Take the evidence. Run the scorer. Get the same number.
A CAI is worth citing because it can be checked. There are two checks: reproduce a survey (the number is honest arithmetic over the evidence) and verify a signed delivery (the package is ours and unedited). Both are yours to run — no account, no permission.
Reproduce a survey.
The reproducibility invariant: same commit + frozen rubric → same number.
Obtain the evidence
Every survey publishes the evidence package behind its score — the measured dimensions, the lens folds, the pinned rubric version.
Run the open scorer
Run the open-source reference scorer over the evidence, pinned to the survey's rubric version. The scoring math is public and re-implementable.
Compare
Same commit + frozen rubric must yield the same number. If it doesn't, you've found a discrepancy — and that's worth reporting, because the standard's guarantee failed.
Verify a signed delivery.
A shared CAI-delivery package is tamper-evident. Two checks confirm it.
Check the signature
Ed25519-verify the package signature against the issuer public key. A valid signature proves the package was produced — and is reproducible — by the issuer, not assembled by whoever shared it.
Check the content hash
The package is content-hashed; recompute the hash over the manifest and compare. A single edited byte breaks it — the package is unedited by the sharer, or the check fails.
What the two checks prove together: the number came from the standard, and nobody between the issuer and you touched it.
Don't take the number on faith. Run the check.
How the number is computed → /spec