Audit‑grade by default
Even public downloads ship with verification artifacts so you can confirm you have the exact file we published — without trusting us blindly.
A small file (typically JSON) that lists what was published: versions, included files, and their hashes. It is the “inventory + identity” of a release.
Cryptographic fingerprints (SHA‑256) of files. If even one byte changes, the checksum changes — making tampering or accidental corruption detectable.
Regulated execution needs tamper‑evident artifacts and a clean audit narrative (“what changed / why / who approved”). Verification removes “which version is this?” friction and makes handovers defensible.
How to verify (≈ 1 minute)
Compute SHA‑256 for the downloaded file and compare it to the value in MANIFEST.sha256 (or MANIFEST.json).
shasum -a 256 "FWL_YourFile.pdf"
Get-FileHash "FWL_YourFile.pdf" -Algorithm SHA256
Verification is independent: it works offline and does not require trackers, accounts, or “phone‑home”.
For the website itself, we publish a site-level integrity manifest + checksums so teams can verify deployments end‑to‑end.