Release Integrity

Purpose: this page documents how the public package can be checked for accidental or unauthorized file changes after upload.

• The canonical checksum manifest is /downloads/SHA256SUMS.txt.
• Hashes use SHA-256 and are generated from the files staged in the flat site-root upload folder.
• The manifest is intended for package-integrity review, not as a secret. If a hosted file changes unexpectedly, regenerate hashes only after confirming the change was intentional.
• The highest-risk public assets are downloadable archives, JavaScript files, HTML entry points, and media wrapper pages because those are what visitors execute or open.
• This static demo has no accounts, database, server-side application code, or WordPress installation. Browser-local file selection in portals such as uHammer does not create a server-side upload endpoint.

Recommended upload practice: keep a clean local copy of this package, upload only the contents of the flat cPanel upload package into the target web folder, then compare hosted files or cPanel file dates against this release before treating the deployment as current. The 20260601_00_layoutfix package keeps local review tools in the review zip only; they are intentionally excluded from the cPanel upload zip.