Skip to main content

Independently verify a Touchstone disclosure — zero dependencies, pure Python.

Project description

touchstone-verify

Independently verify a Touchstone disclosure — in pure Python, with zero dependencies. Read it before you trust it: it's a small, self-contained file.

A disclosure is a tamper-evident slice of an agent's action log. This package re-derives, with no trust in Touchstone, that the slice is intact (entry hashes recompute), attributed (the subject's Ed25519 signature holds, epoch-aware across key rotation), and ordered (hash-chained, with checkpoints that are append-only, server-signed, and witness-co-signed). It also checks selective-disclosure field proofs and reports the external anchors. It proves tampering by anyone who is not Touchstone — it does not prove completeness, and says so.

It agrees byte-for-byte with the other two Touchstone verifiers (verify.php, verifier.js): all three are tested against the same conformance corpus.

Install

pip install touchstone-verify

Use

Command line — pass a file, a URL, or a disclosure token:

touchstone-verify https://touchstone.cv/d/833cd4ca23fbb940dd71843ca47a807e
touchstone-verify ./bundle.json
touchstone-verify 833cd4ca23fbb940dd71843ca47a807e        # fetches from touchstone.cv

Exit code 0 = verified, 1 = a load-bearing check failed, 2 = couldn't load.

Library:

from touchstone_verify import verify_disclosure
import json, urllib.request

bundle = json.load(urllib.request.urlopen("https://touchstone.cv/d/<token>"))
result = verify_disclosure(bundle)
print(result["ok"])           # True / False
for e in result["entries"]:
    for c in e["checks"]:
        print(c["ok"], c["msg"])

Grade a receipt's columns by k

from touchstone_verify import grade_columns, find_columns
import json, urllib.request

doc = json.load(urllib.request.urlopen("https://touchstone.cv/columns/<recorder>/<seq>"))
cols, digest = find_columns(doc)
r = grade_columns(cols, digest)
print(r["coherent"], r["min_k"])     # True / cheapest falsehood path (min k across load-bearing columns)

k is the minimum number of independent parties who must collude before a column can be false, computed from the evidence (never the declared grade): k=0 re-derivable, k = 1 + distinct-control witnesses (co-sigs collapse on a shared key or a receipt-carried controller binding, so it's an upper bound), k=1 testimony. Declaring more strength than the evidence supports fails closed.

What it checks

  • Integrity — every entry_hash recomputes from its fields, including the beacon fold: a beacon_binding recorder's entries carry server_beacon = {chain, round, randomness} as a final beacon:<chain>:<round>:<randomness> line of the preimage (a checkable not-before). Absent → the exact legacy 7-field preimage, so older entries verify unchanged.
  • Attribution — the subject signature verifies over the canonical signed content; genesis proof-of-possession; key_rotation new-key PoP; counterparty co-signatures.
  • Orderingprev_hash chain linkage; Merkle inclusion in the cited checkpoint.
  • Checkpoints — server signature over each Merkle root; append-only linkage between consecutive checkpoints; independent witness co-signatures.
  • Selective disclosure — each revealed field proves Merkle inclusion in payload_hash; withheld fields never appear in the bundle.

For split-view / Bitcoin-anchor cross-checking across independent relays, see the companion gossip_check.py at https://touchstone.cv/gossip_check.py.

License

Apache-2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

touchstone_verify-0.4.0.tar.gz (20.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

touchstone_verify-0.4.0-py3-none-any.whl (18.8 kB view details)

Uploaded Python 3

File details

Details for the file touchstone_verify-0.4.0.tar.gz.

File metadata

  • Download URL: touchstone_verify-0.4.0.tar.gz
  • Upload date:
  • Size: 20.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for touchstone_verify-0.4.0.tar.gz
Algorithm Hash digest
SHA256 d52bbed75f7feb2b2f5906faf8a942328d5bbba0b3828ad6998e0bb5ab8870c7
MD5 32f9088977b148835e52092f21a7310e
BLAKE2b-256 189796d74798a9c060e6fc095ec30a46b17f8cc5173ef6ce9ed3f8d0bdd7435e

See more details on using hashes here.

Provenance

The following attestation bundles were made for touchstone_verify-0.4.0.tar.gz:

Publisher: release.yml on Touchstone-CV/touchstone-verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file touchstone_verify-0.4.0-py3-none-any.whl.

File metadata

File hashes

Hashes for touchstone_verify-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 986232a3a51ce590dc78918482833612f86bf1404b58d524e4c5518b955cb965
MD5 47817653b8d8012b5123f30d8d81fff3
BLAKE2b-256 7c282a259bc013d9d960531b5d674a22bbf36717c57e798c81aabc5d3a18230e

See more details on using hashes here.

Provenance

The following attestation bundles were made for touchstone_verify-0.4.0-py3-none-any.whl:

Publisher: release.yml on Touchstone-CV/touchstone-verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page