what a badge is allowed to say
Tiers, stated exactly.
A badge never overstates. T1–T3 mean a verifier of a different kind re-executed the checkable claims. T0 is not a verification and is rendered in neutral grey, never a verified shape or colour: it says only that a signed artifact existed at a time. The bright line runs between T0 and everything above it.
A certificate the open kernel checks. Your method never leaves your machine. The strongest and most private tier.
Claims and pinned inputs public; the method is a sealed container re-executed under a verification-only license. Protection is legal + sandbox, not cryptographic secrecy from the operator.
Everything public, re-executable by anyone end to end.
Signed but NOT re-executed. Identity and timestamp only. Never badged as verified.
The full trust analysis per tier is on the threat-model page.