Offline verifier for Ainfera AuditChains. Trust no one — verify the chain yourself.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hizrianraz from gravatar.com hizrianraz

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Ainfera Inc.
  • Tags ai-governance , ainfera , audit , cryptography , eu-ai-act , verification
  • Requires: Python >=3.10
  • Provides-Extra: dev , sigstore
Classifiers
Report project as malware

Project description

ainfera-verify

Trust no one. Verify the chain yourself.

ainfera-verify is the public, offline verifier for Ainfera AuditChains. It lets anyone — regulator, auditor, partner, curious developer — fetch an Agent's AuditChain and cryptographically verify it without trusting Ainfera or holding an Ainfera account.

This is the customer trust primitive behind Ainfera's audit-grade transparency claim: chain of custody you can check yourself.

Install

pip install ainfera-verify

Or with Homebrew:

brew install ainfera/tap/verify

Usage

Verify a full AuditChain by Agent ID (fetches from the public read endpoint, then verifies offline):

ainfera-verify chain manwe

Inspect a single AuditEvent:

ainfera-verify event manwe 1245

Verify an offline Annex IV bundle export (use this for air-gapped review):

ainfera-verify bundle ./manwe-2026-05-19.zip

What it verifies

For every AuditEvent in the chain:

  1. Hash continuityprevious_hash matches the prior event's event_hash.
  2. Event integrityevent_hash is the SHA-256 of previous_hash || canonical_json(payload).
  3. HMAC signaturehmac_signature validates against Ainfera's published public key.
  4. Sigstore signature — when present, validated against the Rekor transparency log.

If any check fails, the verifier reports the exact seq where the chain breaks.

Trust model

  • The CLI ships under Apache 2.0. The verification logic is auditable.
  • After events are fetched, verification is fully offline — no network calls, no Ainfera dependency.
  • Ainfera's HMAC public key is published at https://ainfera.ai/.well-known/ainfera-public-key.json and cached locally.
  • For air-gapped verification, download the key once or use a bundle export (which embeds the key).

EU AI Act Annex IV

Annex IV technical documentation requires verifiable evidence of system behavior. ainfera-verify bundle produces a pass/fail with the cryptographic chain of custody — sufficient evidence for a regulator's technical reviewer.

Web version

Don't want to install anything? Drop a bundle into verify.ainfera.ai. All verification runs in your browser.

License

Apache 2.0. See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hizrianraz from gravatar.com hizrianraz

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Ainfera Inc.
  • Tags ai-governance , ainfera , audit , cryptography , eu-ai-act , verification
  • Requires: Python >=3.10
  • Provides-Extra: dev , sigstore
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ainfera_verify-0.1.0.tar.gz (20.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ainfera_verify-0.1.0-py3-none-any.whl (15.4 kB view details)

Uploaded Python 3

File details

Details for the file ainfera_verify-0.1.0.tar.gz.

File metadata

  • Download URL: ainfera_verify-0.1.0.tar.gz
  • Upload date:
  • Size: 20.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ainfera_verify-0.1.0.tar.gz
Algorithm Hash digest
SHA256 e2efc24acafae7241ffc3d648186de367a0f363f6e8df3b1ae30e2a5c9f28d43
MD5 e4bba84b778eeab48bf170478629bf38
BLAKE2b-256 44f8ae2eeeaa0b23dbc513c9753c51ed5c429b789c4994c3f5fd4ec09f68b53f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ainfera_verify-0.1.0.tar.gz:

Publisher: release.yml on ainfera-ai/verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ainfera_verify-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: ainfera_verify-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 15.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ainfera_verify-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 774a2223b5f27e7286c7e266db705b0710c5c0b14ec1db1f642ae048fe9e0d7e
MD5 58bb67697c9a9689773a47e6b033f5e4
BLAKE2b-256 421ee1d9d3af57846a73272590bb724b61736a2c24598f397879a9ac002a28c9

See more details on using hashes here.

Provenance

The following attestation bundles were made for ainfera_verify-0.1.0-py3-none-any.whl:

Publisher: release.yml on ainfera-ai/verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page