Skip to main content

Voltry evidence bundle — THE contract. Typed models, RFC 8785 canonical serialization, ECDSA P-384 sign/verify, generated JSON Schema.

Project description

voltry-evidence-schema

The Voltry evidence bundle: the signed contract behind every Voltry Probe scan and certificate.

Note the naming: the PyPI distribution is voltry-evidence-schema, the Python package you import is evidence_schema.

pip install voltry-evidence-schema
import evidence_schema

What it provides

  • Typed pydantic v2 models (EvidenceBundle and its blocks). Measured facts and modeled estimates are distinct types by construction; there is no single score anywhere in the schema, and no price field exists.
  • One canonical serializer: RFC 8785 (JCS) over the bundle minus its signature. This is the only path to signable bytes.
  • ECDSA P-384 (secp384r1) with SHA-384 sign and verify over those canonical bytes.
  • A generated JSON Schema for cross-language consumers.

Quick start

import json
from evidence_schema import EvidenceBundle, verify_bundle

bundle = EvidenceBundle.model_validate(json.load(open("bundle.json")))
print(verify_bundle(bundle))  # True only if the signature covers these exact bytes

Command line:

# Round-trip demo: build, canonicalize, sign, verify, tamper, verify fails
python -m evidence_schema.demo

# Emit the JSON Schema for non-Python consumers
evidence-schema-jsonschema -o evidence_bundle.schema.json

Stability

The schema is versioned semantically and the 1.x line is frozen wide: a bundle captured today remains valid and replayable indefinitely. Additive fields are minor versions; anything breaking is a major version with a migration path. Canonical bytes are covered by golden-vector tests on every supported Python version (3.10 through 3.13).

License

Apache-2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

voltry_evidence_schema-1.0.0.tar.gz (35.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

voltry_evidence_schema-1.0.0-py3-none-any.whl (26.6 kB view details)

Uploaded Python 3

File details

Details for the file voltry_evidence_schema-1.0.0.tar.gz.

File metadata

  • Download URL: voltry_evidence_schema-1.0.0.tar.gz
  • Upload date:
  • Size: 35.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for voltry_evidence_schema-1.0.0.tar.gz
Algorithm Hash digest
SHA256 cfddb914c174929ea76cda0fafa77dc3efcd8ba8a96f8ea2cf5d47b8fe5ff149
MD5 855b9fa6efdc012e58470138b90e7ba8
BLAKE2b-256 a9fef556a791e124c6e91de9f51af9781a8f4aa5183b74011bdf516b1722db49

See more details on using hashes here.

Provenance

The following attestation bundles were made for voltry_evidence_schema-1.0.0.tar.gz:

Publisher: release.yml on Voltry-tech/core

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file voltry_evidence_schema-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for voltry_evidence_schema-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 44cffaf2d67a4fe59407d027f4433388609b6605c8eef4d4868fbf64f0a9cf6c
MD5 8e92edc2d3ed757c289329e63bc9aac6
BLAKE2b-256 c47ed2515c75424f4d0244ef6c9dd5075563c02486035bf985e3b733347f0e4d

See more details on using hashes here.

Provenance

The following attestation bundles were made for voltry_evidence_schema-1.0.0-py3-none-any.whl:

Publisher: release.yml on Voltry-tech/core

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page