Skip to main content

Independent, offline, one-call verifier for AlgoVoi keystone evidence: re-derives a keystone record, a Payment Evidence Frame, an audit chain of frames, or a full bundle from raw fields and confirms every content-addressed reference matches. Depends only on JCS RFC 8785 canonicalisation; verifies without trusting the builder packages. Runs on any algovoi-substrate version (v0/v1).

Project description

algovoi-keystone-verifier

Independent, offline, one-call verification of AlgoVoi keystone evidence.

Given a keystone record, a Payment Evidence Frame, an audit chain of frames, or a full bundle of all three, this re-derives every content-addressed reference from the raw fields and confirms it matches the carried value. It depends only on the substrate JCS canonicalisation (sha256_jcs), not on the packages that produced the evidence, so an auditor verifies without trusting the builder. RFC 8785 JCS + SHA-256 are the whole dependency; it runs on any substrate version (v0/v1).

Install

pip install algovoi-keystone-verifier

Use

from algovoi_keystone_verifier import verify_bundle, verify_keystone, verify_frame, verify_audit_chain

res = verify_bundle({
    "keystone": keystone_record,     # passport/mandate/policy/decision/execution/trust_query
    "frames": [pef_frame, ...],       # optional Payment Evidence Frames
    "audit_chain": audit_chain,       # optional chain of frames, capped
})
res.ok            # True iff every re-derivation matched
res.to_dict()     # {"ok": ..., "checks": [{"name","ok","detail"}, ...]}

It re-derives decision_ref, execution_ref, trust_query_ref and the chain; the PEF receipt_hash and frame_id; the audit-chain rows (prev_hash linkage, genesis 64 zeros) and the trust_query_ref cap; and cross-checks that frames carry the keystone's execution_ref. Tamper any field and the relevant check fails.

CLI:

cat bundle.json | python -m algovoi_keystone_verifier      # exit 0 if every check passes

TypeScript twin: @algovoi/keystone-verifier, byte-identical re-derivation.

Licensing

Apache-2.0. This open verifier checks the content-addressed references (the unsigned substrate). A commercial tier verifies the cryptographic signatures (hybrid Falcon-1024 + ML-DSA-65) and ingests into the Compliance Command Center.

Pinned edition for adopters, with a free key. Pin algovoi-keystone-verifier==0.1.0, anchor a keystone_v1 (or pef_keystone_v1) vector hash, and keep the NOTICE; that four check gate earns a free v0 licence key for algovoi-mandate-auditor (email chopmob@gmail.com with your import-by-hash evidence and the NOTICE).

Python and TypeScript produce identical re-derivations. Redistribution must retain the NOTICE and the Apache-2.0 LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

algovoi_keystone_verifier-0.1.0.tar.gz (11.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

algovoi_keystone_verifier-0.1.0-py3-none-any.whl (11.7 kB view details)

Uploaded Python 3

File details

Details for the file algovoi_keystone_verifier-0.1.0.tar.gz.

File metadata

File hashes

Hashes for algovoi_keystone_verifier-0.1.0.tar.gz
Algorithm Hash digest
SHA256 4f1297d19ca385285fc7987dac109058256006c508dc6a9b0264ed5527a9309e
MD5 dcca655706d43e2f22d15a680cfaf299
BLAKE2b-256 9c857dcb7db2821e4a11cb808343705612bba2f8d855e5c6512164219c3b9181

See more details on using hashes here.

File details

Details for the file algovoi_keystone_verifier-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for algovoi_keystone_verifier-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 60e2f40c41a7b1425933c662d644858b4ec243342a098ea66558c0e79fb82352
MD5 7a311829f95057ffde546e2625304679
BLAKE2b-256 0a66523a4b902e003aa9d507e101026c7ad6f8d761f8d61dc0bb569a8597b402

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page