolution arc

A 1★ complaint that becomes a 5★ recovery is provable end-to-end as two chained review entries — “submitted” then “sealed.” The mitigation window is enforced server-side by a scheduled expiry Lambda, not by promises.

BACKEND

Amplify Gen 2, done properly

Six DynamoDB tables, Cognito custom-auth magic links (three challenge Lambdas), SES email, owner-scoped authorization with server-side IAM writers for webhooks, and Stripe Connect — where payment itself becomes a verification signal.

AI

A draft-only reputation agent

A pure, unit-testable prompt builder under hard rules: never posts, never invents facts, never leaks PII — it cites the verifiable receipt URL instead of arguing with anyone.

SEEDING

Cold-start from public records

A trust-score engine ingesting Texas TDLR license data with §230-aware public/private field separation — so day-one pages are useful without a single signup.

In the wild

authyr.com — the live trust-rails surface
AUTHYR.COM — THE LIVE TRUST-RAILS SURFACE
Verified-attestation flow — receipts a third party can check offline
VERIFIED-ATTESTATION FLOW — RECEIPTS A THIRD PARTY CAN CHECK OFFLINE
22.6kLINES OF FIRST-PARTY TS
30DAY MITIGATION WINDOW
6DYNAMODB TABLES
Next.js 16React 19TypeScriptTailwind v4shadcn / Base UIAWS Amplify Gen 2DynamoDBCognito custom authLambda · SES · CDK@noble/curves ed25519Stripe ConnectVitestNetlify · Vercel

Applied cryptography in a shipping product — not a toy chain, but one with rotation, algorithm agility, replay protection, and offline verification. Plus the founder layer: prior-art navigation, patent posture, and §230-aware data design.