Independent, offline, one-call verifier for AlgoVoi keystone evidence: re-derives a keystone record, a Payment Evidence Frame, an audit chain of frames, or a full bundle from raw fields and confirms every content-addressed reference matches. Depends only on JCS RFC 8785 canonicalisation; verifies without trusting the builder packages. Runs on any algovoi-substrate version (v0/v1).
Project description
algovoi-keystone-verifier
Independent, offline, one-call verification of AlgoVoi keystone evidence.
Given a keystone record, a Payment Evidence Frame, an audit chain of frames, or a full bundle of
all three, this re-derives every content-addressed reference from the raw fields and confirms it
matches the carried value. It depends only on the substrate JCS canonicalisation (sha256_jcs),
not on the packages that produced the evidence, so an auditor verifies without trusting the
builder. RFC 8785 JCS + SHA-256 are the whole dependency; it runs on any substrate version (v0/v1).
Install
pip install algovoi-keystone-verifier
Use
from algovoi_keystone_verifier import verify_bundle, verify_keystone, verify_frame, verify_audit_chain
res = verify_bundle({
"keystone": keystone_record, # passport/mandate/policy/decision/execution/trust_query
"frames": [pef_frame, ...], # optional Payment Evidence Frames
"audit_chain": audit_chain, # optional chain of frames, capped
})
res.ok # True iff every re-derivation matched
res.to_dict() # {"ok": ..., "checks": [{"name","ok","detail"}, ...]}
It re-derives decision_ref, execution_ref, trust_query_ref and the chain; the PEF
receipt_hash and frame_id; the audit-chain rows (prev_hash linkage, genesis 64 zeros) and the
trust_query_ref cap; and cross-checks that frames carry the keystone's execution_ref. Tamper any
field and the relevant check fails.
CLI:
cat bundle.json | python -m algovoi_keystone_verifier # exit 0 if every check passes
TypeScript twin: @algovoi/keystone-verifier,
byte-identical re-derivation.
Licensing
Apache-2.0. This open verifier checks the content-addressed references (the unsigned substrate). A commercial tier verifies the cryptographic signatures (hybrid Falcon-1024 + ML-DSA-65) and ingests into the Compliance Command Center.
Pinned edition for adopters, with a free key. Pin algovoi-keystone-verifier==0.1.0, anchor a
keystone_v1 (or pef_keystone_v1) vector hash, and keep the NOTICE; that four check gate earns a
free v0 licence key for algovoi-mandate-auditor (email chopmob@gmail.com with your import-by-hash
evidence and the NOTICE).
Python and TypeScript produce identical re-derivations. Redistribution must retain the NOTICE and
the Apache-2.0 LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file algovoi_keystone_verifier-0.1.0.tar.gz.
File metadata
- Download URL: algovoi_keystone_verifier-0.1.0.tar.gz
- Upload date:
- Size: 11.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4f1297d19ca385285fc7987dac109058256006c508dc6a9b0264ed5527a9309e
|
|
| MD5 |
dcca655706d43e2f22d15a680cfaf299
|
|
| BLAKE2b-256 |
9c857dcb7db2821e4a11cb808343705612bba2f8d855e5c6512164219c3b9181
|
File details
Details for the file algovoi_keystone_verifier-0.1.0-py3-none-any.whl.
File metadata
- Download URL: algovoi_keystone_verifier-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60e2f40c41a7b1425933c662d644858b4ec243342a098ea66558c0e79fb82352
|
|
| MD5 |
7a311829f95057ffde546e2625304679
|
|
| BLAKE2b-256 |
0a66523a4b902e003aa9d507e101026c7ad6f8d761f8d61dc0bb569a8597b402
|