Portable, offline, zero-dependency verifier for invinoveritas verdict proofs — verify without trusting the API or us.
Project description
invinoveritas-verify (Python)
Verify an invinoveritas verdict proof OFFLINE — trusting no one, not even our API, and not us. An invinoveritas proof is a schnorr-signed Nostr event; this recomputes its event id (NIP-01), checks the BIP-340 signature against our published key, and confirms it's a real verdict — all on your machine. A valid result is something you proved, not something we told you.
Zero dependencies — pure stdlib (hashlib). A verifier that shipped a sketchy crypto dependency would be self-defeating; there is nothing here to trust but ~120 readable lines, and the only input that matters is a public key.
pip install invinoveritas-verify
from invinoveritas_verify import verify_proof
# `event` is the signed proof from a /review {sign:true} or /prove response.
result = verify_proof(event)
if result["valid"]:
print("invinoveritas issued exactly this verdict —", result["checks"])
# {'id_integrity': True, 'signature_valid': True, 'issued_by_invinoveritas': True, 'is_proof_event': True}
CLI:
curl -s https://api.babyblueviper.com/.well-known/agent-handshake \
| python -c "import sys,json; json.dump(json.load(sys.stdin)['try_it_now']['sample_proof']['event'], open('proof.json','w'))"
python -m invinoveritas_verify proof.json # → {"valid": true, ...}, computed entirely on your machine
Verify our key yourself
The package pins PUBLISHED_PUBKEY. Re-derive it any time and confirm it matches:
curl -s https://api.babyblueviper.com/.well-known/agent-handshake | grep -o '"verifier_pubkey":"[a-f0-9]*"'
If a proof's pubkey ≠ that key, it is not an invinoveritas verdict.
Trust model
valid⇒ invinoveritas issued exactly this verdict (id integrity + schnorr + our key + proof shape).- It does not assert freshness or that the proof was meant for your interaction — bind it to your input and check recency yourself.
- Verdicts are byte-identical to
POST https://api.babyblueviper.com/verify-proof. The endpoint is a convenience; this is the same check without the round trip — "recomputable, not a score."
Related
invinoveritas(PyPI) — the full Python SDK, incl. the online verify-before-pay client (preflight_verify,verify_proof) and nowverify_proof_local(the same offline check).invinoveritas-verify(npm) — the JavaScript/TypeScript twin.
Public track record: https://api.babyblueviper.com/ledger
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file invinoveritas_verify-0.1.0.tar.gz.
File metadata
- Download URL: invinoveritas_verify-0.1.0.tar.gz
- Upload date:
- Size: 5.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
025613121c680608c841a30b569cf6e80c49ec25bfbae2dbf78988dac4c8cd68
|
|
| MD5 |
cbbf8993f0572566ca17f5f7abb17ef0
|
|
| BLAKE2b-256 |
dde79fea8a2ec8eb491669999d03b0c46fe4d8defc97bca9c71da7f19fb77cc2
|
File details
Details for the file invinoveritas_verify-0.1.0-py3-none-any.whl.
File metadata
- Download URL: invinoveritas_verify-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
35fe1af50b8283de12d935e00a39bfa0a53d7b9f41d761b8c6e500c5be376854
|
|
| MD5 |
d9c16adfd459f12d331ce8a8f816789f
|
|
| BLAKE2b-256 |
6f55f9fc62c0adda6bf65df346df6c6b051c3b5456ff7ac955e08e9f8892d757
|
