Skip to main content

The independent verifier for HonorNet decision records

Project description

honornet-verify

The independent verifier for HonorNet decision records.

When an AI agent transacts on the HonorNet acceptance network, the network records its approve/decline decision in an append-only, cryptographically verifiable log. honornet-verify lets anyone — a merchant, an issuer, an auditor, a regulator — confirm such a decision is genuine and intact:

  • without calling a HonorNet API, and
  • without HonorNet's private source code.

You verify a decision against the maths, not against HonorNet's word for it.

Why this exists

HonorNet's acceptance-network core is private. Its trustworthiness should not be. A decision record is exported as a self-contained bundle; this tool checks the bundle's signatures and its RFC 6962 Merkle inclusion proof. The verification core is standard-library only — no third-party runtime dependencies — so the entire trust path is auditable in an afternoon.

Install

pipx install honornet-verify

or, for use as a library:

pip install honornet-verify

Use

Verify a decision bundle exported from GET /decisions/{decision_id}:

honornet-verify verify decision-bundle.json
  [PASS] record_signature
  [PASS] leaf_hash_match
  [PASS] tree_size_consistency
  [PASS] inclusion_proof
  [PASS] log_root_signature

VERIFIED: decision-bundle.json

Exit code 0 means verified, 1 means well-formed but not verified, 2 means the file could not be read or parsed.

Structured output for scripts and CI:

honornet-verify verify --json decision-bundle.json

Pin the signing key — recommended. Verification alone proves a bundle is internally consistent and signed by the key it carries; pinning proves that key is HonorNet's:

honornet-verify verify --pin-key <honornet-ledger-public-key-hex> decision-bundle.json

What gets checked

A bundle verifies only if all of the following hold:

  1. record signature — the decision record carries a valid Ed25519 signature over its RFC 8785 canonical bytes;
  2. leaf hash — the RFC 6962 Merkle leaf hash matches the signed record;
  3. inclusion proof — the leaf is included under the signed log root;
  4. log root signature — the signed log root carries a valid signature.

See docs/verification-model.md and docs/bundle-format.md.

What this does not grant

honornet-verify is open source under Apache-2.0. Using, reading, or forking it does not grant:

  • any right to use the HonorNet name or marks, except as permitted by the Apache License 2.0, Section 6 (Trademarks);
  • recognized-issuer status on the HonorNet acceptance network;
  • any right to operate the HonorNet acceptance network, or to hold a fork or derivative of this software out as being HonorNet.

A successful verification establishes that a decision bundle is internally consistent and signed by the key embedded in it. It does not by itself establish that the key is HonorNet's — pin the key (--pin-key) to establish that.

Relationship to HonorNet

This is the open-source arm of HonorNet. It is not the production network. The acceptance network that issues decision records is a separate, private system. honornet-verify deliberately imports nothing from it — that independence is enforced by a test in this repo.

Licence

Apache-2.0. See LICENSE and NOTICE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

honornet_verify-1.0.0.tar.gz (20.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

honornet_verify-1.0.0-py3-none-any.whl (16.5 kB view details)

Uploaded Python 3

File details

Details for the file honornet_verify-1.0.0.tar.gz.

File metadata

  • Download URL: honornet_verify-1.0.0.tar.gz
  • Upload date:
  • Size: 20.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for honornet_verify-1.0.0.tar.gz
Algorithm Hash digest
SHA256 fa38f7335c488bf910c238b19179c28e7c63df752c837930587add75ab323f7c
MD5 4febd0ec2b41343d04031148fcf0a65a
BLAKE2b-256 7028a9d27336599cf51ca1986d384e553f631a2a91c619cf3f3a2a4366c83ee2

See more details on using hashes here.

Provenance

The following attestation bundles were made for honornet_verify-1.0.0.tar.gz:

Publisher: publish.yml on HonorNetAI/honornet-verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file honornet_verify-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: honornet_verify-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 16.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for honornet_verify-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5c2dd350468cfe23b78d2e9491ba816e920df975935d8484dc9f64ded00d7ddc
MD5 f8a9a7f2318182b33e7d0d76c774f735
BLAKE2b-256 b87efa85f5a05e6f1041c0bb9b93c92a2de0000db7c24d1d95dc08f3e6c78a26

See more details on using hashes here.

Provenance

The following attestation bundles were made for honornet_verify-1.0.0-py3-none-any.whl:

Publisher: publish.yml on HonorNetAI/honornet-verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page