Upload a GriGsi unified container file. We verify it locally and on server, then open the module that matches the envelope.
ecdsa-p256-sha256 signature: the envelope’s ownerPublicKey must verify a canonical message binding schema, module, resource id, owner id, and payload hash. The browser and /api/container/verify use the same rules. Anchors store an off-chain snapshot hash; on-chain tx_ref is reserved for later.
Containers are signed with a P-256 key kept in this browser. Back up the private key so you can restore it after clearing site data or on another device.