The independent verifier for AI systems
Project description
specora-verify
specora-verifyis the independent verifier for AI systems.Point it at an evidence bundle produced by any AI provider — Anthropic Claude Enterprise, OpenAI, Azure OpenAI, Amazon Bedrock, LangSmith Fleet — and it will tell you, offline, with no vendor account and no network calls, whether the bundle is cryptographically intact and whether the claims it carries are what they say they are.
No dashboard to log into. No SaaS subscription. No phone-home. Just a command-line tool, a public wire spec, and a set of golden test vectors you can reproduce yourself.
Availability: public
1.0.0release is scheduled for 2026-06-14 (PyPI publish, Homebrew tap, GitHub org public flip, and thespec.specora.aiwire-spec mirror all go live together). Until that flip the badges above and thepip install/brew installpaths below will not resolve — install from source in the meantime. The pre-flip distribution gate is tracked in docs/release-checklist.md and verifiable withpython tools/qa/check_l1_distribution.py.
Why this exists
When an AI system takes an action on behalf of a human — approves a loan, writes a pull request, files a regulatory form, moves money — somebody eventually has to verify that the action happened the way the operator says it did. Today, that verification is a promise. You trust the vendor's dashboard, the vendor's logs, and the vendor's incident reports. If the vendor is wrong, mistaken, or compromised, you find out after the fact, if at all.
specora-verify replaces the promise with a proof.
The principle: an auditor, a regulator, a customer, or a skeptical engineer should be able to verify a claim about an AI system without trusting the party that produced the claim. That is the same principle behind cosign for software supply chains, Certificate Transparency for the Web PKI, and Sigstore for open-source signing. specora-verify brings that principle to AI evidence.
The approach:
- Offline by default. No network access is required for the core verification path. An auditor with no internet access at a client site can still verify a bundle.
- Standard library only (for the core). The default verifier uses Python's standard library — no proprietary blobs, no hidden dependencies, no service calls.
- Wire spec is public. The evidence bundle format is documented at https://spec.specora.ai/v1.0 under a permissive license. Third parties can implement alternate verifiers against the same spec.
- Golden vectors are public. Every claim this tool makes can be reproduced against the published test vectors. If you don't trust the CLI, verify the vectors yourself in another language.
Install
pip (recommended for most users)
# Core verification (stdlib only, no external deps)
pip install specora-verify
# With cryptographic signature verification
pip install "specora-verify[crypto]"
# With network fetchers (S3, GitHub, DNS)
pip install "specora-verify[fetchers]"
# With Sigstore bundle support
pip install "specora-verify[sigstore]"
# Everything
pip install "specora-verify[all]"
Requires Python 3.11 or newer.
Homebrew (macOS / Linuxbrew)
brew tap SpecoraAI/tap
brew install specora-verify
The Homebrew formula installs the full [all] feature set.
Standalone binary
Platform-specific binaries are published on every release. Each binary is Sigstore-signed; verify before running.
# Linux x86_64
curl -LO https://github.com/SpecoraAI/specora-verify/releases/latest/download/specora-verify-linux-x86_64
curl -LO https://github.com/SpecoraAI/specora-verify/releases/latest/download/specora-verify-linux-x86_64.sigstore
cosign verify-blob \
--certificate-identity-regexp "^https://github.com/SpecoraAI/specora-verify/" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
--bundle specora-verify-linux-x86_64.sigstore \
specora-verify-linux-x86_64
chmod +x specora-verify-linux-x86_64
./specora-verify-linux-x86_64 --version
macOS (darwin-arm64, darwin-x86_64) and Windows (windows-x86_64.exe) builds are available from the same release page.
From source
git clone https://github.com/SpecoraAI/specora-verify.git
cd specora-verify
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
specora-verify --version
60-second quickstart
Every install ships with a self-test that runs the verifier against the published golden vectors:
$ specora-verify vectors verify
============================================================
SPECORA GOLDEN VECTOR VERIFICATION
============================================================
Vectors: 18 loaded
Passed: 18
Failed: 0
Status: PASS
============================================================
If this prints PASS, your verifier is byte-identical with the reference implementation and you can trust everything else it tells you. If it prints FAIL, something is wrong with either the install or the vectors — stop and investigate before relying on the tool.
Verify an evidence bundle
# Verify a bundle ZIP produced by any Specora-compatible producer
specora-verify bundle verify my-evidence-bundle.zip
# Verify an Ed25519 signature over a canonical artifact
specora-verify verify \
--artifact artifact.json \
--signature signature.b64 \
--public-key pubkey.pem
# Produce an archival verification receipt for an auditor
specora-verify emit-receipt \
--artifact artifact.json \
--signature signature.b64 \
--public-key pubkey.pem \
--out receipt.json
Out-of-band verification for existing AI providers
You don't have to be a Specora customer to use this tool. specora-verify ships with readers for the audit-log exports that major AI providers already produce, so any operator running on those platforms can produce a Specora-verifiable bundle with zero vendor cooperation.
# Anthropic Claude Enterprise Compliance API export
specora-verify read anthropic \
--input compliance.jsonl \
--key-id spk-abcd1234 \
--out bundle.sev
# Verify it
specora-verify bundle verify bundle.sev
Reader coverage at launch (2026-06-14):
- Anthropic Compliance API — docs · module
- AWS CloudTrail Lake + Bedrock Automated Reasoning Checks — docs · module
- Azure Confidential Ledger (entries + receipts, TEE attestation extracted) — docs · module
- OpenAI Compliance Platform (moderation/policy-check evidence, design-accurate pending live-data validation) — docs · module
- LangSmith Fleet (feedback scores / human annotations as first-class evidence, design-accurate pending live-data validation) — docs · module
Each reader is roughly 200 lines of Python and a schema-mapping document. Contributions for additional providers are welcome — see CONTRIBUTING.md.
Trust model
specora-verify proves cryptographic validity. It does not prove institutional authority. Specifically:
What a PASS means:
- The evidence bundle was signed by the holder of the private key corresponding to the public key you provided
- The canonical JSON hash of the bundle matches what the signature covers
- No bytes have been altered since signing
- If a revocation list is provided, the signing key is not on it at the time of verification
What a PASS does not mean:
- The public key actually belongs to the party you think it does — you must obtain the key through a trusted channel
- The AI system actually did what the bundle claims — the verifier verifies the evidence chain, not the underlying operation
- The evidence is fresh —
specora-verifydoes not check timestamps against wall-clock time - Nothing has been revoked on the signer's side after you fetched their public key
For production deployments, pair specora-verify with a key-transparency log or a published root key ceremony. See docs/trust-model.md for the full discussion.
Reproducing the golden vectors
Every hash and signature this tool emits is deterministic. You can verify them in a language of your choice by implementing Wire Spec v1.0 directly. The spec is short, the cryptography is Ed25519 (RFC 8032), and the canonical JSON rules are written out explicitly.
# The vectors directory
ls vectors/manifest/
ls vectors/signature/
ls vectors/anchor/
# Cross-check a single vector by hand
specora-verify canonicalize vectors/manifest/proof-manifest-001.json | sha256sum
If your independent implementation disagrees with specora-verify, we want to know. Open an issue and include your implementation — either specora-verify has a bug, or the spec is ambiguous. Both are worth fixing.
Integrations
specora-verify defines a public Evidence Source API (OpenAPI 3.1) that GRC platforms integrate against to ingest Specora evidence bundles as compliance evidence.
- OpenAPI spec: docs/openapi/evidence-source-v1.yaml
- Example payloads: docs/openapi/examples/
- GRC integration guide (for platform vendors): docs/integrations/grc-integration-guide.md
Supported GRC platforms (commercial connectors available from Specora):
- Drata — SOC 2, ISO 27001, ISO 42001
- Vanta (planned)
- Splunk (planned)
- AuditBoard (planned)
Documentation
- Wire Spec v1.0 (canonical): docs/wire-spec-v1.0.md — normative contract. The
spec.specora.ai/v1.0badge URL above is reserved for a future rendered view of this in-repo document; the repo is the authoritative source. - Versioning policy: docs/versioning-policy.md
- Quickstart tutorial: docs/quickstart.md
- Trust model: docs/trust-model.md
- Golden vectors guide: docs/vectors.md
- Reader reference: docs/readers/
- Evidence Source API (for GRC integrations): docs/openapi/evidence-source-v1.yaml
- Installation guide: docs/installation.md
- API reference (for library users): docs/api.md
Contributing
We welcome contributions. Start with CONTRIBUTING.md and the Code of Conduct. Bug reports, reader implementations for new providers, documentation improvements, and spec clarifications are all in scope.
Security
Found a vulnerability? Do not open a public issue. See SECURITY.md for private disclosure channels.
Governance
This project is currently stewarded by Specora, Inc., with a committed transition path to a neutral foundation (CNCF / LF / OpenSSF — decision pending Q4 2026). See GOVERNANCE.md for the full structure, maintainer roster, and future-state plan.
License
Apache License 2.0. See LICENSE and NOTICE.
Why is it called specora-verify and not something cooler?
Because the verifier's job is to verify. Naming it anything else would suggest it does more than that — and it doesn't. The independent verifier is the entire point.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file specora_verify-1.0.0rc2.tar.gz.
File metadata
- Download URL: specora_verify-1.0.0rc2.tar.gz
- Upload date:
- Size: 193.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
adf0eee28f3028fb90965c2aa37d506996e18eca56ddfa2fd53919e5b4b7b28a
|
|
| MD5 |
b5047f8dd87a8b803255ca0202f4512a
|
|
| BLAKE2b-256 |
e82955bf7ad81e8ec1c0eb43ad4d9fd96de359edd93226fb79e92d7a3f7a7414
|
Provenance
The following attestation bundles were made for specora_verify-1.0.0rc2.tar.gz:
Publisher:
ci.yml on SpecoraAI/specora-verify
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
specora_verify-1.0.0rc2.tar.gz -
Subject digest:
adf0eee28f3028fb90965c2aa37d506996e18eca56ddfa2fd53919e5b4b7b28a - Sigstore transparency entry: 1737335213
- Sigstore integration time:
-
Permalink:
SpecoraAI/specora-verify@85fd2b10cd7909816eb3469f420da75469e5dd46 -
Branch / Tag:
refs/tags/v1.0.0rc2 - Owner: https://github.com/SpecoraAI
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@85fd2b10cd7909816eb3469f420da75469e5dd46 -
Trigger Event:
push
-
Statement type:
File details
Details for the file specora_verify-1.0.0rc2-py3-none-any.whl.
File metadata
- Download URL: specora_verify-1.0.0rc2-py3-none-any.whl
- Upload date:
- Size: 178.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
43ea620a82e57fede63ad05e8986a42cf34d1bdfb71c86e8312b58ed1f72928b
|
|
| MD5 |
4287607e2719133a4e350dca4e22e211
|
|
| BLAKE2b-256 |
78ac0b1e1fe6c7fce2930436dfd45c8119b3b7d265565257b01862a39d313a9c
|
Provenance
The following attestation bundles were made for specora_verify-1.0.0rc2-py3-none-any.whl:
Publisher:
ci.yml on SpecoraAI/specora-verify
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
specora_verify-1.0.0rc2-py3-none-any.whl -
Subject digest:
43ea620a82e57fede63ad05e8986a42cf34d1bdfb71c86e8312b58ed1f72928b - Sigstore transparency entry: 1737335240
- Sigstore integration time:
-
Permalink:
SpecoraAI/specora-verify@85fd2b10cd7909816eb3469f420da75469e5dd46 -
Branch / Tag:
refs/tags/v1.0.0rc2 - Owner: https://github.com/SpecoraAI
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@85fd2b10cd7909816eb3469f420da75469e5dd46 -
Trigger Event:
push
-
Statement type: