@attested-intelligence/aga-verify 1.0.0 → 2.0.0

package/README.md

@@ -1,56 +1,72 @@
 # AGA Independent Verifier (`@attested-intelligence/aga-verify`)
 
-Standalone verification of AGA **Evidence Bundles** using only standard
-cryptographic primitives. **This verifier imports zero modules from the
-AGA codebase** — it depends only on `@noble/ed25519` and `@noble/hashes`.
+Standalone verification of canonical **AGA SEP Evidence Bundles**. **Zero AGA imports
+and zero third-party dependencies** — it uses only Node's built-in `crypto` (Ed25519 +
+SHA-256). The trust chain dead-ends at the Node runtime and the gateway public key you
+pin; nothing else.
 
 ## Why this exists
 
-AGA claims that Evidence Bundles provide tamper-evident, offline-verifiable
-proof of governance enforcement. This tool proves that claim is checkable by
-**anyone**, with no trust in AGA's own code: it re-implements the complete
-verification from scratch and runs against a bundle you provide.
+AGA claims its Evidence Bundles are tamper-evident and offline-verifiable. This tool
+proves that claim is checkable by **anyone**, with no trust in AGA's own code or in any
+npm dependency: it re-implements the complete verification from scratch and runs against
+a bundle you provide.
 
 ## Quickstart
 
 ```bash
-# verify any AGA evidence bundle
+# integrity only (proves the bundle is internally authentic + complete-as-presented):
 npx @attested-intelligence/aga-verify <bundle.json>
 
-# or smoke-test against the bundled canonical example
-npx @attested-intelligence/aga-verify example-bundle.json
+# integrity + PROVENANCE (proves it came from a specific gateway you trust out of band):
+npx @attested-intelligence/aga-verify <bundle.json> --pubkey <64-hex-gateway-key>
+
+# smoke-test against the bundled canonical example (a real signed bundle):
+npx @attested-intelligence/aga-verify example-bundle.json \
+  --pubkey ea4a6c63e29c520abef5507b132ec5f9954776aebebe7b92421eea691446d22c
 ```
 
 Exit code is `0` on `VERIFIED`, `1` on `FAILED` — usable directly in CI.
 
-`example-bundle.json` is a real, signed evidence bundle produced by the
-reference implementation (the AI-agent governance scenario); it is shipped so
-a third party can confirm the verifier end-to-end in one command.
-
 ## What it verifies
 
-1. **Artifact signature** — Ed25519 over RFC 8785 canonical JSON.
-2. **Receipt signatures** — Ed25519 for each enforcement receipt.
-3. **Merkle inclusion proofs** — structural-metadata leaf hashes vs. the checkpoint root.
-4. **Checkpoint anchor** — optional; requires network access (skipped offline).
+Implements the canonical construction in
+[`aga-receipt-spec/CANONICAL_CONSTRUCTION_v2.md`](https://attestedintelligence.com/technology) §6:
+
+1. **Structural floor** — algorithm, well-formed (non-small-order) key, receipt/proof counts.
+2. **Receipt signatures** — Ed25519 over the canonical receipt bytes, for every receipt.
+3. **Chain + ordering** — each receipt links to the previous leaf; monotonic ids/timestamps.
+4. **Merkle + bijection** — every leaf is **recomputed from receipt content**, walked to one root, and the proof set is the complete contiguous `0..N-1`.
+5. **Signed checkpoint (mandatory)** — a gateway-signed checkpoint binds the root, the receipt count, and the chain head, so adding/dropping/reordering receipts fails.
+6. **Provenance (only with `--pubkey`)** — the bundle key equals the key you pinned.
+
+All steps are fully offline. No network calls, ever.
+
+## What a PASS proves — and what it does not
+
+A PASS proves every **present** receipt is authentic, correctly chained, Merkle-included
+under a signed checkpoint, and (with `--pubkey`) issued by the pinned gateway — nothing
+present was added, reordered, or truncated.
 
-Steps 1–3 are fully offline. Step 4 is optional.
+A PASS does **not** prove **non-omission**: it cannot establish that the signer recorded
+*every* action it took. Completeness is bounded by the tamper-evidence of the interception
+point, which is outside the bundle. Without `--pubkey`, a PASS proves integrity and
+self-consistency under the bundle's own key, **not** provenance.
 
 ## Independence guarantee
 
-The published package's only runtime dependencies are `@noble/ed25519` and
-`@noble/hashes`. It contains no AGA code and makes no network calls for steps
-1–3. You can confirm this from the dependency tree (`npm ls`) and by reading
-the single source file, `verify.ts`.
+`npm ls` shows **zero runtime dependencies**. The verifier is one source file
+(`verify.ts`, bundled to `dist/aga-verify.mjs`) using only `node:crypto`. No AGA code, no
+third-party packages, no network for verification.
 
 ## From source
 
 ```bash
-npm install
-npm test          # vitest, including the zero-AGA-imports assertion
-npm run build     # bundles verify.ts -> dist/aga-verify.mjs (esbuild)
-node dist/aga-verify.mjs example-bundle.json
+npm install        # devDeps only (esbuild, vitest, tsx) — zero runtime deps
+npm test           # vitest: genuine VERIFIES + every tamper/truncation/wrong-key FAILS
+npm run build      # bundles verify.ts -> dist/aga-verify.mjs (esbuild)
+node dist/aga-verify.mjs example-bundle.json --pubkey <key>
 ```
 
 ---
-Attested Intelligence Holdings LLC. Implements the AGA four-step offline verification process.
+Attested Intelligence Holdings LLC · MIT. Implements the canonical AGA SEP Evidence Bundle verification (`aga-receipt-spec` v2).

package/dist/aga-verify.mjs

@@ -1,163 +1,251 @@
 #!/usr/bin/env node
 
 // verify.ts
-import * as ed from "@noble/ed25519";
-import { sha512 } from "@noble/hashes/sha512";
-import { sha256 } from "@noble/hashes/sha256";
-import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
-ed.etc.sha512Sync = (...m) => {
-  const total = m.reduce((n, a) => n + a.length, 0);
-  const buf = new Uint8Array(total);
-  let off = 0;
-  for (const a of m) {
-    buf.set(a, off);
-    off += a.length;
-  }
-  return sha512(buf);
-};
-var enc = new TextEncoder();
-function deepSortKeys(obj) {
-  if (obj === null || obj === void 0 || typeof obj !== "object") return obj;
-  if (Array.isArray(obj)) return obj.map(deepSortKeys);
-  if (obj instanceof Uint8Array) return obj;
-  const sorted = {};
-  for (const key of Object.keys(obj).sort()) {
-    sorted[key] = deepSortKeys(obj[key]);
-  }
-  return sorted;
+import { createHash, createPublicKey, verify as edVerify } from "node:crypto";
+var ALGORITHM = "Ed25519-SHA256-JCS";
+var SPKI_PREFIX = Buffer.from("302a300506032b6570032100", "hex");
+var MAX_CANON_DEPTH = 100;
+var SEP_RECEIPT_FIELDS = [
+  "receipt_id",
+  "receipt_version",
+  "algorithm",
+  "timestamp",
+  "request_id",
+  "method",
+  "tool_name",
+  "decision",
+  "reason",
+  "policy_reference",
+  "arguments_hash",
+  "previous_receipt_hash",
+  "gateway_id",
+  "public_key",
+  "signature"
+];
+var SEP_CHECKPOINT_FIELDS = [
+  "algorithm",
+  "gateway_id",
+  "generated_at",
+  "head_leaf_hash",
+  "leaf_count",
+  "merkle_root",
+  "signature"
+];
+var LONE_SURROGATE = /[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?<![\uD800-\uDBFF])[\uDC00-\uDFFF]/;
+function canon(o) {
+  const rec = (v, depth) => {
+    if (depth > MAX_CANON_DEPTH) throw new Error(`canon: input nesting exceeds ${MAX_CANON_DEPTH} levels`);
+    if (typeof v === "string" && LONE_SURROGATE.test(v)) throw new Error("canonicalize: lone surrogate");
+    if (v === null || typeof v !== "object") return JSON.stringify(v);
+    if (Array.isArray(v)) return "[" + v.map((x) => rec(x, depth + 1)).join(",") + "]";
+    const m = v;
+    return "{" + Object.keys(m).sort().map((k) => JSON.stringify(k) + ":" + rec(m[k], depth + 1)).join(",") + "}";
+  };
+  return rec(o, 0);
 }
-function canonicalize(obj) {
-  return JSON.stringify(deepSortKeys(obj));
+function hasExactKeys(o, fields) {
+  if (!o || typeof o !== "object" || Array.isArray(o)) return false;
+  const keys = Object.keys(o);
+  return keys.length === fields.length && fields.every((f) => Object.prototype.hasOwnProperty.call(o, f));
 }
-function sha256Hex(data) {
-  return bytesToHex(sha256(enc.encode(data)));
+var sha = (b) => createHash("sha256").update(b).digest("hex");
+var u8 = (s) => Buffer.from(s, "utf8");
+var leafHash = (r) => sha(u8(canon(r)));
+var nodeHash = (l, r) => sha(Buffer.concat([Buffer.from(l, "hex"), Buffer.from(r, "hex")]));
+var stripField = (o, f) => Object.fromEntries(Object.entries(o).filter(([k]) => k !== f));
+var isHex = (h, n) => typeof h === "string" && new RegExp(`^[0-9a-f]{${n}}$`).test(h);
+var SMALL_ORDER_KEYS = /* @__PURE__ */ new Set([
+  "00".repeat(32),
+  "00".repeat(31) + "80",
+  "01" + "00".repeat(31),
+  "01" + "00".repeat(30) + "80",
+  "ec" + "ff".repeat(30) + "7f",
+  "ec" + "ff".repeat(31),
+  "26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05",
+  "c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a",
+  "26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc85",
+  "c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa"
+]);
+var ED25519_P = (1n << 255n) - 19n;
+function isCanonicalY(hex) {
+  const b = Buffer.from(hex, "hex");
+  let y = 0n;
+  for (let i = 0; i < 32; i++) y |= BigInt(i === 31 ? b[i] & 127 : b[i]) << BigInt(8 * i);
+  return y < ED25519_P;
 }
-function verifyEd25519(sigBase64, message, publicKeyHex) {
+var TS_CANONICAL = /^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}Z$/;
+var isLeap = (y) => y % 4 === 0 && (y % 100 !== 0 || y % 400 === 0);
+var daysInMonth = (y, m) => [31, isLeap(y) ? 29 : 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31][m - 1];
+function isCanonicalTimestamp(ts) {
+  if (typeof ts !== "string" || !TS_CANONICAL.test(ts)) return false;
+  const year = parseInt(ts.slice(0, 4), 10);
+  const month = parseInt(ts.slice(5, 7), 10);
+  const day = parseInt(ts.slice(8, 10), 10);
+  const hour = parseInt(ts.slice(11, 13), 10);
+  const minute = parseInt(ts.slice(14, 16), 10);
+  const second = parseInt(ts.slice(17, 19), 10);
+  if (month < 1 || month > 12) return false;
+  if (day < 1 || day > daysInMonth(year, month)) return false;
+  if (hour > 23) return false;
+  if (minute > 59) return false;
+  if (second > 59) return false;
+  return true;
+}
+function wellFormedKey(hex) {
+  if (!isHex(hex, 64)) return false;
+  if (SMALL_ORDER_KEYS.has(hex) || !isCanonicalY(hex)) return false;
   try {
-    const sig = new Uint8Array(Buffer.from(sigBase64, "base64"));
-    const pk = hexToBytes(publicKeyHex);
-    return ed.verify(sig, enc.encode(message), pk);
+    createPublicKey({ key: Buffer.concat([SPKI_PREFIX, Buffer.from(hex, "hex")]), format: "der", type: "spki" });
+    return true;
   } catch {
     return false;
   }
 }
-function merkleParentHash(left, right) {
-  return sha256Hex(left + right);
-}
-function verifyArtifactSignature(artifact) {
-  const { signature, ...unsigned } = artifact;
-  const canonical = canonicalize(unsigned);
-  return verifyEd25519(signature, canonical, artifact.issuer_identifier);
-}
-function verifyReceiptSignatures(receipts, portalPublicKey) {
-  return receipts.map((receipt) => {
-    const { portal_signature, ...unsigned } = receipt;
-    const canonical = canonicalize(unsigned);
-    return verifyEd25519(portal_signature, canonical, portalPublicKey);
-  });
-}
-function verifyMerkleProofs(proofs, checkpointRoot) {
-  return proofs.map((proof) => {
-    let hash = proof.leafHash;
-    for (const sibling of proof.siblings) {
-      hash = sibling.position === "left" ? merkleParentHash(sibling.hash, hash) : merkleParentHash(hash, sibling.hash);
-    }
-    return hash === checkpointRoot;
-  });
-}
-function verifyCheckpointAnchor(_checkpoint) {
-  return "SKIPPED";
+function sigOk(pubHex, msg, sigHex) {
+  if (!wellFormedKey(pubHex) || !isHex(sigHex, 128) || /^0+$/.test(sigHex)) return false;
+  try {
+    const pk = createPublicKey({ key: Buffer.concat([SPKI_PREFIX, Buffer.from(pubHex, "hex")]), format: "der", type: "spki" });
+    return edVerify(null, u8(msg), pk, Buffer.from(sigHex, "hex"));
+  } catch {
+    return false;
+  }
 }
-function validateBundleShape(b) {
+function validateShape(b) {
   if (b === null || typeof b !== "object" || Array.isArray(b)) return "not a JSON object";
-  if (typeof b.artifact !== "object" || b.artifact === null) return 'missing "artifact" object';
-  if (typeof b.artifact.signature !== "string") return 'missing "artifact.signature"';
-  if (typeof b.artifact.issuer_identifier !== "string") return 'missing "artifact.issuer_identifier"';
-  if (!Array.isArray(b.receipts)) return 'missing "receipts" array';
+  if (b.algorithm !== ALGORITHM) return `algorithm must be "${ALGORITHM}"`;
   if (typeof b.public_key !== "string") return 'missing "public_key"';
+  if (!Array.isArray(b.receipts)) return 'missing "receipts" array';
   if (!Array.isArray(b.merkle_proofs)) return 'missing "merkle_proofs" array';
-  if (typeof b.checkpoint_reference !== "object" || b.checkpoint_reference === null || typeof b.checkpoint_reference.merkle_root !== "string") {
-    return 'missing "checkpoint_reference.merkle_root"';
-  }
+  if (typeof b.checkpoint !== "object" || b.checkpoint === null || typeof b.checkpoint.signature !== "string")
+    return 'missing signed "checkpoint"';
   return null;
 }
-function verifyEvidenceBundle(bundleJson) {
-  const errors = [];
-  let bundle;
+function verifySepBundle(bundle, expectedPublicKey) {
+  const pinned = isHex(expectedPublicKey, 64);
   try {
-    bundle = JSON.parse(bundleJson);
-  } catch {
-    return {
-      step1_artifact_sig: false,
-      step2_receipt_sigs: false,
-      step3_merkle_proofs: false,
-      step4_anchor: "SKIPPED",
-      overall: false,
-      errors: ["Failed to parse bundle JSON"],
-      details: { receipt_results: [], proof_results: [] }
+    const steps = [];
+    const errors = [];
+    const add = (name, ok, err) => {
+      steps.push({ name, ok });
+      if (!ok && err) errors.push(err);
+      return ok;
     };
-  }
-  const shapeError = validateBundleShape(bundle);
-  if (shapeError) {
+    const receipts = Array.isArray(bundle?.receipts) ? bundle.receipts : [];
+    const proofs = Array.isArray(bundle?.merkle_proofs) ? bundle.merkle_proofs : [];
+    const pub = bundle?.public_key;
+    add(
+      "structural",
+      bundle?.algorithm === ALGORITHM && wellFormedKey(pub) && receipts.length > 0 && proofs.length === receipts.length && receipts.every((r) => hasExactKeys(r, SEP_RECEIPT_FIELDS)),
+      "structural floor failed (algorithm/key/receipt-count/receipt-schema)"
+    );
+    add(
+      "receipt_signatures",
+      receipts.length > 0 && receipts.every((r) => sigOk(pub, canon(stripField(r, "signature")), r.signature)),
+      "one or more receipt signatures invalid"
+    );
+    const leaves = receipts.map(leafHash);
+    let chain = receipts.length > 0;
+    let prevTs = "";
+    for (let i = 0; i < receipts.length; i++) {
+      if ((receipts[i].previous_receipt_hash || "") !== (i === 0 ? "" : leaves[i - 1])) chain = false;
+      const ts = receipts[i].timestamp;
+      if (!isCanonicalTimestamp(ts)) chain = false;
+      else {
+        if (i > 0 && ts < prevTs) chain = false;
+        prevTs = ts;
+      }
+    }
+    add("chain_and_ordering", chain, "chain linkage, non-canonical timestamp, or ordering broken");
+    let root = null, merkle = proofs.length === receipts.length && proofs.length > 0;
+    const seen = /* @__PURE__ */ new Set();
+    for (const p of proofs) {
+      seen.add(p.leaf_index);
+      if (receipts[p.leaf_index] === void 0 || leaves[p.leaf_index] !== p.leaf_hash) merkle = false;
+      let cur = p.leaf_hash;
+      const sib = Array.isArray(p.siblings) ? p.siblings : [];
+      const dir = Array.isArray(p.directions) ? p.directions : [];
+      if (dir.length !== sib.length || !dir.every((d) => d === "left" || d === "right")) merkle = false;
+      for (let j = 0; j < sib.length; j++) cur = dir[j] === "left" ? nodeHash(sib[j], cur) : nodeHash(cur, sib[j]);
+      if (p.merkle_root !== cur) merkle = false;
+      if (root === null) root = cur;
+      else if (root !== cur) merkle = false;
+    }
+    const bijection = seen.size === receipts.length && [...seen].every((n) => Number.isInteger(n) && n >= 0 && n < receipts.length);
+    add("merkle_and_bijection", merkle && bijection, "Merkle proof, per-proof root, leaf recompute, or index bijection failed");
+    const cp = bundle.checkpoint;
+    let cpOk = false;
+    if (hasExactKeys(cp, SEP_CHECKPOINT_FIELDS)) {
+      cpOk = cp.algorithm === ALGORITHM && sigOk(pub, canon(stripField(cp, "signature")), cp.signature) && root !== null && cp.merkle_root === root && cp.leaf_count === receipts.length && cp.head_leaf_hash === (leaves.length ? leaves[leaves.length - 1] : "");
+    }
+    add("signed_checkpoint", cpOk, "signed checkpoint missing, mis-schema, wrong algorithm, or does not anchor the bundle");
+    const cpGatewayId = cp && typeof cp === "object" ? cp.gateway_id : void 0;
+    const cpGeneratedAt = cp && typeof cp === "object" ? cp.generated_at : void 0;
+    add(
+      "envelope_consistency",
+      receipts.length > 0 && receipts.every((r) => r.public_key === pub) && receipts.every((r) => r.gateway_id === bundle?.gateway_id) && cpGatewayId === bundle?.gateway_id && cpGeneratedAt === bundle?.generated_at && root !== null && bundle?.merkle_root === root,
+      // envelope merkle_root <-> recomputed
+      "envelope gateway_id/generated_at/merkle_root or a receipt public_key/gateway_id disagrees with the signed/recomputed values"
+    );
+    const issuerVerified = pinned && pub === expectedPublicKey;
+    if (pinned) add("gateway_key_match", issuerVerified, "bundle key does not match the pinned gateway key");
+    return { verdict: steps.every((s) => s.ok) ? "VERIFIED" : "FAILED", issuerVerified, pinned, steps, errors };
+  } catch (e) {
     return {
-      step1_artifact_sig: false,
-      step2_receipt_sigs: false,
-      step3_merkle_proofs: false,
-      step4_anchor: "SKIPPED",
-      overall: false,
-      errors: [`unrecognized evidence-bundle format: ${shapeError}`],
-      details: { receipt_results: [], proof_results: [] }
+      verdict: "FAILED",
+      issuerVerified: false,
+      pinned,
+      steps: [{ name: "verifier_exception", ok: false }],
+      errors: [`verifier rejected a malformed bundle: ${String(e)}`]
     };
   }
-  const step1 = verifyArtifactSignature(bundle.artifact);
-  if (!step1) errors.push("Artifact signature verification failed");
-  const receiptResults = verifyReceiptSignatures(bundle.receipts, bundle.public_key);
-  const step2 = receiptResults.every((r) => r);
-  receiptResults.forEach((r, i) => {
-    if (!r) errors.push(`Receipt ${bundle.receipts[i].receipt_id} signature failed`);
-  });
-  const proofResults = verifyMerkleProofs(bundle.merkle_proofs, bundle.checkpoint_reference.merkle_root);
-  const step3 = proofResults.length === 0 ? true : proofResults.every((r) => r);
-  proofResults.forEach((r, i) => {
-    if (!r) errors.push(`Merkle proof ${i} failed`);
-  });
-  const step4 = verifyCheckpointAnchor(bundle.checkpoint_reference);
-  return {
-    step1_artifact_sig: step1,
-    step2_receipt_sigs: step2,
-    step3_merkle_proofs: step3,
-    step4_anchor: step4,
-    overall: step1 && step2 && step3,
-    errors,
-    details: { receipt_results: receiptResults, proof_results: proofResults }
-  };
+}
+function verifyEvidenceBundle(bundleJson, expectedPublicKey) {
+  let parsed;
+  try {
+    parsed = JSON.parse(bundleJson);
+  } catch {
+    return { verdict: "FAILED", issuerVerified: false, pinned: false, steps: [], errors: ["failed to parse bundle JSON"] };
+  }
+  const shapeErr = validateShape(parsed);
+  if (shapeErr) return { verdict: "FAILED", issuerVerified: false, pinned: false, steps: [], errors: [`unrecognized evidence-bundle format: ${shapeErr}`] };
+  return verifySepBundle(parsed, expectedPublicKey);
 }
 if (typeof process !== "undefined" && process.argv[1]?.includes("verify")) {
   const { readFileSync } = await import("node:fs");
-  const bundlePath = process.argv[2];
-  if (!bundlePath) {
-    console.error("Usage: npx tsx verify.ts <bundle.json>");
+  const args = process.argv.slice(2);
+  const file = args.find((a) => !a.startsWith("--"));
+  const pk = args.includes("--pubkey") ? args[args.indexOf("--pubkey") + 1] : void 0;
+  if (!file) {
+    console.error("Usage: aga-verify <bundle.json> [--pubkey <64-hex-gateway-key>]");
+    process.exit(2);
+  }
+  let raw;
+  try {
+    raw = readFileSync(file, "utf-8");
+  } catch (e) {
+    console.log("\nAGA Independent Verifier\n");
+    console.log("OVERALL: FAILED (could not read bundle file)");
+    console.log(`
+Errors:
+  - ${String(e)}`);
     process.exit(1);
   }
-  const bundleJson = readFileSync(bundlePath, "utf-8");
-  const result = verifyEvidenceBundle(bundleJson);
+  const result = verifyEvidenceBundle(raw, pk);
   console.log("\nAGA Independent Verifier\n");
-  console.log(`Step 1 - Artifact signature:     ${result.step1_artifact_sig ? "PASS" : "FAIL"}`);
-  console.log(`Step 2 - Receipt signatures:     ${result.step2_receipt_sigs ? "PASS" : "FAIL"} (${result.details.receipt_results.filter((r) => r).length}/${result.details.receipt_results.length})`);
-  console.log(`Step 3 - Merkle inclusion proofs: ${result.step3_merkle_proofs ? "PASS" : "FAIL"} (${result.details.proof_results.filter((r) => r).length}/${result.details.proof_results.length})`);
-  console.log(`Step 4 - Checkpoint anchor:      ${result.step4_anchor}`);
+  for (const s of result.steps) console.log(`  ${s.ok ? "PASS" : "FAIL"}  ${s.name}`);
+  const prov = result.verdict === "VERIFIED" ? result.pinned ? " (provenance verified)" : " (integrity only \u2014 no --pubkey given)" : "";
   console.log(`
-OVERALL: ${result.overall ? "VERIFIED" : "FAILED"}`);
+OVERALL: ${result.verdict}${prov}`);
+  if (!result.pinned && result.verdict === "VERIFIED") {
+    console.log("NOTE: integrity + self-consistency proven, but NOT provenance. Re-run with --pubkey <gateway-key> to prove WHO issued it.");
+  }
   if (result.errors.length) {
     console.log("\nErrors:");
     result.errors.forEach((e) => console.log(`  - ${e}`));
   }
-  process.exit(result.overall ? 0 : 1);
+  process.exit(result.verdict === "VERIFIED" ? 0 : 1);
 }
 export {
-  verifyArtifactSignature,
-  verifyCheckpointAnchor,
   verifyEvidenceBundle,
-  verifyMerkleProofs,
-  verifyReceiptSignatures
+  verifySepBundle
 };