@coproduct_inc/verify 0.1.0

package/dist/cli.js

@@ -0,0 +1,108 @@
+#!/usr/bin/env node
+/**
+ * `nucleus-verify` — offline verifier for capability-boundary in-bounds
+ * attestation receipts. Exit code is the gate:
+ *   0  → receipt verified AND the agent stayed in bounds
+ *   1  → receipt failed verification, or the agent went out of bounds
+ *   2  → usage / I/O error
+ *
+ * Usage:
+ *   nucleus-verify <receipt.json> [--expect-principal <spiffe-id>]
+ *                                 [--expect-key <base64url>] [--json] [--quiet]
+ *   nucleus-verify --help
+ *
+ * Reads from stdin if `<receipt.json>` is "-" or omitted with piped input.
+ * Designed as a drop-in CI / GitHub Action step.
+ */
+import { readFileSync } from "node:fs";
+import { verifyReceiptJson } from "./attestation.js";
+const HELP = `nucleus-verify — offline capability-boundary in-bounds attestation verifier
+
+USAGE:
+  nucleus-verify <receipt.json> [options]
+  cat receipt.json | nucleus-verify [options]
+
+OPTIONS:
+  --expect-principal <id>   require the boundary principal to equal <id> (SPIFFE ID)
+  --expect-key <b64url>     require the signer public key to equal <b64url>
+  --json                    print the full VerifyReport as JSON
+  --quiet                   suppress the human-readable line (exit code only)
+  -h, --help                show this help
+
+EXIT CODES:
+  0  verified and in bounds      1  verification failed / out of bounds      2  usage / I/O error`;
+function parseArgs(argv) {
+    const args = { json: false, quiet: false, opts: {}, help: false };
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        switch (a) {
+            case "-h":
+            case "--help":
+                args.help = true;
+                break;
+            case "--json":
+                args.json = true;
+                break;
+            case "--quiet":
+                args.quiet = true;
+                break;
+            case "--expect-principal":
+                args.opts.expectPrincipal = argv[++i];
+                break;
+            case "--expect-key":
+                args.opts.expectPublicKey = argv[++i];
+                break;
+            default:
+                if (a.startsWith("--")) {
+                    throw new Error(`unknown option ${a}`);
+                }
+                args.path = a;
+        }
+    }
+    return args;
+}
+function readInput(path) {
+    if (!path || path === "-") {
+        return readFileSync(0, "utf8"); // fd 0 = stdin
+    }
+    return readFileSync(path, "utf8");
+}
+function summarize(report) {
+    if (report.ok) {
+        const n = report.recomputed.events.length;
+        return `✓ in bounds — verified ${n} event${n === 1 ? "" : "s"}; signature, hash-chain, and recomputed verdict all agree`;
+    }
+    return `✗ refused to attest — ${report.reason ?? "verification failed"}`;
+}
+function main() {
+    let args;
+    try {
+        args = parseArgs(process.argv.slice(2));
+    }
+    catch (e) {
+        process.stderr.write(`error: ${e.message}\n\n${HELP}\n`);
+        return 2;
+    }
+    if (args.help) {
+        process.stdout.write(HELP + "\n");
+        return 0;
+    }
+    let receiptJson;
+    try {
+        receiptJson = readInput(args.path);
+    }
+    catch (e) {
+        process.stderr.write(`error: cannot read receipt: ${e.message}\n`);
+        return 2;
+    }
+    const report = verifyReceiptJson(receiptJson, args.opts);
+    if (args.json) {
+        process.stdout.write(JSON.stringify(report, null, 2) + "\n");
+    }
+    else if (!args.quiet) {
+        const line = summarize(report);
+        (report.ok ? process.stdout : process.stderr).write(line + "\n");
+    }
+    return report.ok ? 0 : 1;
+}
+process.exit(main());

package/dist/index.d.ts

@@ -0,0 +1,96 @@
+/**
+ * `@coproduct_inc/verify` — offline, zero-trust verification for Nucleus.
+ *
+ * Two receipt families share one package. The headline is the
+ * **capability-boundary in-bounds attestation** — see `./attestation`
+ * (re-exported below): given an agent run's tool-call trace + a declared
+ * capability boundary, emit and offline-verify an Ed25519-signed receipt
+ * that the agent stayed within bounds, keyed on a cryptographic principal
+ * rather than a mutable display name. The auction-receipt surface documented
+ * here is the original use case and remains available.
+ *
+ * ---
+ *
+ * Auction receipts: the agent NEVER trusts the hub's clearing price.
+ *
+ * The agent NEVER trusts the hub's clearing price. This package's WASM
+ * core (the SAME `nucleus-wasm` binary the browser demo runs) re-runs the
+ * auction clearing locally from the SIGNED bid set and asserts the
+ * recomputed price equals the price the receipt claims — on top of the
+ * Ed25519 signature + BLAKE3 root-hash check.
+ *
+ * ```ts
+ * import { verify } from "@coproduct_inc/verify";
+ * const r = await verify(receiptJson, jwksJson);
+ * if (!r.ok) throw new Error(r.reason ?? "receipt failed verification");
+ * // r.ok === signature_ok && root_hash_ok && price_recomputed_ok
+ * ```
+ *
+ * The Node target loads the wasm synchronously on first import; the
+ * `verify` API is async-shaped so a future web/bundler entry can stream
+ * the wasm without changing call sites.
+ */
+/** Which clearing rule the receipt commits to. */
+export type RecomputePath = "vickrey" | "pigou-vcg";
+/**
+ * Full verification result. `ok` is the single boolean to gate on; the
+ * component flags + recovered fields are for diagnostics / UI. All prices
+ * are integer micro-USD that fit a JS `number` (the kernel's internal
+ * u128 math never crosses this boundary).
+ */
+export interface FullVerifyReport {
+    /** `signatureOk && rootHashOk && priceRecomputedOk`. */
+    ok: boolean;
+    /** Ed25519 signature verified under the JWKS key matched by `kid`. */
+    signature_ok: boolean;
+    /** BLAKE3 of the canonical envelope equals the receipt's root hash. */
+    root_hash_ok: boolean;
+    /** The locally recomputed clearing price equals the receipt's price. */
+    price_recomputed_ok: boolean;
+    /** Price the recompute produced (micro-USD). */
+    recomputed_price_micro_usd: number;
+    /** Price the receipt claims (micro-USD), or null. */
+    signed_price_micro_usd: number | null;
+    /** Clearing rule the receipt commits to (`"vickrey"` today). */
+    path: RecomputePath;
+    /** Theorem-backed Pigou-VCG cross-check clearing, if externality data
+     *  was present (reported, not gated on). */
+    pigou_vcg_clearing_micro_usd: number | null;
+    /** First failing reason, or null when `ok`. */
+    reason: string | null;
+}
+/** Recompute-only result (no signature check). */
+export interface RecomputeReport {
+    recomputed_price_micro_usd: number;
+    receipt_price_micro_usd: number | null;
+    matches_receipt: boolean;
+    path: RecomputePath;
+    recomputed_winner_spiffe_id: string | null;
+    winner_matches: boolean;
+    pigou_vcg_clearing_micro_usd: number | null;
+    reason: string | null;
+}
+/**
+ * Verify a signed auction receipt fully: signature + root hash + a LOCAL
+ * recomputation of the clearing price from the signed bids.
+ *
+ * @param receiptJson the receipt as a JSON string (the hub's wire form).
+ * @param jwksJson the pinned issuer JWKS document as a JSON string.
+ * @returns the structured report; `ok === true` only when all three
+ *   checks pass. Never throws on a bad receipt — failures surface as
+ *   `ok: false` with a `reason`.
+ */
+export declare function verify(receiptJson: string, jwksJson: string): Promise<FullVerifyReport>;
+/**
+ * Recompute the clearing price from the signed bids WITHOUT checking the
+ * signature. Use when you have already verified the signature separately,
+ * or to inspect the recomputed-vs-claimed delta. Most callers want
+ * {@link verify} instead.
+ */
+export declare function recomputeClearing(receiptJson: string): Promise<RecomputeReport>;
+/**
+ * Signature + root-hash check only (the pre-recompute verifier). Kept for
+ * back-compat / when you only need authenticity, not price-correctness.
+ */
+export declare function verifySignature(receiptJson: string, jwksJson: string): Promise<unknown>;
+export * from "./attestation.js";

package/dist/index.js

@@ -0,0 +1,69 @@
+/**
+ * `@coproduct_inc/verify` — offline, zero-trust verification for Nucleus.
+ *
+ * Two receipt families share one package. The headline is the
+ * **capability-boundary in-bounds attestation** — see `./attestation`
+ * (re-exported below): given an agent run's tool-call trace + a declared
+ * capability boundary, emit and offline-verify an Ed25519-signed receipt
+ * that the agent stayed within bounds, keyed on a cryptographic principal
+ * rather than a mutable display name. The auction-receipt surface documented
+ * here is the original use case and remains available.
+ *
+ * ---
+ *
+ * Auction receipts: the agent NEVER trusts the hub's clearing price.
+ *
+ * The agent NEVER trusts the hub's clearing price. This package's WASM
+ * core (the SAME `nucleus-wasm` binary the browser demo runs) re-runs the
+ * auction clearing locally from the SIGNED bid set and asserts the
+ * recomputed price equals the price the receipt claims — on top of the
+ * Ed25519 signature + BLAKE3 root-hash check.
+ *
+ * ```ts
+ * import { verify } from "@coproduct_inc/verify";
+ * const r = await verify(receiptJson, jwksJson);
+ * if (!r.ok) throw new Error(r.reason ?? "receipt failed verification");
+ * // r.ok === signature_ok && root_hash_ok && price_recomputed_ok
+ * ```
+ *
+ * The Node target loads the wasm synchronously on first import; the
+ * `verify` API is async-shaped so a future web/bundler entry can stream
+ * the wasm without changing call sites.
+ */
+// The wasm-pack `nodejs` target: CommonJS, wasm instantiated eagerly on
+// require. Bundled as a sibling artifact so this package is self-contained.
+import * as wasm from "../wasm/nodejs/nucleus_wasm.js";
+/**
+ * Verify a signed auction receipt fully: signature + root hash + a LOCAL
+ * recomputation of the clearing price from the signed bids.
+ *
+ * @param receiptJson the receipt as a JSON string (the hub's wire form).
+ * @param jwksJson the pinned issuer JWKS document as a JSON string.
+ * @returns the structured report; `ok === true` only when all three
+ *   checks pass. Never throws on a bad receipt — failures surface as
+ *   `ok: false` with a `reason`.
+ */
+export async function verify(receiptJson, jwksJson) {
+    return wasm.verify_auction_receipt_full(receiptJson, jwksJson);
+}
+/**
+ * Recompute the clearing price from the signed bids WITHOUT checking the
+ * signature. Use when you have already verified the signature separately,
+ * or to inspect the recomputed-vs-claimed delta. Most callers want
+ * {@link verify} instead.
+ */
+export async function recomputeClearing(receiptJson) {
+    return wasm.verify_clearing_recompute(receiptJson);
+}
+/**
+ * Signature + root-hash check only (the pre-recompute verifier). Kept for
+ * back-compat / when you only need authenticity, not price-correctness.
+ */
+export async function verifySignature(receiptJson, jwksJson) {
+    return wasm.verify_auction_receipt(receiptJson, jwksJson);
+}
+// ---------------------------------------------------------------------------
+// Capability-boundary in-bounds attestation (the headline evidence layer).
+// Pure Node (`node:crypto`), no WASM — runs in CI, the CLI, and the Action.
+// ---------------------------------------------------------------------------
+export * from "./attestation.js";

package/examples/openclaw-replay.mjs

@@ -0,0 +1,80 @@
+// OpenClaw replay demo — capability-boundary in-bounds attestation.
+//
+// Replays the OpenClaw-class trust-boundary bypass (CVE-2026-25253): an agent
+// run where a malicious tool call presents a `displayName` that MATCHES an
+// allowlisted agent, but whose cryptographic `principal` (SPIFFE ID) differs.
+// A gate that keys on the display name is fooled. Ours keys on the principal,
+// so the receipt REFUSES to attest the bypass — while a clean run attests.
+//
+// Run after building:  pnpm build && node examples/openclaw-replay.mjs
+// (No persisted keys: an ephemeral Ed25519 keypair is generated in-memory.)
+
+import {
+  makeBoundary,
+  generateKeypair,
+  signReceipt,
+  verifyReceipt,
+} from "../dist/index.js";
+
+// The legitimate agent's cryptographic identity and what it may do.
+const PRINCIPAL = "spiffe://acme.example/agent/billing-assistant";
+const boundary = makeBoundary(PRINCIPAL, [
+  "read_invoice",
+  "list_invoices",
+  "summarize",
+]);
+
+// Ephemeral attestor key (in-memory only — no custody, no provisioning).
+const { privateKey } = generateKeypair();
+
+function show(title, report) {
+  const verdict = report.ok ? "ATTESTED ✓" : "REFUSED ✗";
+  console.log(`\n── ${title} ──`);
+  console.log(`  verdict:   ${verdict}`);
+  console.log(`  ok:        ${report.ok}`);
+  console.log(`  signature: ${report.signatureOk}   hash-chain: ${report.rootHashOk}   verdict-consistent: ${report.verdictConsistentOk}`);
+  if (!report.ok) console.log(`  reason:    ${report.reason}`);
+  return report;
+}
+
+// 1) CLEAN RUN — every call is the real principal, every tool allowed.
+const cleanTrace = [
+  { seq: 0, tool: "list_invoices", principal: PRINCIPAL, displayName: "Billing Assistant" },
+  { seq: 1, tool: "read_invoice", principal: PRINCIPAL, displayName: "Billing Assistant" },
+  { seq: 2, tool: "summarize", principal: PRINCIPAL, displayName: "Billing Assistant" },
+];
+const cleanReceipt = signReceipt(boundary, cleanTrace, privateKey);
+const cleanReport = show("CLEAN RUN", verifyReceipt(cleanReceipt));
+
+// 2) OPENCLAW BYPASS — the injected call wears the allowlisted DISPLAY NAME
+//    ("Billing Assistant") but carries an ATTACKER principal. A name-keyed
+//    gate would wave it through; the boundary is bound to the SPIFFE ID, so
+//    the recomputed verdict is out-of-bounds and the receipt refuses.
+const ATTACKER = "spiffe://acme.example/agent/unknown-7f3a";
+const bypassTrace = [
+  { seq: 0, tool: "list_invoices", principal: PRINCIPAL, displayName: "Billing Assistant" },
+  { seq: 1, tool: "read_invoice", principal: ATTACKER, displayName: "Billing Assistant" },
+];
+const bypassReceipt = signReceipt(boundary, bypassTrace, privateKey);
+const bypassReport = show("OPENCLAW BYPASS (display-name match, principal mismatch)", verifyReceipt(bypassReceipt));
+
+// 3) FORGERY — attacker hand-edits the bypass receipt to claim inBounds:true.
+//    The verifier recomputes the verdict independently AND the signature was
+//    taken over the honest body, so both the verdict-consistency check and the
+//    signature check fail.
+const forged = JSON.parse(JSON.stringify(bypassReceipt));
+forged.verdict.inBounds = true;
+forged.verdict.events = forged.verdict.events.map((e) => ({ ...e, inBounds: true, code: "ok", detail: "in bounds" }));
+const forgedReport = show("FORGED inBounds:true (tampered claim)", verifyReceipt(forged));
+
+console.log("\n── summary ──");
+const pass =
+  cleanReport.ok === true &&
+  bypassReport.ok === false &&
+  bypassReport.recomputed.events[1]?.code === "principal_mismatch" &&
+  forgedReport.ok === false;
+console.log(`  clean attests:            ${cleanReport.ok === true}`);
+console.log(`  bypass refused:           ${bypassReport.ok === false} (${bypassReport.recomputed.events[1]?.code})`);
+console.log(`  forged claim rejected:    ${forgedReport.ok === false}`);
+console.log(pass ? "\nDEMO OK ✓" : "\nDEMO FAILED ✗");
+process.exit(pass ? 0 : 1);

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@coproduct_inc/verify",
+  "version": "0.1.0",
+  "description": "Offline, zero-trust verification of agent capability-boundary in-bounds attestation receipts: emit and verify an Ed25519-signed, hash-chained receipt that an agent run stayed within a declared boundary, keyed on a cryptographic principal (not a mutable display name) — the evidence layer above probabilistic guardrails. Also verifies Nucleus auction receipts by re-running the clearing locally. Zero runtime deps for the attestation core (node:crypto).",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "nucleus-verify": "dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./attestation": {
+      "types": "./dist/attestation.d.ts",
+      "import": "./dist/attestation.js"
+    }
+  },
+  "files": [
+    "dist",
+    "wasm/nodejs/package.json",
+    "wasm/nodejs/nucleus_wasm.js",
+    "wasm/nodejs/nucleus_wasm.d.ts",
+    "wasm/nodejs/nucleus_wasm_bg.wasm",
+    "wasm/nodejs/nucleus_wasm_bg.wasm.d.ts",
+    "examples/openclaw-replay.mjs",
+    "README.md"
+  ],
+  "scripts": {
+    "build:wasm": "wasm-pack build ../../crates/nucleus-wasm --target nodejs --out-dir ../../packages/nucleus-verify/wasm/nodejs && rm -f wasm/nodejs/.gitignore wasm/nodejs/package.json",
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "node --test",
+    "demo": "node examples/openclaw-replay.mjs"
+  },
+  "keywords": [
+    "nucleus",
+    "agent-security",
+    "capability-boundary",
+    "in-bounds-attestation",
+    "verification",
+    "ed25519",
+    "spiffe",
+    "openclaw",
+    "auction",
+    "vcg",
+    "agentic-commerce"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/coproduct/nucleus-platform.git",
+    "directory": "packages/nucleus-verify"
+  },
+  "devDependencies": {
+    "@types/node": "^25.9.1",
+    "typescript": "^5.7.2"
+  }
+}

package/wasm/nodejs/nucleus_wasm.d.ts

@@ -0,0 +1,199 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * **Day 3-4 export**: run the selective-recomputation analyzer.
+ *
+ * Takes the JSONL chain + a JSON-serialized [`CorrectionEvent`].
+ * Returns a [`RecomputationPlan`] serialized as a `JsValue`. The
+ * browser orchestrator renders the partition + lets the visitor
+ * expand any decision to see its `PreservationProof` or
+ * `RecomputationProof` inline.
+ */
+export function analyze_correction_event(chain_jsonl: string, correction_json: string): any;
+
+/**
+ * **Day 3-4 export**: build the dependency graph from a JSONL chain.
+ *
+ * Returns a [`DependencyGraph`] serialized as a `JsValue` — the JS
+ * side gets a plain object with `nodes: Vec<StepNode>` it can
+ * visualize without further parsing.
+ */
+export function compute_dependency_graph(chain_jsonl: string): any;
+
+/**
+ * **Day 10 export**: compute the typed savings summary from a
+ * recomputation plan + a per-step cost map.
+ *
+ * `plan_json` is a serialized [`RecomputationPlan`]; `cost_map_json` is
+ * `{ step_id: cost_micro_usd, ... }`. Returns:
+ * ```json
+ * {
+ *   "total_steps": N,
+ *   "preserved_steps": M,
+ *   "recomputed_steps": K,
+ *   "preservation_ratio": 0.0..=1.0,
+ *   "baseline_cost_micro_usd": sum-of-all-step-costs,
+ *   "selective_cost_micro_usd": sum-of-recompute-step-costs,
+ *   "naive_restart_cost_micro_usd": 2 × baseline (the modeled "start over" worst case),
+ *   "savings_vs_naive_ratio": 1 - selective / naive_restart
+ * }
+ * ```
+ *
+ * Costs are integer micro-USD (per workspace f64-discipline rule —
+ * money math stays in integers). The ratio is computed as `f64` only
+ * because it's a display-layer value (the page renders `XX.X%`).
+ *
+ * Steps absent from `cost_map` contribute zero — the JS side should
+ * pre-populate every step_id; the missing-key case is a no-op rather
+ * than a hard error so a malformed cost map doesn't blow up the
+ * browser tab.
+ */
+export function compute_savings_summary(plan_json: string, cost_map_json: string): any;
+
+/**
+ * Install a browser-friendly panic hook. The hook routes any wasm-side
+ * `panic!` into `console.error`, which means failed assertions in the
+ * dependency analysis or signature verification path become visible in
+ * the visitor's DevTools instead of an opaque `RuntimeError: unreachable`.
+ *
+ * Idempotent — calling it more than once is harmless. Browsers should
+ * invoke this once on module load.
+ */
+export function init(): void;
+
+/**
+ * **Day 10 export**: parse a raw Claude Code session JSONL (the format
+ * Claude Code writes under `~/.claude/projects/.../<UUID>.jsonl`) into
+ * a renderable step list.
+ *
+ * This is the drag-and-drop path: the visitor's browser receives a
+ * session log it didn't sign and runs the dependency analyzer against
+ * it locally. The mapper produces unsigned [`nucleus_lineage::LineageEdge`]s;
+ * `signed = false` is set on the returned [`RenderableChain`] so the UI
+ * can label the source ("unsigned — your local session" vs. "signed
+ * corpus from coproduct-opensource/nucleus-recompute-corpus").
+ *
+ * Source-of-truth: the parse + map logic lives in `claude-code-capture`
+ * (the same code the server-side capture binary uses). One canonical
+ * implementation, shared between native + wasm.
+ */
+export function parse_claude_code_session(session_jsonl: string): any;
+
+/**
+ * **Day 10 export**: parse a JSONL chain of signed lineage edges into
+ * a renderable step list (one [`RenderableStep`] per edge in chain
+ * order). The orchestrator on the JS side consumes this directly to
+ * render the dependency graph + per-step drawer.
+ *
+ * Wire format: `chain_jsonl` is one `LineageEdge` per line (the same
+ * format `verify_chain_signatures` expects). Signature verification is
+ * NOT performed here — call `verify_chain_signatures` first if the
+ * chain's provenance matters.
+ */
+export function parse_lineage_chain(chain_jsonl: string): any;
+
+/**
+ * **Offline auction-receipt verifier — the "verify this receipt"
+ * button.** Given a signed `AuctionReceipt` JSON + a pinned JWKS
+ * document, re-build the canonical envelope, re-hash it (BLAKE3), and
+ * Ed25519-verify the signature against the issuer key matched by `kid`
+ * — all in the visitor's tab, with zero hub access.
+ *
+ * Returns a [`ReceiptVerifyReport`] serialized as a `JsValue`:
+ * ```json
+ * {
+ *   "ok": true,
+ *   "reason": null,
+ *   "auction_id": "...", "issuer_kid": "...", "root_hash_hex": "...",
+ *   "issued_at_micros": 1717…, "winner_spiffe_id": "spiffe://…",
+ *   "clearing_price_micro_usd": 250000, "bid_count": 3
+ * }
+ * ```
+ *
+ * Never throws on a bad receipt — `ok = false` with a `reason` string
+ * is the FAIL path (so the page renders PASS/FAIL rather than a thrown
+ * error). A `JsValue` error is only returned if the report itself
+ * can't be serialized, which shouldn't happen.
+ */
+export function verify_auction_receipt(receipt_json: string, jwks_json: string): any;
+
+/**
+ * **Bet C — the full offline verifier.** Combines the signature +
+ * root-hash check ([`verify_auction_receipt`]) with the local
+ * clearing-price recomputation ([`verify_clearing_recompute`]) into a
+ * single call, so an agent NEVER trusts the hub's price: the wasm
+ * recomputes it locally from the signed bids and asserts equality.
+ *
+ * The drop-in story (`@nucleus/verify`):
+ * ```js
+ * import { verify } from '@nucleus/verify';
+ * const r = await verify(receiptJson, jwksJson);
+ * if (!r.ok) throw new Error(r.reason);
+ * // r.ok === signature_ok && root_hash_ok && price_recomputed_ok
+ * ```
+ *
+ * Returns a [`FullVerifyReport`] as a `JsValue`. All prices are `u64`
+ * micro-USD (fit JS `Number` / Python `int`); the kernel's internal
+ * `u128` math never crosses this boundary.
+ */
+export function verify_auction_receipt_full(receipt_json: string, jwks_json: string): any;
+
+/**
+ * Day-1 entry point. Parses a JSONL chain + a JWKS document and runs
+ * per-edge Ed25519 signature verification.
+ *
+ * Wire format:
+ * - `chain_jsonl`: one signed [`nucleus_lineage::LineageEdge`] per line.
+ * - `jwks_json`: a JSON document with a top-level `{ "keys": [...] }` array,
+ *   each entry an Ed25519 JWK.
+ *
+ * Returns a [`VerifyReport`] serialized as a `JsValue` (so the JS side
+ * gets a plain object, not a string it has to re-parse). Errors are
+ * surfaced as `JsValue` strings — wrap with `wasm_bindgen::throw_str`
+ * downstream if richer error types are needed.
+ */
+export function verify_chain_signatures(chain_jsonl: string, jwks_json: string): any;
+
+/**
+ * **Bet C moat-closer — recompute-only export.** Re-runs the auction
+ * clearing locally from the receipt's signed bid set and reports whether
+ * the recomputed price matches the receipt's claimed price. Does NOT
+ * check the signature — pair with [`verify_auction_receipt`] (or use
+ * [`verify_auction_receipt_full`], which does both).
+ *
+ * Returns a [`recompute::RecomputeReport`] as a `JsValue`:
+ * ```json
+ * {
+ *   "recomputed_price_micro_usd": 400000,
+ *   "receipt_price_micro_usd": 400000,
+ *   "matches_receipt": true,
+ *   "path": "vickrey",
+ *   "recomputed_winner_spiffe_id": "spiffe://…",
+ *   "winner_matches": true,
+ *   "pigou_vcg_clearing_micro_usd": null,
+ *   "reason": null
+ * }
+ * ```
+ */
+export function verify_clearing_recompute(receipt_json: string): any;
+
+/**
+ * **Day 3-4 export**: independently verify a single
+ * [`PreservationProof`].
+ *
+ * The browser surfaces this on the demo's "expand any preserved step
+ * to see its proof" affordance. The proof is JSON-serializable; the
+ * WASM call re-runs the structural check and returns `null` on
+ * success or an error string on falsification.
+ */
+export function verify_preservation(proof_json: string): void;
+
+/**
+ * **Day 3-4 export**: independently verify a single
+ * [`RecomputationProof`].
+ *
+ * Same shape as [`verify_preservation`] — re-runs the witness-hash
+ * check, returns a `JsValue` error on falsification.
+ */
+export function verify_recomputation_necessity(proof_json: string): void;