Offline, independent verifier + human-readable renderer for Shomei Memory governance receipts (RTBF / erasure / restriction).
Project description
Shomei Memory Verify
Offline, independent verification of Shomei Memory governance receipts.
When a Shomei Memory deployment erases a subject's data (GDPR Art. 17 "right to be forgotten"), restricts it (Art. 18), or deletes a record, it emits a small, content-free, ed25519-signed receipt. This package lets anyone — a DPO, General Counsel, auditor, or the data subject — confirm that receipt on their own machine, using only:
- the receipt file, and
- the signer's published public key (obtained out-of-band),
with no access to the operator's systems and no trust in the operator's word.
The "open verifier" boundary
This package is the proof-checker, not the recipe. It verifies the structure of a proof
— it does not contain the production engine (crypto-erasure, predictive decay, the prover) or
any private/signing key. Its only third-party dependency is
cryptography; everything else is the Python standard
library. That minimal, auditable surface is the point: you can read all of it in an afternoon.
Install
pip install shomei-memory-verify
Verify a receipt (CLI)
# Prints a one-page, plain-language certificate; exits 0 ONLY if the signature
# authenticates against the key you pinned.
shomei-memory-verify receipt.json --pin <signer_public_key_hex> --render
Useful variants:
shomei-memory-verify receipt.json --pin <key> # verdict only (exit code)
shomei-memory-verify receipt.json --render # no --pin: refuses to certify,
# prints "self-consistent only"
shomei-memory-verify receipt.json --pin <wrong> --render # tamper test: "VERIFICATION FAILED"
shomei-memory-verify - --pin <key> --json # read receipt from stdin, machine output
Verify a receipt (library)
from shomei_memory_verify import verify_signed_receipt, render
result = verify_signed_receipt(open("receipt.json").read())
assert result.valid # ed25519 signature + receipt_hash both check
assert result.authenticated # ...and it matches the key you expected
print(render(result, expected_public_key_hex="<signer_public_key_hex>"))
Honest by construction
The human-readable statement (--render) never strengthens a claim beyond what verification
established. Certification language ("VERIFIED ✓", "this certifies…") is emitted only for an
authenticated result. A merely self-consistent (unpinned) receipt is downgraded to an explicit
"asserted, pending attribution" statement; an invalid receipt renders no certificate at all. The
explicit non-claims — what the receipt does not cover — are always shown verbatim.
© Shomei Labs. The verifier is open; the Shomei Memory engine and SDK are proprietary.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shomei_memory_verify-0.0.2.tar.gz.
File metadata
- Download URL: shomei_memory_verify-0.0.2.tar.gz
- Upload date:
- Size: 21.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7d86f5388ac46f967df6028858e8a0868592eed9af56e0026208317a2fdbe9d0
|
|
| MD5 |
6583cec8ef23a3fa78cbe97093315c44
|
|
| BLAKE2b-256 |
c37bdb1da13210a49d9c2f0da0167fa07be3cf4317fd3d0fc448697a256164d4
|
Provenance
The following attestation bundles were made for shomei_memory_verify-0.0.2.tar.gz:
Publisher:
release.yml on shomei-proof/shomei-memory-verify
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
shomei_memory_verify-0.0.2.tar.gz -
Subject digest:
7d86f5388ac46f967df6028858e8a0868592eed9af56e0026208317a2fdbe9d0 - Sigstore transparency entry: 1843445134
- Sigstore integration time:
-
Permalink:
shomei-proof/shomei-memory-verify@0ca860b10aca3dd2c15f1e2ecd5efbcbc4d321aa -
Branch / Tag:
refs/tags/v0.0.2 - Owner: https://github.com/shomei-proof
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@0ca860b10aca3dd2c15f1e2ecd5efbcbc4d321aa -
Trigger Event:
push
-
Statement type:
File details
Details for the file shomei_memory_verify-0.0.2-py3-none-any.whl.
File metadata
- Download URL: shomei_memory_verify-0.0.2-py3-none-any.whl
- Upload date:
- Size: 23.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6068a83e3d7b5fd075f7c01bd0d80e934ff5add942f5c03d51ed979c8a997488
|
|
| MD5 |
d2ae8295d87c2addda7f8849242bd95d
|
|
| BLAKE2b-256 |
96b00954ca2558b321047098cdd132bc20dc7d560f175dd9b983330db9055482
|
Provenance
The following attestation bundles were made for shomei_memory_verify-0.0.2-py3-none-any.whl:
Publisher:
release.yml on shomei-proof/shomei-memory-verify
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
shomei_memory_verify-0.0.2-py3-none-any.whl -
Subject digest:
6068a83e3d7b5fd075f7c01bd0d80e934ff5add942f5c03d51ed979c8a997488 - Sigstore transparency entry: 1843445285
- Sigstore integration time:
-
Permalink:
shomei-proof/shomei-memory-verify@0ca860b10aca3dd2c15f1e2ecd5efbcbc4d321aa -
Branch / Tag:
refs/tags/v0.0.2 - Owner: https://github.com/shomei-proof
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@0ca860b10aca3dd2c15f1e2ecd5efbcbc4d321aa -
Trigger Event:
push
-
Statement type:
