Incident response

Incident Response

Voidproof incidents are operational procedures, not proof packages. An incident process cannot privately rescue, rewrite, or override a failed, revoked, defective, unsupported, or inconclusive proof.

Public-Reliance Incidents

If an issued proof package, public receipt, signed register, revocation state, defect state, verifier result, or delivery record may affect recipient reliance, the response must include a public action path.

Public Action Path

Depending on the incident, the public action path may include publishing a revocation entry, publishing a defect entry, updating a public receipt, publishing a register snapshot, or issuing a replacement package when the proof system supports it.

Customer Notification

Customer notification must identify the relevant public status path and must not include private evidence, signing keys, secret tokens, or proof package contents when a public receipt link is the safe reference.

Closure Rule

An incident can close only after required actions are complete, public-reliance impact has a public action path, and customer notification is recorded when required.

Reliance Boundary

Public verification must remain free and no-login. Private explanation cannot override verifier output, signed register state, revocation status, or defect status.