@attested-intelligence/aga-verify 1.0.0

package/README.md

@@ -0,0 +1,56 @@
+# AGA Independent Verifier (`@attested-intelligence/aga-verify`)
+
+Standalone verification of AGA **Evidence Bundles** using only standard
+cryptographic primitives. **This verifier imports zero modules from the
+AGA codebase** — it depends only on `@noble/ed25519` and `@noble/hashes`.
+
+## Why this exists
+
+AGA claims that Evidence Bundles provide tamper-evident, offline-verifiable
+proof of governance enforcement. This tool proves that claim is checkable by
+**anyone**, with no trust in AGA's own code: it re-implements the complete
+verification from scratch and runs against a bundle you provide.
+
+## Quickstart
+
+```bash
+# verify any AGA evidence bundle
+npx @attested-intelligence/aga-verify <bundle.json>
+
+# or smoke-test against the bundled canonical example
+npx @attested-intelligence/aga-verify example-bundle.json
+```
+
+Exit code is `0` on `VERIFIED`, `1` on `FAILED` — usable directly in CI.
+
+`example-bundle.json` is a real, signed evidence bundle produced by the
+reference implementation (the AI-agent governance scenario); it is shipped so
+a third party can confirm the verifier end-to-end in one command.
+
+## What it verifies
+
+1. **Artifact signature** — Ed25519 over RFC 8785 canonical JSON.
+2. **Receipt signatures** — Ed25519 for each enforcement receipt.
+3. **Merkle inclusion proofs** — structural-metadata leaf hashes vs. the checkpoint root.
+4. **Checkpoint anchor** — optional; requires network access (skipped offline).
+
+Steps 1–3 are fully offline. Step 4 is optional.
+
+## Independence guarantee
+
+The published package's only runtime dependencies are `@noble/ed25519` and
+`@noble/hashes`. It contains no AGA code and makes no network calls for steps
+1–3. You can confirm this from the dependency tree (`npm ls`) and by reading
+the single source file, `verify.ts`.
+
+## From source
+
+```bash
+npm install
+npm test          # vitest, including the zero-AGA-imports assertion
+npm run build     # bundles verify.ts -> dist/aga-verify.mjs (esbuild)
+node dist/aga-verify.mjs example-bundle.json
+```
+
+---
+Attested Intelligence Holdings LLC. Implements the AGA four-step offline verification process.

package/dist/aga-verify.mjs

@@ -0,0 +1,163 @@
+#!/usr/bin/env node
+
+// verify.ts
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+import { sha256 } from "@noble/hashes/sha256";
+import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
+ed.etc.sha512Sync = (...m) => {
+  const total = m.reduce((n, a) => n + a.length, 0);
+  const buf = new Uint8Array(total);
+  let off = 0;
+  for (const a of m) {
+    buf.set(a, off);
+    off += a.length;
+  }
+  return sha512(buf);
+};
+var enc = new TextEncoder();
+function deepSortKeys(obj) {
+  if (obj === null || obj === void 0 || typeof obj !== "object") return obj;
+  if (Array.isArray(obj)) return obj.map(deepSortKeys);
+  if (obj instanceof Uint8Array) return obj;
+  const sorted = {};
+  for (const key of Object.keys(obj).sort()) {
+    sorted[key] = deepSortKeys(obj[key]);
+  }
+  return sorted;
+}
+function canonicalize(obj) {
+  return JSON.stringify(deepSortKeys(obj));
+}
+function sha256Hex(data) {
+  return bytesToHex(sha256(enc.encode(data)));
+}
+function verifyEd25519(sigBase64, message, publicKeyHex) {
+  try {
+    const sig = new Uint8Array(Buffer.from(sigBase64, "base64"));
+    const pk = hexToBytes(publicKeyHex);
+    return ed.verify(sig, enc.encode(message), pk);
+  } catch {
+    return false;
+  }
+}
+function merkleParentHash(left, right) {
+  return sha256Hex(left + right);
+}
+function verifyArtifactSignature(artifact) {
+  const { signature, ...unsigned } = artifact;
+  const canonical = canonicalize(unsigned);
+  return verifyEd25519(signature, canonical, artifact.issuer_identifier);
+}
+function verifyReceiptSignatures(receipts, portalPublicKey) {
+  return receipts.map((receipt) => {
+    const { portal_signature, ...unsigned } = receipt;
+    const canonical = canonicalize(unsigned);
+    return verifyEd25519(portal_signature, canonical, portalPublicKey);
+  });
+}
+function verifyMerkleProofs(proofs, checkpointRoot) {
+  return proofs.map((proof) => {
+    let hash = proof.leafHash;
+    for (const sibling of proof.siblings) {
+      hash = sibling.position === "left" ? merkleParentHash(sibling.hash, hash) : merkleParentHash(hash, sibling.hash);
+    }
+    return hash === checkpointRoot;
+  });
+}
+function verifyCheckpointAnchor(_checkpoint) {
+  return "SKIPPED";
+}
+function validateBundleShape(b) {
+  if (b === null || typeof b !== "object" || Array.isArray(b)) return "not a JSON object";
+  if (typeof b.artifact !== "object" || b.artifact === null) return 'missing "artifact" object';
+  if (typeof b.artifact.signature !== "string") return 'missing "artifact.signature"';
+  if (typeof b.artifact.issuer_identifier !== "string") return 'missing "artifact.issuer_identifier"';
+  if (!Array.isArray(b.receipts)) return 'missing "receipts" array';
+  if (typeof b.public_key !== "string") return 'missing "public_key"';
+  if (!Array.isArray(b.merkle_proofs)) return 'missing "merkle_proofs" array';
+  if (typeof b.checkpoint_reference !== "object" || b.checkpoint_reference === null || typeof b.checkpoint_reference.merkle_root !== "string") {
+    return 'missing "checkpoint_reference.merkle_root"';
+  }
+  return null;
+}
+function verifyEvidenceBundle(bundleJson) {
+  const errors = [];
+  let bundle;
+  try {
+    bundle = JSON.parse(bundleJson);
+  } catch {
+    return {
+      step1_artifact_sig: false,
+      step2_receipt_sigs: false,
+      step3_merkle_proofs: false,
+      step4_anchor: "SKIPPED",
+      overall: false,
+      errors: ["Failed to parse bundle JSON"],
+      details: { receipt_results: [], proof_results: [] }
+    };
+  }
+  const shapeError = validateBundleShape(bundle);
+  if (shapeError) {
+    return {
+      step1_artifact_sig: false,
+      step2_receipt_sigs: false,
+      step3_merkle_proofs: false,
+      step4_anchor: "SKIPPED",
+      overall: false,
+      errors: [`unrecognized evidence-bundle format: ${shapeError}`],
+      details: { receipt_results: [], proof_results: [] }
+    };
+  }
+  const step1 = verifyArtifactSignature(bundle.artifact);
+  if (!step1) errors.push("Artifact signature verification failed");
+  const receiptResults = verifyReceiptSignatures(bundle.receipts, bundle.public_key);
+  const step2 = receiptResults.every((r) => r);
+  receiptResults.forEach((r, i) => {
+    if (!r) errors.push(`Receipt ${bundle.receipts[i].receipt_id} signature failed`);
+  });
+  const proofResults = verifyMerkleProofs(bundle.merkle_proofs, bundle.checkpoint_reference.merkle_root);
+  const step3 = proofResults.length === 0 ? true : proofResults.every((r) => r);
+  proofResults.forEach((r, i) => {
+    if (!r) errors.push(`Merkle proof ${i} failed`);
+  });
+  const step4 = verifyCheckpointAnchor(bundle.checkpoint_reference);
+  return {
+    step1_artifact_sig: step1,
+    step2_receipt_sigs: step2,
+    step3_merkle_proofs: step3,
+    step4_anchor: step4,
+    overall: step1 && step2 && step3,
+    errors,
+    details: { receipt_results: receiptResults, proof_results: proofResults }
+  };
+}
+if (typeof process !== "undefined" && process.argv[1]?.includes("verify")) {
+  const { readFileSync } = await import("node:fs");
+  const bundlePath = process.argv[2];
+  if (!bundlePath) {
+    console.error("Usage: npx tsx verify.ts <bundle.json>");
+    process.exit(1);
+  }
+  const bundleJson = readFileSync(bundlePath, "utf-8");
+  const result = verifyEvidenceBundle(bundleJson);
+  console.log("\nAGA Independent Verifier\n");
+  console.log(`Step 1 - Artifact signature:     ${result.step1_artifact_sig ? "PASS" : "FAIL"}`);
+  console.log(`Step 2 - Receipt signatures:     ${result.step2_receipt_sigs ? "PASS" : "FAIL"} (${result.details.receipt_results.filter((r) => r).length}/${result.details.receipt_results.length})`);
+  console.log(`Step 3 - Merkle inclusion proofs: ${result.step3_merkle_proofs ? "PASS" : "FAIL"} (${result.details.proof_results.filter((r) => r).length}/${result.details.proof_results.length})`);
+  console.log(`Step 4 - Checkpoint anchor:      ${result.step4_anchor}`);
+  console.log(`
+OVERALL: ${result.overall ? "VERIFIED" : "FAILED"}`);
+  if (result.errors.length) {
+    console.log("\nErrors:");
+    result.errors.forEach((e) => console.log(`  - ${e}`));
+  }
+  process.exit(result.overall ? 0 : 1);
+}
+export {
+  verifyArtifactSignature,
+  verifyCheckpointAnchor,
+  verifyEvidenceBundle,
+  verifyMerkleProofs,
+  verifyReceiptSignatures
+};

package/example-bundle.json

@@ -0,0 +1,284 @@
+{
+  "artifact": {
+    "schema_version": "1.0.0",
+    "protocol_version": "1.0.0",
+    "subject_identifier": {
+      "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
+      "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
+    },
+    "policy_reference": "c5090e8677afc35133da645aa2aecdcd36cd67184dfcfe031f1c55d5d1294020",
+    "policy_version": 4,
+    "sealed_hash": "1dd8ed34d6cd1c1c5cec647d26cc4c3676d7796a729376bb3fcf26b2a6edba33",
+    "seal_salt": "910887666ac8dc2b7db5695fd0186b4e",
+    "issued_timestamp": "2026-06-02T08:30:36.164Z",
+    "effective_timestamp": "2026-06-02T08:30:36.164Z",
+    "expiration_timestamp": null,
+    "issuer_identifier": "ac92dd48402bf3255177df55198c449dc61e36c97a3ed62e81462e72f741b311",
+    "enforcement_parameters": {
+      "measurement_cadence_ms": 200,
+      "ttl_seconds": 3600,
+      "enforcement_triggers": [
+        "QUARANTINE",
+        "TERMINATE",
+        "SAFE_STATE"
+      ],
+      "re_attestation_required": true,
+      "measurement_types": [
+        "EXECUTABLE_IMAGE",
+        "LOADED_MODULES",
+        "CONFIG_MANIFEST"
+      ],
+      "behavioral_baseline": {
+        "permitted_tools": [
+          "web_search",
+          "code_execute",
+          "file_read",
+          "summarize"
+        ],
+        "forbidden_sequences": [
+          [
+            "file_read",
+            "web_search",
+            "code_execute"
+          ]
+        ],
+        "rate_limits": {
+          "web_search": 20,
+          "code_execute": 10,
+          "file_read": 30,
+          "summarize": 50
+        }
+      }
+    },
+    "disclosure_policy": {
+      "claims_taxonomy": [
+        {
+          "claim_id": "agent.model_weights_hash",
+          "sensitivity": "S4_CRITICAL",
+          "substitutes": [
+            "agent.model_family",
+            "agent.model_generation"
+          ],
+          "inference_risks": [],
+          "permitted_modes": []
+        },
+        {
+          "claim_id": "agent.model_family",
+          "sensitivity": "S2_MODERATE",
+          "substitutes": [
+            "agent.model_generation"
+          ],
+          "inference_risks": [],
+          "permitted_modes": [
+            "REVEAL_MIN",
+            "REVEAL_FULL"
+          ]
+        },
+        {
+          "claim_id": "agent.model_generation",
+          "sensitivity": "S1_LOW",
+          "substitutes": [],
+          "inference_risks": [],
+          "permitted_modes": [
+            "PROOF_ONLY",
+            "REVEAL_MIN",
+            "REVEAL_FULL"
+          ]
+        }
+      ],
+      "substitution_rules": []
+    },
+    "evidence_commitments": [
+      {
+        "commitment": "3a7cafa939fa3732b4d36875b8909b467a2d063ce01c617b1f491983f9b8de71",
+        "salt": "eb5050aaff095529b52e03f920f32736",
+        "label": "model_card"
+      },
+      {
+        "commitment": "8f6a61abea33aca30d67af6fee22780ac2b689058882f70f8723c9f37d8da8bd",
+        "salt": "edba40897cd4d45923f00891c11d7746",
+        "label": "scope_approval"
+      }
+    ],
+    "signature": "X9IEtvUlU8AUixd/ZTbWqUGFhfqEbeQKYZy3/nzKhbj43uYS678X8BV+7hrd26Ts1m2hbUa+JHPAqzgj+z5YDg=="
+  },
+  "receipts": [
+    {
+      "receipt_id": "c77294b7-567f-4019-bc82-1db8f8b41a36",
+      "subject_identifier": {
+        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
+        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
+      },
+      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
+      "current_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "drift_detected": false,
+      "drift_description": null,
+      "enforcement_action": null,
+      "measurement_type": "EXECUTABLE_IMAGE",
+      "timestamp": "2026-06-02T08:30:36.178Z",
+      "sequence_number": 0,
+      "previous_leaf_hash": "dea5872156dd67a5cf43b9124ce0e8d0d33090a4186a98f573c55666ea172739",
+      "portal_signature": "TaIz2Tb0TCE34lKD0UKdTqpQzThourYzGZHhpVPajy6C2bBA3oJsbE9BpZhx3utm62O1erKYOlT/WWUAVCGjDg=="
+    },
+    {
+      "receipt_id": "a5900acb-2d66-4235-9347-d7da49d8dc0b",
+      "subject_identifier": {
+        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
+        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
+      },
+      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
+      "current_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "drift_detected": false,
+      "drift_description": null,
+      "enforcement_action": null,
+      "measurement_type": "EXECUTABLE_IMAGE",
+      "timestamp": "2026-06-02T08:30:36.180Z",
+      "sequence_number": 1,
+      "previous_leaf_hash": "5ed1a416eb4c97b358cfceb1b3a0a662a698f1be2425b0063f546e4a2402f398",
+      "portal_signature": "lAhEHV/upEaWALRHCaqVc+thPmKdHHlGDGiFYvdv1TTtGzZLQ8S5Zjgm3jqGVactI+ntlwIbdNp6qhOY+CFkBA=="
+    },
+    {
+      "receipt_id": "e06a3914-392b-4b6d-870b-48d9058cde2c",
+      "subject_identifier": {
+        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
+        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
+      },
+      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
+      "current_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "drift_detected": false,
+      "drift_description": null,
+      "enforcement_action": null,
+      "measurement_type": "EXECUTABLE_IMAGE",
+      "timestamp": "2026-06-02T08:30:36.182Z",
+      "sequence_number": 2,
+      "previous_leaf_hash": "893cefa6bddc9c8a40c6655e938f912cec5daef0f6a9074bd4d27ca09ad4af9c",
+      "portal_signature": "HGpzkE4CK1QNXngHafIe4sr7ydqs7ZY0ZD7+me8vPw4RxtqBMAWfi200A9dC5OvDcN4zwZcwWF51oqBNk1l2Cw=="
+    },
+    {
+      "receipt_id": "0040e0cc-e560-4014-86d0-1b294f3d4b4c",
+      "subject_identifier": {
+        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
+        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
+      },
+      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
+      "current_hash": "950e5c3896a95e42d179500a6b61543f707285b8ee889327eb1be92daeec7f60",
+      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
+      "drift_detected": true,
+      "drift_description": "Behavioral drift: forbidden tool sequence (data exfiltration pattern)",
+      "enforcement_action": "TERMINATE",
+      "measurement_type": "EXECUTABLE_IMAGE",
+      "timestamp": "2026-06-02T08:30:36.192Z",
+      "sequence_number": 3,
+      "previous_leaf_hash": "838f59b7c940b3061018f6c70c13c2e2ef17554659fb48dafd33af267d5d2026",
+      "portal_signature": "vMEgOydXm63Hgwm4+A75VKYsJ0BceNfR/juEEXmQh9/KmXpVDlTuXoHi3EHOUOv/t8Qey7rxfuldAq8hp+FkCA=="
+    }
+  ],
+  "merkle_proofs": [
+    {
+      "leafHash": "5ed1a416eb4c97b358cfceb1b3a0a662a698f1be2425b0063f546e4a2402f398",
+      "leafIndex": 2,
+      "siblings": [
+        {
+          "hash": "893cefa6bddc9c8a40c6655e938f912cec5daef0f6a9074bd4d27ca09ad4af9c",
+          "position": "right"
+        },
+        {
+          "hash": "db44e24f99b8086c7194eabcd240ef2b38f9d1214d49cc31337c45462a494082",
+          "position": "left"
+        },
+        {
+          "hash": "0463d91f9baebddee57414e78c8d22507a9d33a0ce5a7bfa882e2ccb4c98a13c",
+          "position": "right"
+        },
+        {
+          "hash": "71b83667104222412e522e83ce89978fbde04d0c02eabf0e1e759aadbde0dac2",
+          "position": "right"
+        }
+      ],
+      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+    },
+    {
+      "leafHash": "893cefa6bddc9c8a40c6655e938f912cec5daef0f6a9074bd4d27ca09ad4af9c",
+      "leafIndex": 3,
+      "siblings": [
+        {
+          "hash": "5ed1a416eb4c97b358cfceb1b3a0a662a698f1be2425b0063f546e4a2402f398",
+          "position": "left"
+        },
+        {
+          "hash": "db44e24f99b8086c7194eabcd240ef2b38f9d1214d49cc31337c45462a494082",
+          "position": "left"
+        },
+        {
+          "hash": "0463d91f9baebddee57414e78c8d22507a9d33a0ce5a7bfa882e2ccb4c98a13c",
+          "position": "right"
+        },
+        {
+          "hash": "71b83667104222412e522e83ce89978fbde04d0c02eabf0e1e759aadbde0dac2",
+          "position": "right"
+        }
+      ],
+      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+    },
+    {
+      "leafHash": "56bda530fe8e6813c6fef0577596c9f35aa21f8f90d6f8593d3831b39e565fc3",
+      "leafIndex": 4,
+      "siblings": [
+        {
+          "hash": "6f98d48d7117d51064d72ff13c2c84d379c906f540e370d01e1759e957653788",
+          "position": "right"
+        },
+        {
+          "hash": "74d7296252184052fcf08c23c6c60ef6efd34c86e743c441886c3f44fbd3ef28",
+          "position": "right"
+        },
+        {
+          "hash": "36a5c22125121fb0f9c7645f06454c48151970c297942e9025d2e8a0d0bc2a2b",
+          "position": "left"
+        },
+        {
+          "hash": "71b83667104222412e522e83ce89978fbde04d0c02eabf0e1e759aadbde0dac2",
+          "position": "right"
+        }
+      ],
+      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+    },
+    {
+      "leafHash": "13d4765f15b72d5e4192fc6f3c2efcc2d46b00df515d86a23b4c38c896a415b3",
+      "leafIndex": 9,
+      "siblings": [
+        {
+          "hash": "838f59b7c940b3061018f6c70c13c2e2ef17554659fb48dafd33af267d5d2026",
+          "position": "left"
+        },
+        {
+          "hash": "69479007abe86c6e09f6453dfa2762996a3cdc10b9df03e31b477958898877c8",
+          "position": "right"
+        },
+        {
+          "hash": "1b19cbeb9a5ecdb1c209447c9292a00d8699a18211fa3a97d0dc9776f9c64575",
+          "position": "right"
+        },
+        {
+          "hash": "e9599515a3379cc1ae106b51c80424db87db3c8ee57855f282843afdc12eda40",
+          "position": "left"
+        }
+      ],
+      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+    }
+  ],
+  "checkpoint_reference": {
+    "merkle_root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9",
+    "batch_start_sequence": 0,
+    "batch_end_sequence": 9,
+    "anchor_network": "local",
+    "transaction_id": "local:04bb72ce-9af3-4406-95c9-0ad269d87696",
+    "timestamp": "2026-06-02T08:30:36.195Z"
+  },
+  "public_key": "6a65398e54dcecb4a8a3a38d351ce4ba947bae215a78d38a259959d609abd4fe",
+  "verification_tier": "GOLD",
+  "bundle_signature": "O6erEOh0UwH9vIEpkrdRKJl3wYb6d8RlS30I4jXeV+aKQOFSaOHuc4JF1KM73pLcGpqEv5c3slDxEs4loinMCg=="
+}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@attested-intelligence/aga-verify",
+  "version": "1.0.0",
+  "description": "Standalone, AGA-independent verifier for AGA Evidence Bundles (Ed25519 + SHA-256 via @noble; zero AGA imports).",
+  "type": "module",
+  "license": "MIT",
+  "author": "Attested Intelligence Holdings LLC",
+  "homepage": "https://attestedintelligence.com/technology",
+  "keywords": [
+    "aga",
+    "evidence-bundle",
+    "verifier",
+    "ed25519",
+    "merkle",
+    "offline-verification",
+    "attested-intelligence",
+    "ai-governance"
+  ],
+  "bin": {
+    "aga-verify": "dist/aga-verify.mjs"
+  },
+  "files": [
+    "dist/",
+    "verify.ts",
+    "example-bundle.json",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "node build.mjs",
+    "test": "vitest run",
+    "prepublishOnly": "node build.mjs && vitest run"
+  },
+  "dependencies": {
+    "@noble/ed25519": "^2.1.0",
+    "@noble/hashes": "^1.7.0"
+  },
+  "devDependencies": {
+    "esbuild": "^0.27.4",
+    "tsx": "^4.19.0",
+    "vitest": "^2.1.0"
+  }
+}

package/verify.ts

@@ -0,0 +1,240 @@
+/**
+ * AGA Independent Verifier
+ *
+ * Standalone verification of AGA Evidence Bundles using ONLY standard
+ * cryptographic libraries. This verifier imports ZERO modules from the
+ * AGA codebase (../src/).
+ *
+ * Implements the full 4-step verification process:
+ * 1. Verify artifact signature (Ed25519 over RFC 8785 canonical JSON)
+ * 2. Verify each receipt signature (Ed25519)
+ * 3. Verify Merkle inclusion proofs (structural metadata leaf hashes vs checkpoint root)
+ * 4. (Optional) Verify checkpoint anchor
+ *
+ * Steps 1-3 work fully offline. Step 4 is optional.
+ *
+ * Attested Intelligence Holdings LLC
+ */
+import * as ed from '@noble/ed25519';
+import { sha512 } from '@noble/hashes/sha512';
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+
+// ── Ed25519 setup ────────────────────────────────────────────
+ed.etc.sha512Sync = (...m: Uint8Array[]) => {
+  const total = m.reduce((n, a) => n + a.length, 0);
+  const buf = new Uint8Array(total);
+  let off = 0;
+  for (const a of m) { buf.set(a, off); off += a.length; }
+  return sha512(buf);
+};
+
+const enc = new TextEncoder();
+
+// ── Types (reimplemented, no AGA imports) ────────────────────
+
+export interface VerificationResult {
+  step1_artifact_sig: boolean;
+  step2_receipt_sigs: boolean;
+  step3_merkle_proofs: boolean;
+  step4_anchor: 'VERIFIED' | 'SKIPPED';
+  overall: boolean;
+  errors: string[];
+  details: {
+    receipt_results: boolean[];
+    proof_results: boolean[];
+  };
+}
+
+interface MerkleProof {
+  leafHash: string;
+  leafIndex: number;
+  siblings: Array<{ hash: string; position: 'left' | 'right' }>;
+  root: string;
+}
+
+interface EvidenceBundle {
+  artifact: Record<string, unknown> & { signature: string; issuer_identifier: string };
+  receipts: Array<Record<string, unknown> & { portal_signature: string; receipt_id: string }>;
+  merkle_proofs: MerkleProof[];
+  checkpoint_reference: { merkle_root: string; [key: string]: unknown };
+  public_key: string;
+  bundle_signature: string;
+  verification_tier?: string;
+}
+
+// ── Crypto helpers (reimplemented from scratch) ──────────────
+
+function deepSortKeys(obj: unknown): unknown {
+  if (obj === null || obj === undefined || typeof obj !== 'object') return obj;
+  if (Array.isArray(obj)) return obj.map(deepSortKeys);
+  if (obj instanceof Uint8Array) return obj;
+  const sorted: Record<string, unknown> = {};
+  for (const key of Object.keys(obj as Record<string, unknown>).sort()) {
+    sorted[key] = deepSortKeys((obj as Record<string, unknown>)[key]);
+  }
+  return sorted;
+}
+
+function canonicalize(obj: unknown): string {
+  return JSON.stringify(deepSortKeys(obj));
+}
+
+function sha256Hex(data: string): string {
+  return bytesToHex(sha256(enc.encode(data)));
+}
+
+function verifyEd25519(sigBase64: string, message: string, publicKeyHex: string): boolean {
+  try {
+    const sig = new Uint8Array(Buffer.from(sigBase64, 'base64'));
+    const pk = hexToBytes(publicKeyHex);
+    return ed.verify(sig, enc.encode(message), pk);
+  } catch { return false; }
+}
+
+function merkleParentHash(left: string, right: string): string {
+  return sha256Hex(left + right);
+}
+
+// ── Step 1: Verify artifact signature (Ed25519) ─────────────
+
+export function verifyArtifactSignature(artifact: EvidenceBundle['artifact']): boolean {
+  const { signature, ...unsigned } = artifact;
+  const canonical = canonicalize(unsigned);
+  return verifyEd25519(signature, canonical, artifact.issuer_identifier);
+}
+
+// ── Step 2: Verify each receipt signature (Ed25519) ──────────
+
+export function verifyReceiptSignatures(receipts: EvidenceBundle['receipts'], portalPublicKey: string): boolean[] {
+  return receipts.map(receipt => {
+    const { portal_signature, ...unsigned } = receipt;
+    const canonical = canonicalize(unsigned);
+    return verifyEd25519(portal_signature, canonical, portalPublicKey);
+  });
+}
+
+// ── Step 3: Verify Merkle inclusion proofs ───────────────────
+
+export function verifyMerkleProofs(proofs: MerkleProof[], checkpointRoot: string): boolean[] {
+  return proofs.map(proof => {
+    let hash = proof.leafHash;
+    for (const sibling of proof.siblings) {
+      hash = sibling.position === 'left'
+        ? merkleParentHash(sibling.hash, hash)
+        : merkleParentHash(hash, sibling.hash);
+    }
+    return hash === checkpointRoot;
+  });
+}
+
+// ── Step 4 (optional): Verify checkpoint anchor ─────────────
+
+export function verifyCheckpointAnchor(_checkpoint: Record<string, unknown>): 'VERIFIED' | 'SKIPPED' {
+  // Offline mode - no network access to verify on-chain anchor
+  return 'SKIPPED';
+}
+
+// ── Main entry point ─────────────────────────────────────────
+
+// validateBundleShape returns a human-readable reason if the parsed value is
+// not a recognizable AGA evidence bundle, or null if the required fields are
+// present. This lets the verifier fail cleanly on a wrong-format file instead
+// of throwing on a missing field.
+function validateBundleShape(b: any): string | null {
+  if (b === null || typeof b !== 'object' || Array.isArray(b)) return 'not a JSON object';
+  if (typeof b.artifact !== 'object' || b.artifact === null) return 'missing "artifact" object';
+  if (typeof b.artifact.signature !== 'string') return 'missing "artifact.signature"';
+  if (typeof b.artifact.issuer_identifier !== 'string') return 'missing "artifact.issuer_identifier"';
+  if (!Array.isArray(b.receipts)) return 'missing "receipts" array';
+  if (typeof b.public_key !== 'string') return 'missing "public_key"';
+  if (!Array.isArray(b.merkle_proofs)) return 'missing "merkle_proofs" array';
+  if (typeof b.checkpoint_reference !== 'object' || b.checkpoint_reference === null ||
+      typeof b.checkpoint_reference.merkle_root !== 'string') {
+    return 'missing "checkpoint_reference.merkle_root"';
+  }
+  return null;
+}
+
+export function verifyEvidenceBundle(bundleJson: string): VerificationResult {
+  const errors: string[] = [];
+  let bundle: EvidenceBundle;
+
+  try {
+    bundle = JSON.parse(bundleJson);
+  } catch {
+    return {
+      step1_artifact_sig: false, step2_receipt_sigs: false,
+      step3_merkle_proofs: false, step4_anchor: 'SKIPPED',
+      overall: false, errors: ['Failed to parse bundle JSON'],
+      details: { receipt_results: [], proof_results: [] },
+    };
+  }
+
+  const shapeError = validateBundleShape(bundle);
+  if (shapeError) {
+    return {
+      step1_artifact_sig: false, step2_receipt_sigs: false,
+      step3_merkle_proofs: false, step4_anchor: 'SKIPPED',
+      overall: false, errors: [`unrecognized evidence-bundle format: ${shapeError}`],
+      details: { receipt_results: [], proof_results: [] },
+    };
+  }
+
+  // Step 1: Artifact signature
+  const step1 = verifyArtifactSignature(bundle.artifact);
+  if (!step1) errors.push('Artifact signature verification failed');
+
+  // Step 2: Receipt signatures
+  const receiptResults = verifyReceiptSignatures(bundle.receipts, bundle.public_key);
+  const step2 = receiptResults.every(r => r);
+  receiptResults.forEach((r, i) => {
+    if (!r) errors.push(`Receipt ${bundle.receipts[i].receipt_id} signature failed`);
+  });
+
+  // Step 3: Merkle inclusion proofs
+  const proofResults = verifyMerkleProofs(bundle.merkle_proofs, bundle.checkpoint_reference.merkle_root);
+  const step3 = proofResults.length === 0 ? true : proofResults.every(r => r);
+  proofResults.forEach((r, i) => {
+    if (!r) errors.push(`Merkle proof ${i} failed`);
+  });
+
+  // Step 4: Checkpoint anchor
+  const step4 = verifyCheckpointAnchor(bundle.checkpoint_reference as Record<string, unknown>);
+
+  return {
+    step1_artifact_sig: step1,
+    step2_receipt_sigs: step2,
+    step3_merkle_proofs: step3,
+    step4_anchor: step4,
+    overall: step1 && step2 && step3,
+    errors,
+    details: { receipt_results: receiptResults, proof_results: proofResults },
+  };
+}
+
+// ── CLI mode ─────────────────────────────────────────────────
+
+if (typeof process !== 'undefined' && process.argv[1]?.includes('verify')) {
+  const { readFileSync } = await import('node:fs');
+  const bundlePath = process.argv[2];
+  if (!bundlePath) {
+    console.error('Usage: npx tsx verify.ts <bundle.json>');
+    process.exit(1);
+  }
+  const bundleJson = readFileSync(bundlePath, 'utf-8');
+  const result = verifyEvidenceBundle(bundleJson);
+
+  console.log('\nAGA Independent Verifier\n');
+  console.log(`Step 1 - Artifact signature:     ${result.step1_artifact_sig ? 'PASS' : 'FAIL'}`);
+  console.log(`Step 2 - Receipt signatures:     ${result.step2_receipt_sigs ? 'PASS' : 'FAIL'} (${result.details.receipt_results.filter(r => r).length}/${result.details.receipt_results.length})`);
+  console.log(`Step 3 - Merkle inclusion proofs: ${result.step3_merkle_proofs ? 'PASS' : 'FAIL'} (${result.details.proof_results.filter(r => r).length}/${result.details.proof_results.length})`);
+  console.log(`Step 4 - Checkpoint anchor:      ${result.step4_anchor}`);
+  console.log(`\nOVERALL: ${result.overall ? 'VERIFIED' : 'FAILED'}`);
+  if (result.errors.length) {
+    console.log('\nErrors:');
+    result.errors.forEach(e => console.log(`  - ${e}`));
+  }
+
+  process.exit(result.overall ? 0 : 1);
+}