@itechsmart/prooflink-verifier 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,159 +1,218 @@
1
1
  # ProofLink™ Verifier
2
2
 
3
- **Open-source cryptographic verification logic for iTechSmart UAIO receipts.**
3
+ [![npm](https://img.shields.io/npm/v/%40itechsmart%2Fprooflink-verifier)](https://www.npmjs.com/package/@itechsmart/prooflink-verifier)
4
+ [![license](https://img.shields.io/badge/license-MIT-blue)](./LICENSE)
5
+ [![Verify Live](https://img.shields.io/badge/verify-live-00A870)](https://verify.itechsmart.dev)
6
+ [![ledger](https://img.shields.io/badge/live_ledger-80%2C000%2B_receipts-22d3ee)](https://verify.itechsmart.dev)
4
7
 
5
- > Don't trust our AI. Trust the math.
8
+ > **Every other AI-accountability standard is a PDF. ProofLink is a running ledger of
9
+ > 80,000+ cryptographically-sealed AI actions you can verify right now — not a spec, a
10
+ > live chain.** → **[verify.itechsmart.dev](https://verify.itechsmart.dev)**
6
11
 
7
- ---
12
+ **Open-source, zero-dependency cryptographic verification logic for iTechSmart UAIO
13
+ receipts** — the reference implementation of the
14
+ [ProofLink Receipt Standard **v3.0**](https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md).
8
15
 
9
- ## What is this?
16
+ **Independently verify what an autonomous AI actually did.**
10
17
 
11
- When iTechSmart's UAIO platform autonomously remediates infrastructure restarting a crashed pod, patching a misconfiguration, rolling back a bad deploymentit generates a **ProofLink receipt**: a cryptographically signed, hash-chained record of exactly what happened, when, and why.
18
+ ProofLink is the **Trust & Accountability Layer for Autonomous AI** by [iTechSmart Inc.](https://itechsmart.dev) Every autonomous action seals a cryptographic receiptSHA-256 hash-chained, **Ed25519-signed**, Bitcoin-anchored via OpenTimestamps into a public ledger.
12
19
 
13
- This repository contains the **open-source verification logic** that anyone can use to independently confirm those receipts haven't been tampered with.
20
+ This package is the open-source verifier. You don't need an account. You don't need a demo. You don't need to trust iTechSmart.
14
21
 
15
- You don't need to trust us. You can verify the math yourself.
22
+ > **Don't trust the AI. Trust the math.**
16
23
 
17
- ---
24
+ ## Not a spec — a running chain
18
25
 
19
- ## How it works
26
+ Live snapshot (2026-07-02, `/api/chain` + `/api/stats`): **79,000+ receipts**, chain
27
+ **intact (`chain_intact: true`, 0 breaks)**, **2,100+ strict cryptographically-verifiable v3
28
+ receipts** (every new action is sealed as v3), **13,700+ Bitcoin-anchored** (~17%, growing
29
+ daily).
20
30
 
21
- Each ProofLink receipt contains:
31
+ **Honest two-era note.** The `*V3` API below strictly verifies v3 receipts
32
+ (`schema_version "3.0"`): hash recompute + canonical re-derivation + Ed25519 + chain link.
33
+ Legacy v1/v2 receipts are pointer-linked and preserved unmodified — disclosed openly at
34
+ `/api/stats`. `strict_full_chain_linked: false` is the disclosed count of legacy pointer
35
+ links, **not a chain break** (`breaks: 0`). We do not claim all 79k are strict-verifiable;
36
+ 2,100+ v3 are, and the count grows with every action.
22
37
 
23
- 1. **SHA-256 hash** — computed over all fields of the receipt (deterministic, canonical JSON)
24
- 2. **Previous hash** — the SHA-256 of the preceding receipt, creating a tamper-evident chain
25
- 3. **Chain position** — sequential integer; gaps indicate missing receipts
26
- 4. **Timestamp** — ISO 8601, must be chronologically ordered
38
+ ## Built for the regulations
27
39
 
28
- Altering **any** receipt in the chain invalidates **every subsequent receipt** the same principle as Bitcoin's blockchain, applied to infrastructure audit trails.
40
+ | Regulation / framework | ProofLink field / mechanism that satisfies it |
41
+ |---|---|
42
+ | **EU AI Act (Reg. 2024/1689) Article 12** — automatic tamper-evident logging for high-risk AI | Append-only hash chain; every action seals `timestamp`, `actor`, `action`, `subject`, `outcome`, `details` |
43
+ | **NIST AI RMF 1.0 — MEASURE 2.7 / MANAGE 4.1** — monitoring evaluated & documented | `security` / `platform_fix` / `platform_health_check` receipts, signed & immutable; `actor` separates system/agent/operator |
44
+ | **CMMC L2 — AU.L2-3.3.1 / AU.L2-3.3.8** — retain & protect audit logs | SHA-256 chain + Ed25519 make any edit/deletion/reorder detectable; Bitcoin anchoring adds external existence proof |
45
+ | **SOC 2 — CC7.2 / CC7.3 / CC8.1** — anomaly monitoring & change management | `signal_classified` / `security` receipts; `config_change` records `{before_hash, after_hash, diff_summary}` |
46
+ | **ISO/IEC 42001:2023 — Clause 9.1** — retain documented monitoring evidence | The receipt ledger is the retained cryptographic evidence; `compliance_tags` seal the control claim inside the signature |
29
47
 
30
- ```
31
- Receipt 0 (genesis) Receipt 1 Receipt 2
32
- ┌─────────────────────┐ ┌─────────────────────┐ ┌─────────────────────┐
33
- sha256: abc123... │──────▶│ prev_hash: abc123... │─────▶│ prev_hash: def456...│
34
- │ prev_hash: null │ │ sha256: def456... │ │ sha256: ghi789... │
35
- chain_position: 0 │ │ chain_position: 1 │ │ chain_position: 2 │
36
- └─────────────────────┘ └─────────────────────┘ └─────────────────────┘
37
- ```
48
+ ## Connect anything — every call seals a receipt
49
+
50
+ - **MCP server** — verify/search receipts from any MCP client (Claude, Cursor, Copilot,
51
+ LangGraph, CrewAI): `prooflink_verify_receipt`, `prooflink_search_receipts`,
52
+ `prooflink_verify_chain`.
53
+ - **FastAPI / REST** `verify.itechsmart.dev` exposes `/api/export`, `/api/verify/<id>`,
54
+ `/api/chain`, `/api/stats`, `/api/anchors`, `/api/how-to-verify`.
55
+ - **SDK** — [`prooflink-sdk`](https://github.com/Iteksmart/prooflink-sdk) (Python +
56
+ TypeScript) for sealing; this repo for zero-dependency verification.
38
57
 
39
- If you alter Receipt 1's `action` field:
40
- - Its computed SHA-256 changes → `sha256` field no longer matches → **tamper detected**
41
- - Receipt 2's `prev_hash` no longer matches **chain broken**
58
+ ProofLink aligns conceptually with the IETF Internet-Draft
59
+ [`draft-sharif-agent-audit-trail-00`](https://datatracker.ietf.org/doc/html/draft-sharif-agent-audit-trail-00)
60
+ (same problem, shared SHA-256 hash-chain core) while differing deliberately on
61
+ canonicalization (`json.dumps`, not RFC 8785 JCS) and signature (Ed25519, not ECDSA P-256).
42
62
 
43
63
  ---
44
64
 
45
- ## Installation
65
+ ## Verify a real receipt in 30 seconds
46
66
 
47
67
  ```bash
48
- npm install @itechsmart/prooflink-verifier
68
+ # Full cryptographic verification of one receipt from the live public ledger:
69
+ npx @itechsmart/prooflink-verifier 450ebfeb2a1cb00d
70
+
71
+ # ✓ hash_integrity SHA256(canonical_bytes) == hash_sha256
72
+ # ✓ canonical_rederivation re-derived canonical bytes match
73
+ # ✓ ed25519_signature Ed25519 OK
74
+ # VERIFIED
75
+
76
+ # Pointer-linkage check on the newest 25 receipts in the chain:
77
+ npx @itechsmart/prooflink-verifier --chain 25
49
78
  ```
50
79
 
51
- Or clone and use directly:
80
+ Grab any receipt ID from the live ledger at **[verify.itechsmart.dev](https://verify.itechsmart.dev)** — no account, no demo, no trust required.
52
81
 
53
- ```bash
54
- git clone https://github.com/Iteksmart/prooflink-verifier
55
- cd prooflink-verifier
56
- npm install
82
+ ---
83
+
84
+ ## Conformance to ProofLink Receipt Standard v3.0
85
+
86
+ This verifier ships a **Standard v3.0-conformant** verifier for the **live v3
87
+ receipt format** ([`ProofLink-Receipt-Standard-v3.md`](https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md)). Import the `*V3` API:
88
+
89
+ ```ts
90
+ import { verifyV3, verifyReceiptV3, verifyChainV3 } from "prooflink-verifier";
91
+
92
+ const res = await fetch("https://verify.itechsmart.dev/api/verify/<id>");
93
+ const { receipt } = await res.json();
94
+ verifyV3(receipt); // boolean — all 4 Standard checks
95
+ verifyReceiptV3(receipt, prevHash) // { valid, checks[], errors[] }
57
96
  ```
58
97
 
98
+ It performs the four normative checks: (1) `SHA256(canonical_bytes) == hash_sha256`,
99
+ (2) canonical re-derivation of `canonical_bytes`, (3) Ed25519 signature over the raw
100
+ `canonical_bytes` under the embedded (published) public key, (4) `prev_hash` chain link.
101
+
102
+ ### ⚠ Schema drift — read this
103
+
104
+ The **original** exports (`computeReceiptHash`, `verifyReceipt`, `verifyChain`,
105
+ `ProofLinkVerifier`) target a **pre-v3 / legacy receipt shape**
106
+ (`receipt_id`, `sha256`, `previous_hash`, `before_state`, `after_state`,
107
+ `nist_controls`, `arbiter_policy`, …) and hash a **fixed field list** with
108
+ `JSON.stringify` and **no signature**. **Live receipts no longer match that shape.**
109
+ The live ledger emits v3 receipts (`id`, `hash_sha256`, `prev_hash`,
110
+ `canonical_bytes`, Ed25519 `signature`, full-payload canonicalization). Use the
111
+ `*V3` API above for anything fetched from `verify.itechsmart.dev` today. The legacy
112
+ exports are retained unchanged for historical/pre-v3 receipts. See the DRIFT NOTICE
113
+ at the top of `src/standard-v3.ts`.
114
+
59
115
  ---
60
116
 
61
- ## Usage
62
117
 
63
- ### Verify a single receipt
118
+ ## Why Cryptographic Proof?
64
119
 
65
- ```typescript
66
- import { verifyReceipt } from '@itechsmart/prooflink-verifier'
120
+ Modern enterprise IT generates millions of autonomous actions per day — auto-scaling, patching, remediating, classifying. Most happen with no human in the loop. The audit story today is a mess of mutable logs, ad-hoc PDFs, and dashboards no one trusts.
67
121
 
68
- const result = verifyReceipt(receipt, previousReceipt)
122
+ Regulators are catching up. **EU AI Act Article 12** (enforcement 2026-08-02) requires high-risk AI systems to maintain tamper-evident logs of every decision. NIST AI RMF and SOC 2 are tightening too.
69
123
 
70
- console.log(result.valid) // true/false
71
- console.log(result.tamper_detected) // true if hash or chain broken
72
- console.log(result.checks) // detailed check results
73
- console.log(result.errors) // list of failures
74
- ```
124
+ A cryptographic receipt chain is the cheapest way to meet those requirements *and* the only way to prove autonomous behavior to a skeptical auditor. ProofLink generates one receipt per autonomous action, SHA-256 hashed, linked to the previous receipt, and publicly verifiable at [verify.itechsmart.dev](https://verify.itechsmart.dev).
75
125
 
76
- ### Verify an entire chain
126
+ ## EU AI Act Article 12 Alignment
77
127
 
78
- ```typescript
79
- import { verifyChain } from '@itechsmart/prooflink-verifier'
128
+ Article 12 of the EU AI Act (effective 2026-08-02) requires providers of high-risk AI systems to maintain automatic, tamper-evident logs of every decision. Mutable log files, post-hoc PDFs, and ephemeral dashboards do not satisfy this requirement.
80
129
 
81
- const receipts = await fetchReceiptsFromLedger()
82
- const result = verifyChain(receipts)
130
+ ProofLink receipts satisfy Article 12 by design:
83
131
 
84
- console.log(result.chain_valid) // true if all receipts intact
85
- console.log(result.tamper_detected) // true if any tampering found
86
- console.log(result.tamper_position) // which position was altered
87
- console.log(result.summary) // human-readable summary
88
- ```
132
+ | Article 12 requirement | ProofLink mechanism |
133
+ |---|---|
134
+ | Automatic logging at runtime | Receipt generated synchronously on every autonomous action |
135
+ | Tamper-evident records | SHA-256 hash chain — altering any receipt invalidates every subsequent one |
136
+ | Identification of the system | `executor` field carries the model/agent identifier |
137
+ | Chronological ordering | `chain_position` integer + ISO 8601 `timestamp`, both verified during chain checks |
138
+ | Retention | Hash chain stored append-only; OpenTimestamps anchor optionally pins to Bitcoin |
89
139
 
90
- ### Compute a hash yourself
140
+ ## NIST 800-53 Control Mapping
91
141
 
92
- ```typescript
93
- import { computeReceiptHash } from '@itechsmart/prooflink-verifier'
142
+ Each receipt asserts compliance with the following NIST 800-53 controls. The mapping is recorded inside the receipts `nist_controls` field so it travels with the proof:
143
+
144
+ | Control | Title | How ProofLink supports |
145
+ |---|---|---|
146
+ | **AU-2** | Event Logging | Every autonomous action generates an event record |
147
+ | **AU-10** | Non-Repudiation | Hash chain + executor identity prevent denial |
148
+ | **SI-7** | Software, Firmware, and Information Integrity | Tamper-evident chain on the action trail |
149
+ | **SA-11** | Developer Testing and Evaluation | `test_result` field captured per receipt |
94
150
 
95
- const { sha256, ...receiptWithoutHash } = receipt
96
- const computed = computeReceiptHash(receiptWithoutHash)
151
+ ## What gets verified (schema v3 — the live ledger format)
97
152
 
98
- console.log(computed === receipt.sha256) // true if untampered
153
+ Every v3 receipt is sealed like this on the platform side:
154
+
155
+ ```
156
+ payload = all receipt fields EXCEPT (canonical_bytes, signature, hash_sha256)
157
+ — including prev_hash and chain_position, so the chain link
158
+ itself is covered by the hash AND the signature
159
+ canonical_bytes = canonical JSON of payload (sorted keys, compact, UTF-8), hex-encoded
160
+ hash_sha256 = SHA-256(canonical_bytes)
161
+ signature = Ed25519 over the raw canonical bytes (32-byte public key, hex)
99
162
  ```
100
163
 
164
+ The verifier independently re-checks all three:
165
+
166
+ | Check | What it proves |
167
+ |---|---|
168
+ | `hash_integrity` | The recorded hash really is the SHA-256 of the signed bytes |
169
+ | `payload_consistency` | The fields you're reading are exactly what was hashed and signed — nothing displayed differs from the sealed record |
170
+ | `signature_valid` | The Ed25519 signature verifies against the canonical bytes |
171
+
172
+ Chain-level checks (`--chain`, `verifyPublicChain`): every receipt's `previous_hash` must equal the prior receipt's `sha256`, positions must be sequential, timestamps ordered. Altering any historic receipt breaks every receipt after it — the same principle as Bitcoin's blockchain, applied to AI accountability.
173
+
174
+ Beyond this library: receipts are also anchored to the **Bitcoin blockchain via OpenTimestamps**, are **SCITT-compatible** (IETF architecture), and carry **W3C Verifiable Credential** envelopes plus clause-level **EU AI Act Article 12(1)/(2)/(4)** and NIST AI RMF mappings. See the [public verification spec](https://verify.itechsmart.dev/api/how-to-verify).
175
+
101
176
  ---
102
177
 
103
- ## The canonical hash function
178
+ ## Installation & library usage
104
179
 
105
- The hash is computed over a deterministic JSON serialization of all fields **except** `sha256` itself:
180
+ ```bash
181
+ npm install @itechsmart/prooflink-verifier
182
+ ```
106
183
 
107
184
  ```typescript
108
- export function computeReceiptHash(receipt: Omit<ProofLinkReceipt, 'sha256'>): string {
109
- const canonical = JSON.stringify({
110
- receipt_id: receipt.receipt_id,
111
- version: receipt.version,
112
- timestamp: receipt.timestamp,
113
- container: receipt.container,
114
- executor: receipt.executor,
115
- trigger: receipt.trigger,
116
- action: receipt.action,
117
- action_parameters: receipt.action_parameters,
118
- before_state: receipt.before_state,
119
- after_state: receipt.after_state,
120
- nist_controls: receipt.nist_controls,
121
- human_input: receipt.human_input,
122
- arbiter_policy: receipt.arbiter_policy,
123
- previous_hash: receipt.previous_hash,
124
- chain_position: receipt.chain_position,
125
- }, null, 0)
126
-
127
- return crypto.createHash('sha256').update(canonical, 'utf8').digest('hex')
128
- }
185
+ import {
186
+ fetchAndVerifyReceipt, // full crypto against the live ledger
187
+ fetchAndVerifyChain, // pointer-linkage check on the newest N receipts
188
+ verifyReceiptV3, // verify a v3 receipt object you already have
189
+ verifyPublicChain, // verify a list from /api/receipts
190
+ verify, verifyAnyChain, // schema-aware: auto-detects v3 vs legacy receipts
191
+ } from '@itechsmart/prooflink-verifier'
192
+
193
+ const result = await fetchAndVerifyReceipt('450ebfeb2a1cb00d')
194
+ console.log(result.valid) // true
195
+ console.log(result.checks) // hash_integrity, payload_consistency, signature_valid
196
+
197
+ const chain = await fetchAndVerifyChain(50)
198
+ console.log(chain.chain_valid) // true
199
+ console.log(chain.ledger_total) // 80,000+ and counting
129
200
  ```
130
201
 
131
- The field ordering is fixed and documented. You can reimplement this in any language and verify receipts independently.
132
-
133
- ---
134
-
135
- ## Verification checks
202
+ Public API endpoints (no auth):
136
203
 
137
- For each receipt, the verifier runs 5 checks:
204
+ - `GET https://verify.itechsmart.dev/api/receipt/<id>` full receipt incl. `canonical_bytes` + `signature`
205
+ - `GET https://verify.itechsmart.dev/api/receipts?limit=N` — newest receipts (summary)
206
+ - `GET https://verify.itechsmart.dev/api/stats` — live totals + chain integrity
207
+ - `GET https://verify.itechsmart.dev/api/how-to-verify` — the full verification spec
138
208
 
139
- | Check | What it verifies |
140
- |-------|-----------------|
141
- | `schema_valid` | All required fields present |
142
- | `receipt_integrity` | Stored SHA-256 matches recomputed hash |
143
- | `chain_link` | `previous_hash` matches prior receipt's `sha256` |
144
- | `chain_position` | Position is sequential (no gaps) |
145
- | `timestamp_order` | Timestamps are chronologically ordered |
209
+ **For AI agents:** the same verification is exposed over MCP at [mcp.itechsmart.dev](https://mcp.itechsmart.dev) — Claude, GPT, Copilot and Cursor can verify receipts directly (17 tools).
146
210
 
147
211
  ---
148
212
 
149
- ## Live receipts
150
-
151
- Verify real receipts from iTechSmart's production ledger:
213
+ ## Legacy schema (v1)
152
214
 
153
- ```
154
- https://verify.itechsmart.dev
155
- https://api.itechsmart.dev/api/v1/prooflink/receipts
156
- ```
215
+ Earlier receipts used a fixed-field schema (`container`, `executor`, `trigger`, …). The original verification functions (`verifyReceipt`, `verifyChain`, `computeReceiptHash`) still support it, and `verify()` / `verifyAnyChain()` auto-detect which schema you're holding.
157
216
 
158
217
  ---
159
218
 
@@ -174,23 +233,29 @@ This verifier is intentionally minimal. The goal is auditable simplicity — not
174
233
  PRs welcome for:
175
234
  - Additional language implementations (Python, Go, Rust)
176
235
  - OpenTimestamps proof verification
177
- - CLI tool
178
236
  - Test vectors
179
237
 
180
238
  ---
181
239
 
182
- ## License
240
+ ## Why this exists
241
+
242
+ Regulators (EU AI Act Article 12, enforcement August 2, 2026), auditors, and customers increasingly ask one question about autonomous AI: **"Prove it."**
183
243
 
184
- MIT use freely, audit openly, verify everything.
244
+ Audit logs can be edited. Dashboards can be wrong. Vendor attestations require trust. A hash-chained, signed, Bitcoin-anchored receipt that *anyone* can verify with open-source code requires none of those things.
185
245
 
186
246
  ---
187
247
 
188
248
  ## About iTechSmart
189
249
 
190
- iTechSmart builds UAIO (Unified Autonomous IT Operations) — the first enterprise platform that autonomously detects, remediates, and cryptographically proves every infrastructure action.
250
+ iTechSmart Inc. builds UAIO (Unified Autonomous IT Operations) — the first enterprise platform that autonomously detects, remediates, and cryptographically proves every infrastructure action — and operates ProofLink, the Trust & Accountability Layer for Autonomous AI.
191
251
 
192
- - Website: [itechsmart.dev](https://itechsmart.dev)
252
+ - Product: [prooflink.itechsmart.dev](https://prooflink.itechsmart.dev)
193
253
  - Verify receipts: [verify.itechsmart.dev](https://verify.itechsmart.dev)
254
+ - Website: [itechsmart.dev](https://itechsmart.dev)
194
255
  - Whitepaper: [whitepaper.itechsmart.dev](https://whitepaper.itechsmart.dev)
195
256
 
196
- SDVOSB · CAGE: 172W2 · NVIDIA Inception · NIST CSF 96/100
257
+ SDVOSB · CAGE: 172W2 · UEI: ZCPFX4N86G36 · NVIDIA Inception
258
+
259
+ ## License
260
+
261
+ MIT © iTechSmart Inc. — use freely, audit openly, verify everything. ProofLink™ is a registered federal trademark of iTechSmart Inc.
package/bin/cli.js ADDED
@@ -0,0 +1,54 @@
1
+ #!/usr/bin/env node
2
+ /* ProofLink verifier CLI — verify receipts on the live public ledger.
3
+ *
4
+ * npx @itechsmart/prooflink-verifier <receipt_id> full crypto verify of one receipt
5
+ * npx @itechsmart/prooflink-verifier --chain [N] pointer-linkage check on newest N (default 25)
6
+ */
7
+ const { fetchAndVerifyReceipt, fetchAndVerifyChain } = require('../dist/index.js');
8
+
9
+ const GREEN = '\x1b[32m', RED = '\x1b[31m', DIM = '\x1b[2m', BOLD = '\x1b[1m', RESET = '\x1b[0m';
10
+
11
+ async function main() {
12
+ const args = process.argv.slice(2);
13
+ if (!args.length || args[0] === '--help' || args[0] === '-h') {
14
+ console.log(`${BOLD}ProofLink Verifier${RESET} — don't trust the AI, trust the math.
15
+
16
+ Usage:
17
+ prooflink-verify <receipt_id> Fully verify one receipt (hash + payload + Ed25519)
18
+ prooflink-verify --chain [N] Verify pointer linkage of the newest N receipts (default 25)
19
+
20
+ Ledger: https://verify.itechsmart.dev (no account required)`);
21
+ process.exit(0);
22
+ }
23
+
24
+ if (args[0] === '--chain') {
25
+ const n = parseInt(args[1], 10) || 25;
26
+ const r = await fetchAndVerifyChain(n);
27
+ console.log(`${BOLD}ProofLink public chain check${RESET} ${DIM}(newest ${r.receipts_verified} of ${r.ledger_total.toLocaleString()} receipts)${RESET}`);
28
+ console.log(r.chain_valid
29
+ ? `${GREEN}✓ ${r.summary}${RESET}`
30
+ : `${RED}✗ ${r.summary}${RESET}`);
31
+ if (r.errors.length) r.errors.slice(0, 5).forEach(e => console.log(` ${RED}- ${e}${RESET}`));
32
+ console.log(`${DIM}Ledger-reported chain_intact: ${r.ledger_chain_intact}${RESET}`);
33
+ process.exit(r.chain_valid ? 0 : 1);
34
+ }
35
+
36
+ const id = args[0];
37
+ const r = await fetchAndVerifyReceipt(id);
38
+ if (!r.found) {
39
+ console.log(`${RED}✗ Receipt ${id} not found on the public ledger${RESET}`);
40
+ process.exit(2);
41
+ }
42
+ console.log(`${BOLD}ProofLink receipt ${id}${RESET}`);
43
+ for (const c of r.checks) {
44
+ console.log(` ${c.passed ? GREEN + '✓' : RED + '✗'} ${c.name}${RESET} ${DIM}${c.detail}${RESET}`);
45
+ }
46
+ console.log(r.valid
47
+ ? `${GREEN}${BOLD}VERIFIED${RESET} — hash intact, payload consistent, Ed25519 signature valid.`
48
+ : r.tamper_detected
49
+ ? `${RED}${BOLD}TAMPER DETECTED${RESET}`
50
+ : `${RED}${BOLD}NOT FULLY VERIFIED${RESET} ${DIM}(see checks above)${RESET}`);
51
+ process.exit(r.valid ? 0 : 1);
52
+ }
53
+
54
+ main().catch(e => { console.error(`${RED}Error: ${e.message}${RESET}`); process.exit(3); });
package/dist/index.d.ts CHANGED
@@ -1,2 +1,6 @@
1
1
  export * from './prooflink-verifier';
2
+ export { verifyReceiptV3, verifyV3, verifyChainV3, canonicalize as canonicalizeV3, importEd25519PublicKey, PUBLISHED_PUBLIC_KEY, } from './standard-v3';
3
+ export type { V3Receipt, V3Signature, V3Check, V3Result } from './standard-v3';
4
+ export { fetchAndVerifyReceipt, fetchAndVerifyChain, verifyPublicChain, DEFAULT_LEDGER, } from './live';
5
+ export type { PublicChainReceipt, PublicChainResult } from './live';
2
6
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,sBAAsB,CAAC;AAIrC,OAAO,EACL,eAAe,EACf,QAAQ,EACR,aAAa,EACb,YAAY,IAAI,cAAc,EAC9B,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAI/E,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,GACf,MAAM,QAAQ,CAAC;AAChB,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC"}
package/dist/index.js CHANGED
@@ -14,5 +14,25 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
14
  for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
+ exports.DEFAULT_LEDGER = exports.verifyPublicChain = exports.fetchAndVerifyChain = exports.fetchAndVerifyReceipt = exports.PUBLISHED_PUBLIC_KEY = exports.importEd25519PublicKey = exports.canonicalizeV3 = exports.verifyChainV3 = exports.verifyV3 = exports.verifyReceiptV3 = void 0;
18
+ // Legacy pre-v3 verifier (verifies the historical ProofLinkReceipt shape:
19
+ // receipt_id / sha256 / previous_hash / before_state / nist_controls …).
20
+ // See the DRIFT NOTICE in ./standard-v3 — the LIVE ledger emits v3 receipts.
17
21
  __exportStar(require("./prooflink-verifier"), exports);
22
+ // ProofLink Receipt Standard v3.0 — conformant verifier for LIVE v3 receipts.
23
+ // Spec: https://verify.itechsmart.dev/api/how-to-verify
24
+ var standard_v3_1 = require("./standard-v3");
25
+ Object.defineProperty(exports, "verifyReceiptV3", { enumerable: true, get: function () { return standard_v3_1.verifyReceiptV3; } });
26
+ Object.defineProperty(exports, "verifyV3", { enumerable: true, get: function () { return standard_v3_1.verifyV3; } });
27
+ Object.defineProperty(exports, "verifyChainV3", { enumerable: true, get: function () { return standard_v3_1.verifyChainV3; } });
28
+ Object.defineProperty(exports, "canonicalizeV3", { enumerable: true, get: function () { return standard_v3_1.canonicalize; } });
29
+ Object.defineProperty(exports, "importEd25519PublicKey", { enumerable: true, get: function () { return standard_v3_1.importEd25519PublicKey; } });
30
+ Object.defineProperty(exports, "PUBLISHED_PUBLIC_KEY", { enumerable: true, get: function () { return standard_v3_1.PUBLISHED_PUBLIC_KEY; } });
31
+ // Live-ledger helpers: fetch + verify against verify.itechsmart.dev, and
32
+ // pointer-linkage verification for the public summary list (/api/receipts).
33
+ var live_1 = require("./live");
34
+ Object.defineProperty(exports, "fetchAndVerifyReceipt", { enumerable: true, get: function () { return live_1.fetchAndVerifyReceipt; } });
35
+ Object.defineProperty(exports, "fetchAndVerifyChain", { enumerable: true, get: function () { return live_1.fetchAndVerifyChain; } });
36
+ Object.defineProperty(exports, "verifyPublicChain", { enumerable: true, get: function () { return live_1.verifyPublicChain; } });
37
+ Object.defineProperty(exports, "DEFAULT_LEDGER", { enumerable: true, get: function () { return live_1.DEFAULT_LEDGER; } });
18
38
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAqC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,uDAAqC;AAErC,8EAA8E;AAC9E,wDAAwD;AACxD,6CAOuB;AANrB,8GAAA,eAAe,OAAA;AACf,uGAAA,QAAQ,OAAA;AACR,4GAAA,aAAa,OAAA;AACb,6GAAA,YAAY,OAAkB;AAC9B,qHAAA,sBAAsB,OAAA;AACtB,mHAAA,oBAAoB,OAAA;AAItB,yEAAyE;AACzE,4EAA4E;AAC5E,+BAKgB;AAJd,6GAAA,qBAAqB,OAAA;AACrB,2GAAA,mBAAmB,OAAA;AACnB,yGAAA,iBAAiB,OAAA;AACjB,sGAAA,cAAc,OAAA"}
package/dist/live.d.ts ADDED
@@ -0,0 +1,40 @@
1
+ /**
2
+ * Live-ledger helpers: fetch receipts from verify.itechsmart.dev and verify
3
+ * them with the Standard v3.0 verifier (see ./standard-v3), plus a
4
+ * pointer-linkage check for the public summary list (/api/receipts).
5
+ */
6
+ import { type V3Result } from './standard-v3';
7
+ export declare const DEFAULT_LEDGER = "https://verify.itechsmart.dev";
8
+ export interface PublicChainReceipt {
9
+ receipt_id: string;
10
+ chain_position: number;
11
+ previous_hash: string;
12
+ sha256: string;
13
+ timestamp: string;
14
+ [key: string]: unknown;
15
+ }
16
+ export interface PublicChainResult {
17
+ chain_valid: boolean;
18
+ tamper_detected: boolean;
19
+ receipts_verified: number;
20
+ tamper_position: number | null;
21
+ summary: string;
22
+ errors: string[];
23
+ }
24
+ /**
25
+ * Pointer-linkage verification for the public summary list (/api/receipts):
26
+ * previous_hash links, monotonic chain positions, timestamp order.
27
+ * Full crypto per receipt requires the detail endpoint (see fetchAndVerifyReceipt).
28
+ */
29
+ export declare function verifyPublicChain(receipts: PublicChainReceipt[]): PublicChainResult;
30
+ /** Fetch a receipt by id from the public ledger and fully verify it (Standard v3.0). */
31
+ export declare function fetchAndVerifyReceipt(receiptId: string, base?: string): Promise<V3Result & {
32
+ receipt_id: string;
33
+ found: boolean;
34
+ }>;
35
+ /** Fetch the newest N receipts from the public ledger and verify pointer linkage. */
36
+ export declare function fetchAndVerifyChain(limit?: number, base?: string): Promise<PublicChainResult & {
37
+ ledger_total: number;
38
+ ledger_chain_intact: boolean;
39
+ }>;
40
+ //# sourceMappingURL=live.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"live.d.ts","sourceRoot":"","sources":["../src/live.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAmC,KAAK,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/E,eAAO,MAAM,cAAc,kCAAkC,CAAC;AAE9D,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,EAAE,GAAG,iBAAiB,CA+BnF;AAED,wFAAwF;AACxF,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,MAAuB,GAC5B,OAAO,CAAC,QAAQ,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAU5D;AAED,qFAAqF;AACrF,wBAAsB,mBAAmB,CACvC,KAAK,SAAK,EACV,IAAI,GAAE,MAAuB,GAC5B,OAAO,CAAC,iBAAiB,GAAG;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,mBAAmB,EAAE,OAAO,CAAA;CAAE,CAAC,CAIrF"}
package/dist/live.js ADDED
@@ -0,0 +1,69 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.DEFAULT_LEDGER = void 0;
4
+ exports.verifyPublicChain = verifyPublicChain;
5
+ exports.fetchAndVerifyReceipt = fetchAndVerifyReceipt;
6
+ exports.fetchAndVerifyChain = fetchAndVerifyChain;
7
+ /**
8
+ * Live-ledger helpers: fetch receipts from verify.itechsmart.dev and verify
9
+ * them with the Standard v3.0 verifier (see ./standard-v3), plus a
10
+ * pointer-linkage check for the public summary list (/api/receipts).
11
+ */
12
+ const standard_v3_1 = require("./standard-v3");
13
+ exports.DEFAULT_LEDGER = 'https://verify.itechsmart.dev';
14
+ /**
15
+ * Pointer-linkage verification for the public summary list (/api/receipts):
16
+ * previous_hash links, monotonic chain positions, timestamp order.
17
+ * Full crypto per receipt requires the detail endpoint (see fetchAndVerifyReceipt).
18
+ */
19
+ function verifyPublicChain(receipts) {
20
+ const errors = [];
21
+ let tamperPosition = null;
22
+ const sorted = [...receipts].sort((a, b) => a.chain_position - b.chain_position);
23
+ for (let i = 1; i < sorted.length; i++) {
24
+ const prev = sorted[i - 1];
25
+ const cur = sorted[i];
26
+ if (cur.chain_position !== prev.chain_position + 1) {
27
+ errors.push(`Gap between positions ${prev.chain_position} and ${cur.chain_position}`);
28
+ tamperPosition = tamperPosition ?? cur.chain_position;
29
+ continue;
30
+ }
31
+ if (cur.previous_hash !== prev.sha256) {
32
+ errors.push(`Broken link at position ${cur.chain_position}: previous_hash does not match prior sha256`);
33
+ tamperPosition = tamperPosition ?? cur.chain_position;
34
+ }
35
+ if (new Date(cur.timestamp).getTime() < new Date(prev.timestamp).getTime()) {
36
+ errors.push(`Timestamp regression at position ${cur.chain_position}`);
37
+ }
38
+ }
39
+ const ok = errors.length === 0;
40
+ return {
41
+ chain_valid: ok,
42
+ tamper_detected: !ok,
43
+ receipts_verified: sorted.length,
44
+ tamper_position: tamperPosition,
45
+ summary: ok
46
+ ? `Chain VALID — ${sorted.length} receipts, pointer linkage intact`
47
+ : `Chain INVALID — ${errors.length} problem(s), first at position ${tamperPosition}`,
48
+ errors,
49
+ };
50
+ }
51
+ /** Fetch a receipt by id from the public ledger and fully verify it (Standard v3.0). */
52
+ async function fetchAndVerifyReceipt(receiptId, base = exports.DEFAULT_LEDGER) {
53
+ const res = await fetch(`${base}/api/receipt/${encodeURIComponent(receiptId)}`);
54
+ if (!res.ok) {
55
+ return { receipt_id: receiptId, found: false, valid: false, id: receiptId, checks: [], errors: [`HTTP ${res.status} from ledger`] };
56
+ }
57
+ const body = (await res.json());
58
+ if (!body.found || !body.receipt) {
59
+ return { receipt_id: receiptId, found: false, valid: false, id: receiptId, checks: [], errors: ['Receipt not found'] };
60
+ }
61
+ return { receipt_id: receiptId, found: true, ...(0, standard_v3_1.verifyReceiptV3)(body.receipt) };
62
+ }
63
+ /** Fetch the newest N receipts from the public ledger and verify pointer linkage. */
64
+ async function fetchAndVerifyChain(limit = 25, base = exports.DEFAULT_LEDGER) {
65
+ const res = await fetch(`${base}/api/receipts?limit=${limit}`);
66
+ const body = (await res.json());
67
+ return { ...verifyPublicChain(body.receipts || []), ledger_total: body.total, ledger_chain_intact: body.chain_intact };
68
+ }
69
+ //# sourceMappingURL=live.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"live.js","sourceRoot":"","sources":["../src/live.ts"],"names":[],"mappings":";;;AAgCA,8CA+BC;AAGD,sDAaC;AAGD,kDAOC;AAzFD;;;;GAIG;AACH,+CAA+E;AAElE,QAAA,cAAc,GAAG,+BAA+B,CAAC;AAoB9D;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,QAA8B;IAC9D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAC;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAI,CAAC,cAAc,QAAQ,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;YACtF,cAAc,GAAG,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC;YACtD,SAAS;QACX,CAAC;QACD,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,2BAA2B,GAAG,CAAC,cAAc,6CAA6C,CAAC,CAAC;YACxG,cAAc,GAAG,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC,oCAAoC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/B,OAAO;QACL,WAAW,EAAE,EAAE;QACf,eAAe,EAAE,CAAC,EAAE;QACpB,iBAAiB,EAAE,MAAM,CAAC,MAAM;QAChC,eAAe,EAAE,cAAc;QAC/B,OAAO,EAAE,EAAE;YACT,CAAC,CAAC,iBAAiB,MAAM,CAAC,MAAM,mCAAmC;YACnE,CAAC,CAAC,mBAAmB,MAAM,CAAC,MAAM,kCAAkC,cAAc,EAAE;QACtF,MAAM;KACP,CAAC;AACJ,CAAC;AAED,wFAAwF;AACjF,KAAK,UAAU,qBAAqB,CACzC,SAAiB,EACjB,OAAe,sBAAc;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,gBAAgB,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,GAAG,CAAC,MAAM,cAAc,CAAC,EAAE,CAAC;IACtI,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6C,CAAC;IAC5E,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;IACzH,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;AAClF,CAAC;AAED,qFAAqF;AAC9E,KAAK,UAAU,mBAAmB,CACvC,KAAK,GAAG,EAAE,EACV,OAAe,sBAAc;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uBAAuB,KAAK,EAAE,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6E,CAAC;IAC5G,OAAO,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,mBAAmB,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;AACzH,CAAC"}
@@ -47,6 +47,9 @@ export interface VerificationCheck {
47
47
  * Compute the expected SHA-256 hash for a receipt.
48
48
  * The hash covers all fields EXCEPT the sha256 field itself.
49
49
  * This is the canonical hash function — open for inspection.
50
+ *
51
+ * @param receipt Receipt object without the sha256 field
52
+ * @returns Hexadecimal string of the computed SHA-256 hash
50
53
  */
51
54
  export declare function computeReceiptHash(receipt: Omit<ProofLinkReceipt, 'sha256'>): string;
52
55
  /**
@@ -1 +1 @@
1
- {"version":3,"file":"prooflink-verifier.d.ts","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC1C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,WAAW,CAAA;IACxB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,QAAQ,CAAA;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,CAAA;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,iBAAiB,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;IACxB,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG,MAAM,CAoBpF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAYnF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CA4BnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAqBnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAgBnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,iBAAiB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,gBAAgB,EACzB,eAAe,GAAE,gBAAgB,GAAG,IAAW,GAC9C,kBAAkB,CAwBpB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,GAAG;IACzD,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,OAAO,EAAE,kBAAkB,EAAE,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAsCA;AAMD,eAAO,MAAM,iBAAiB;;;;;;CAM7B,CAAA;AAED,eAAe,iBAAiB,CAAA"}
1
+ {"version":3,"file":"prooflink-verifier.d.ts","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC1C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,WAAW,CAAA;IACxB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,QAAQ,CAAA;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,CAAA;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,iBAAiB,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;IACxB,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAMD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG,MAAM,CAoBpF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAYnF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CA4BnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAqBnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAgBnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,iBAAiB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,gBAAgB,EACzB,eAAe,GAAE,gBAAgB,GAAG,IAAW,GAC9C,kBAAkB,CAwBpB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,GAAG;IACzD,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,OAAO,EAAE,kBAAkB,EAAE,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAsCA;AAMD,eAAO,MAAM,iBAAiB;;;;;;CAM7B,CAAA;AAED,eAAe,iBAAiB,CAAA"}
@@ -28,6 +28,9 @@ const crypto_1 = __importDefault(require("crypto"));
28
28
  * Compute the expected SHA-256 hash for a receipt.
29
29
  * The hash covers all fields EXCEPT the sha256 field itself.
30
30
  * This is the canonical hash function — open for inspection.
31
+ *
32
+ * @param receipt Receipt object without the sha256 field
33
+ * @returns Hexadecimal string of the computed SHA-256 hash
31
34
  */
32
35
  function computeReceiptHash(receipt) {
33
36
  const canonical = JSON.stringify({
@@ -1 +1 @@
1
- {"version":3,"file":"prooflink-verifier.js","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;AA0DH,gDAoBC;AAMD,wDAYC;AAOD,0CA+BC;AAKD,kDAwBC;AAKD,oDAmBC;AAKD,kDAkBC;AAMD,sCA2BC;AAMD,kCA4CC;AAnSD,oDAA2B;AA+C3B,gDAAgD;AAChD,0BAA0B;AAC1B,gDAAgD;AAEhD;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,OAAyC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;IAEjD,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,OAAyB;IAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IACnC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,iBAAiB,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;YAC/C,CAAC,CAAC,2BAA2B,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KACjG,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAC7B,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,IAAI,CAAA;QAC7C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,MAAM,EAAE,MAAM;gBACZ,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,wDAAwD,OAAO,CAAC,aAAa,EAAE;SACpF,CAAA;IACH,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,oDAAoD,OAAO,CAAC,cAAc,GAAG,CAAC,gBAAgB;SACvG,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,eAAe,CAAC,MAAM,CAAA;IAC/D,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,kCAAkC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YACnF,CAAC,CAAC,0BAA0B,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KAC9H,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAA;IAChF,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,iDAAiD;SAC1D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,KAAK,eAAe,CAAC,cAAc,GAAG,CAAC,CAAA;IAC5E,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,YAAY,OAAO,CAAC,cAAc,YAAY,eAAe,CAAC,cAAc,EAAE;YAChF,CAAC,CAAC,0BAA0B,eAAe,CAAC,cAAc,MAAM,OAAO,CAAC,cAAc,EAAE;KAC3F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,OAAyB,EACzB,eAAwC;IAExC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IAC5F,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IACrD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IAC9D,MAAM,MAAM,GAAG,OAAO,IAAI,QAAQ,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,0BAA0B,OAAO,CAAC,SAAS,OAAO,eAAe,CAAC,SAAS,EAAE;YAC/E,CAAC,CAAC,4BAA4B,OAAO,CAAC,SAAS,aAAa,eAAe,CAAC,SAAS,EAAE;KAC1F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU;QAC7D,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa;QAClD,QAAQ,EAAE,gBAAgB,EAAE,aAAa;KAC1C,CAAA;IAED,MAAM,CAAC,GAAG,OAAkC,CAAA;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,CAAC,CAAA;IAEjF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAA;IACnC,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,6BAA6B;YAC/B,CAAC,CAAC,4BAA4B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrD,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,OAAyB,EACzB,kBAA2C,IAAI;IAE/C,MAAM,MAAM,GAAwB;QAClC,mBAAmB,CAAC,OAAO,CAAC;QAC5B,sBAAsB,CAAC,OAAO,CAAC;QAC/B,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC;QACzC,mBAAmB,CAAC,OAAO,EAAE,eAAe,CAAC;QAC7C,oBAAoB,CAAC,OAAO,EAAE,eAAe,CAAC;KAC/C,CAAA;IAED,MAAM,MAAM,GAAG,MAAM;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;IAEtC,MAAM,cAAc,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,EAAE,MAAM;QAC9E,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAA;IAEpD,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM;QACN,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,cAAc;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,QAA4B;IAOtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,IAAI;YACrB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,iCAAiC;SAC3C,CAAA;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAA;IAEhF,MAAM,OAAO,GAAyB,EAAE,CAAA;IACxC,IAAI,cAAc,GAAkB,IAAI,CAAA;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACrE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEpB,IAAI,MAAM,CAAC,eAAe,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;YACtD,cAAc,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAA;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,cAAc,GAAG,cAAc,KAAK,IAAI,CAAA;IAE9C,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,cAAc;QAC/B,eAAe,EAAE,cAAc;QAC/B,OAAO;QACP,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,iBAAiB,QAAQ,CAAC,MAAM,2CAA2C;YAC7E,CAAC,CAAC,kDAAkD,cAAc,EAAE;KACvE,CAAA;AACH,CAAC;AAED,gDAAgD;AAChD,aAAa;AACb,gDAAgD;AAEnC,QAAA,iBAAiB,GAAG;IAC/B,WAAW,EAAE,kBAAkB;IAC/B,aAAa;IACb,WAAW;IACX,eAAe,EAAE,sBAAsB;IACvC,eAAe;CAChB,CAAA;AAED,kBAAe,yBAAiB,CAAA"}
1
+ {"version":3,"file":"prooflink-verifier.js","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;AA6DH,gDAoBC;AAMD,wDAYC;AAOD,0CA+BC;AAKD,kDAwBC;AAKD,oDAmBC;AAKD,kDAkBC;AAMD,sCA2BC;AAMD,kCA4CC;AAtSD,oDAA2B;AA+C3B,gDAAgD;AAChD,0BAA0B;AAC1B,gDAAgD;AAEhD;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,OAAyC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;IAEjD,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,OAAyB;IAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IACnC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,iBAAiB,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;YAC/C,CAAC,CAAC,2BAA2B,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KACjG,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAC7B,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,IAAI,CAAA;QAC7C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,MAAM,EAAE,MAAM;gBACZ,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,wDAAwD,OAAO,CAAC,aAAa,EAAE;SACpF,CAAA;IACH,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,oDAAoD,OAAO,CAAC,cAAc,GAAG,CAAC,gBAAgB;SACvG,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,eAAe,CAAC,MAAM,CAAA;IAC/D,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,kCAAkC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YACnF,CAAC,CAAC,0BAA0B,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KAC9H,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAA;IAChF,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,iDAAiD;SAC1D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,KAAK,eAAe,CAAC,cAAc,GAAG,CAAC,CAAA;IAC5E,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,YAAY,OAAO,CAAC,cAAc,YAAY,eAAe,CAAC,cAAc,EAAE;YAChF,CAAC,CAAC,0BAA0B,eAAe,CAAC,cAAc,MAAM,OAAO,CAAC,cAAc,EAAE;KAC3F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,OAAyB,EACzB,eAAwC;IAExC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IAC5F,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IACrD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IAC9D,MAAM,MAAM,GAAG,OAAO,IAAI,QAAQ,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,0BAA0B,OAAO,CAAC,SAAS,OAAO,eAAe,CAAC,SAAS,EAAE;YAC/E,CAAC,CAAC,4BAA4B,OAAO,CAAC,SAAS,aAAa,eAAe,CAAC,SAAS,EAAE;KAC1F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU;QAC7D,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa;QAClD,QAAQ,EAAE,gBAAgB,EAAE,aAAa;KAC1C,CAAA;IAED,MAAM,CAAC,GAAG,OAAkC,CAAA;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,CAAC,CAAA;IAEjF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAA;IACnC,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,6BAA6B;YAC/B,CAAC,CAAC,4BAA4B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrD,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,OAAyB,EACzB,kBAA2C,IAAI;IAE/C,MAAM,MAAM,GAAwB;QAClC,mBAAmB,CAAC,OAAO,CAAC;QAC5B,sBAAsB,CAAC,OAAO,CAAC;QAC/B,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC;QACzC,mBAAmB,CAAC,OAAO,EAAE,eAAe,CAAC;QAC7C,oBAAoB,CAAC,OAAO,EAAE,eAAe,CAAC;KAC/C,CAAA;IAED,MAAM,MAAM,GAAG,MAAM;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;IAEtC,MAAM,cAAc,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,EAAE,MAAM;QAC9E,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAA;IAEpD,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM;QACN,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,cAAc;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,QAA4B;IAOtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,IAAI;YACrB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,iCAAiC;SAC3C,CAAA;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAA;IAEhF,MAAM,OAAO,GAAyB,EAAE,CAAA;IACxC,IAAI,cAAc,GAAkB,IAAI,CAAA;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACrE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEpB,IAAI,MAAM,CAAC,eAAe,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;YACtD,cAAc,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAA;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,cAAc,GAAG,cAAc,KAAK,IAAI,CAAA;IAE9C,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,cAAc;QAC/B,eAAe,EAAE,cAAc;QAC/B,OAAO;QACP,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,iBAAiB,QAAQ,CAAC,MAAM,2CAA2C;YAC7E,CAAC,CAAC,kDAAkD,cAAc,EAAE;KACvE,CAAA;AACH,CAAC;AAED,gDAAgD;AAChD,aAAa;AACb,gDAAgD;AAEnC,QAAA,iBAAiB,GAAG;IAC/B,WAAW,EAAE,kBAAkB;IAC/B,aAAa;IACb,WAAW;IACX,eAAe,EAAE,sBAAsB;IACvC,eAAe;CAChB,CAAA;AAED,kBAAe,yBAAiB,CAAA"}
@@ -0,0 +1,78 @@
1
+ /**
2
+ * ProofLink Receipt Standard v3.0 — conformant v3 verifier.
3
+ *
4
+ * Spec: https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md
5
+ * Live: https://verify.itechsmart.dev/api/how-to-verify
6
+ *
7
+ * ─────────────────────────────────────────────────────────────────────────
8
+ * DRIFT NOTICE
9
+ * The original exports in `prooflink-verifier.ts` (computeReceiptHash,
10
+ * verifyReceipt, verifyChain over the `ProofLinkReceipt` shape with fields
11
+ * receipt_id / sha256 / previous_hash / before_state / nist_controls …) verify
12
+ * a PRE-v3 receipt shape that the LIVE ledger no longer emits. Live v3 receipts
13
+ * use id / hash_sha256 / prev_hash / canonical_bytes / signature, are Ed25519
14
+ * signed, and hash the FULL canonicalized payload (not a fixed field list).
15
+ * This module is the Standard-v3.0-conformant verifier for live v3 receipts.
16
+ * The legacy exports are retained unchanged for historical/pre-v3 receipts.
17
+ * ─────────────────────────────────────────────────────────────────────────
18
+ *
19
+ * Zero third-party dependencies (Node 18+ built-in `crypto`).
20
+ * Reproduces the canonical live verification exactly:
21
+ * 1. hash integrity SHA256(canonical_bytes) == hash_sha256
22
+ * 2. canonical re-derive json.dumps(payload, sort_keys, separators=(",",":"),
23
+ * ensure_ascii=False) == canonical_bytes
24
+ * 3. Ed25519 signature sig over raw canonical_bytes under embedded pubkey
25
+ * 4. chain link prev_hash == previous entry's hash_sha256
26
+ */
27
+ import { KeyObject } from "node:crypto";
28
+ export declare const PUBLISHED_PUBLIC_KEY = "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97";
29
+ export interface V3Signature {
30
+ algorithm: string;
31
+ public_key: string;
32
+ value: string;
33
+ signs?: string;
34
+ }
35
+ export interface V3Receipt {
36
+ id: string;
37
+ timestamp: string;
38
+ category: string;
39
+ subject: string;
40
+ action: string;
41
+ actor: string;
42
+ outcome: string;
43
+ schema_version: string;
44
+ prev_hash: string;
45
+ chain_position: number;
46
+ canonical_bytes: string;
47
+ hash_sha256: string;
48
+ signature: V3Signature;
49
+ compliance_tags?: string[];
50
+ supersedes?: string;
51
+ learned_from?: string[];
52
+ [k: string]: unknown;
53
+ }
54
+ export interface V3Check {
55
+ name: string;
56
+ passed: boolean;
57
+ detail: string;
58
+ }
59
+ export interface V3Result {
60
+ valid: boolean;
61
+ id: string;
62
+ checks: V3Check[];
63
+ errors: string[];
64
+ }
65
+ /** Canonical JSON bytes byte-for-byte identical to Python's
66
+ * json.dumps(x, sort_keys=True, separators=(",",":"), ensure_ascii=False). */
67
+ export declare function canonicalize(value: unknown): Buffer;
68
+ export declare function importEd25519PublicKey(hex: string): KeyObject;
69
+ /** Verify one v3 receipt against Standard v3.0. Never throws on a failed check. */
70
+ export declare function verifyReceiptV3(receipt: V3Receipt, prevHash?: string): V3Result;
71
+ /** Boolean convenience wrapper. */
72
+ export declare function verifyV3(receipt: V3Receipt, prevHash?: string): boolean;
73
+ /** Verify an oldest-first chain (e.g. /api/export order) of v3 receipts. */
74
+ export declare function verifyChainV3(receipts: V3Receipt[]): {
75
+ chain_valid: boolean;
76
+ results: V3Result[];
77
+ };
78
+ //# sourceMappingURL=standard-v3.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"standard-v3.d.ts","sourceRoot":"","sources":["../src/standard-v3.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAmD,SAAS,EAAE,MAAM,aAAa,CAAC;AAEzF,eAAO,MAAM,oBAAoB,qEACmC,CAAC;AAErE,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,WAAW,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,OAAO,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,OAAO,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAID;+EAC+E;AAC/E,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEnD;AAcD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAM7D;AAED,mFAAmF;AACnF,wBAAgB,eAAe,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,CAyD/E;AAED,mCAAmC;AACnC,wBAAgB,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAEvE;AAED,4EAA4E;AAC5E,wBAAgB,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,GAAG;IAAE,WAAW,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,QAAQ,EAAE,CAAA;CAAE,CAGlG"}
@@ -0,0 +1,131 @@
1
+ "use strict";
2
+ /**
3
+ * ProofLink Receipt Standard v3.0 — conformant v3 verifier.
4
+ *
5
+ * Spec: https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md
6
+ * Live: https://verify.itechsmart.dev/api/how-to-verify
7
+ *
8
+ * ─────────────────────────────────────────────────────────────────────────
9
+ * DRIFT NOTICE
10
+ * The original exports in `prooflink-verifier.ts` (computeReceiptHash,
11
+ * verifyReceipt, verifyChain over the `ProofLinkReceipt` shape with fields
12
+ * receipt_id / sha256 / previous_hash / before_state / nist_controls …) verify
13
+ * a PRE-v3 receipt shape that the LIVE ledger no longer emits. Live v3 receipts
14
+ * use id / hash_sha256 / prev_hash / canonical_bytes / signature, are Ed25519
15
+ * signed, and hash the FULL canonicalized payload (not a fixed field list).
16
+ * This module is the Standard-v3.0-conformant verifier for live v3 receipts.
17
+ * The legacy exports are retained unchanged for historical/pre-v3 receipts.
18
+ * ─────────────────────────────────────────────────────────────────────────
19
+ *
20
+ * Zero third-party dependencies (Node 18+ built-in `crypto`).
21
+ * Reproduces the canonical live verification exactly:
22
+ * 1. hash integrity SHA256(canonical_bytes) == hash_sha256
23
+ * 2. canonical re-derive json.dumps(payload, sort_keys, separators=(",",":"),
24
+ * ensure_ascii=False) == canonical_bytes
25
+ * 3. Ed25519 signature sig over raw canonical_bytes under embedded pubkey
26
+ * 4. chain link prev_hash == previous entry's hash_sha256
27
+ */
28
+ Object.defineProperty(exports, "__esModule", { value: true });
29
+ exports.PUBLISHED_PUBLIC_KEY = void 0;
30
+ exports.canonicalize = canonicalize;
31
+ exports.importEd25519PublicKey = importEd25519PublicKey;
32
+ exports.verifyReceiptV3 = verifyReceiptV3;
33
+ exports.verifyV3 = verifyV3;
34
+ exports.verifyChainV3 = verifyChainV3;
35
+ const node_crypto_1 = require("node:crypto");
36
+ exports.PUBLISHED_PUBLIC_KEY = "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97";
37
+ const COMPUTED = ["canonical_bytes", "signature", "hash_sha256"];
38
+ /** Canonical JSON bytes byte-for-byte identical to Python's
39
+ * json.dumps(x, sort_keys=True, separators=(",",":"), ensure_ascii=False). */
40
+ function canonicalize(value) {
41
+ return Buffer.from(canon(value), "utf-8");
42
+ }
43
+ function canon(v) {
44
+ if (v === null || typeof v !== "object")
45
+ return JSON.stringify(v);
46
+ if (Array.isArray(v))
47
+ return "[" + v.map(canon).join(",") + "]";
48
+ const o = v;
49
+ const parts = [];
50
+ for (const k of Object.keys(o).sort()) {
51
+ if (o[k] === undefined)
52
+ continue;
53
+ parts.push(JSON.stringify(k) + ":" + canon(o[k]));
54
+ }
55
+ return "{" + parts.join(",") + "}";
56
+ }
57
+ const SPKI = Buffer.from("302a300506032b6570032100", "hex");
58
+ function importEd25519PublicKey(hex) {
59
+ return (0, node_crypto_1.createPublicKey)({
60
+ key: Buffer.concat([SPKI, Buffer.from(hex, "hex")]),
61
+ format: "der",
62
+ type: "spki",
63
+ });
64
+ }
65
+ /** Verify one v3 receipt against Standard v3.0. Never throws on a failed check. */
66
+ function verifyReceiptV3(receipt, prevHash) {
67
+ const checks = [];
68
+ const errors = [];
69
+ const id = receipt?.id ?? "<no-id>";
70
+ if (String(receipt?.schema_version) !== "3.0") {
71
+ errors.push(`schema_version is ${JSON.stringify(receipt?.schema_version)}; Standard v3.0 covers "3.0"`);
72
+ return { valid: false, id, checks, errors };
73
+ }
74
+ let canonBytes;
75
+ try {
76
+ canonBytes = Buffer.from(receipt.canonical_bytes, "hex");
77
+ }
78
+ catch (e) {
79
+ checks.push({ name: "hash_integrity", passed: false, detail: `canonical_bytes not hex: ${e}` });
80
+ return { valid: false, id, checks, errors };
81
+ }
82
+ // 1. hash integrity
83
+ const got = (0, node_crypto_1.createHash)("sha256").update(canonBytes).digest("hex");
84
+ const h1 = got === receipt.hash_sha256;
85
+ checks.push({ name: "hash_integrity", passed: h1,
86
+ detail: h1 ? "SHA256(canonical_bytes) == hash_sha256"
87
+ : `hash mismatch: ${got.slice(0, 16)}… vs ${String(receipt.hash_sha256).slice(0, 16)}…` });
88
+ // 2. canonical re-derivation
89
+ const payload = {};
90
+ for (const [k, v] of Object.entries(receipt))
91
+ if (!COMPUTED.includes(k))
92
+ payload[k] = v;
93
+ const rederived = canonicalize(payload);
94
+ const h2 = rederived.equals(canonBytes);
95
+ checks.push({ name: "canonical_rederivation", passed: h2,
96
+ detail: h2 ? "re-derived canonical bytes match" : "canonical re-derivation MISMATCH — signed field tampered" });
97
+ // 3. Ed25519 signature
98
+ const sig = receipt.signature;
99
+ if (!sig || !sig.public_key || !sig.value) {
100
+ checks.push({ name: "ed25519_signature", passed: false, detail: "signature missing/malformed" });
101
+ }
102
+ else {
103
+ try {
104
+ const ok = (0, node_crypto_1.verify)(null, canonBytes, importEd25519PublicKey(sig.public_key), Buffer.from(sig.value, "hex"));
105
+ checks.push({ name: "ed25519_signature", passed: ok,
106
+ detail: ok ? `Ed25519 OK (key ${sig.public_key.slice(0, 16)}…)` : "Ed25519 signature INVALID" });
107
+ }
108
+ catch (e) {
109
+ checks.push({ name: "ed25519_signature", passed: false, detail: `signature error: ${e}` });
110
+ }
111
+ }
112
+ // 4. chain link
113
+ if (prevHash !== undefined) {
114
+ const h4 = receipt.prev_hash === prevHash;
115
+ checks.push({ name: "chain_link", passed: h4,
116
+ detail: h4 ? "prev_hash links to previous entry"
117
+ : `chain BROKEN: ${String(receipt.prev_hash).slice(0, 16)}… != ${prevHash.slice(0, 16)}…` });
118
+ }
119
+ const valid = checks.every((c) => c.passed) && errors.length === 0;
120
+ return { valid, id, checks, errors };
121
+ }
122
+ /** Boolean convenience wrapper. */
123
+ function verifyV3(receipt, prevHash) {
124
+ return verifyReceiptV3(receipt, prevHash).valid;
125
+ }
126
+ /** Verify an oldest-first chain (e.g. /api/export order) of v3 receipts. */
127
+ function verifyChainV3(receipts) {
128
+ const results = receipts.map((r, i) => verifyReceiptV3(r, i > 0 ? receipts[i - 1].hash_sha256 : undefined));
129
+ return { chain_valid: results.every((r) => r.valid), results };
130
+ }
131
+ //# sourceMappingURL=standard-v3.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"standard-v3.js","sourceRoot":"","sources":["../src/standard-v3.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;AAmDH,oCAEC;AAcD,wDAMC;AAGD,0CAyDC;AAGD,4BAEC;AAGD,sCAGC;AA9ID,6CAAyF;AAE5E,QAAA,oBAAoB,GAC/B,kEAAkE,CAAC;AA0CrE,MAAM,QAAQ,GAAG,CAAC,iBAAiB,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;AAEjE;+EAC+E;AAC/E,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AACD,SAAS,KAAK,CAAC,CAAU;IACvB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChE,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,SAAS;QACjC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC;AAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAC5D,SAAgB,sBAAsB,CAAC,GAAW;IAChD,OAAO,IAAA,6BAAe,EAAC;QACrB,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QACnD,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;AACL,CAAC;AAED,mFAAmF;AACnF,SAAgB,eAAe,CAAC,OAAkB,EAAE,QAAiB;IACnE,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,OAAO,EAAE,EAAE,IAAI,SAAS,CAAC;IAEpC,IAAI,MAAM,CAAC,OAAO,EAAE,cAAc,CAAC,KAAK,KAAK,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,8BAA8B,CAAC,CAAC;QACxG,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,CAAC,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,oBAAoB;IACpB,MAAM,GAAG,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClE,MAAM,EAAE,GAAG,GAAG,KAAK,OAAO,CAAC,WAAW,CAAC;IACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE;QAC9C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,wCAAwC;YAC1C,CAAC,CAAC,kBAAkB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;IAExG,6BAA6B;IAC7B,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACxF,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,EAAE;QACtD,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,0DAA0D,EAAE,CAAC,CAAC;IAElH,uBAAuB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;IAC9B,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC,CAAC;IACnG,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAA,oBAAQ,EAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YAC7G,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,EAAE;gBACjD,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,2BAA2B,EAAE,CAAC,CAAC;QACrG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mCAAmC;gBACrC,CAAC,CAAC,iBAAiB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IACnE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED,mCAAmC;AACnC,SAAgB,QAAQ,CAAC,OAAkB,EAAE,QAAiB;IAC5D,OAAO,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC;AAClD,CAAC;AAED,4EAA4E;AAC5E,SAAgB,aAAa,CAAC,QAAqB;IACjD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5G,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC;AACjE,CAAC"}
package/package.json CHANGED
@@ -1,11 +1,12 @@
1
1
  {
2
2
  "name": "@itechsmart/prooflink-verifier",
3
- "version": "1.0.0",
4
- "description": "Open-source cryptographic verification for iTechSmart UAIO ProofLink receipts don't trust our AI, trust the math.",
3
+ "version": "2.0.0",
4
+ "description": "Verify ProofLink receipts \u2014 the Trust & Accountability Layer for Autonomous AI by iTechSmart. Full cryptographic verification (SHA-256 hash chain + Ed25519 signatures) against the live public ledger. Don't trust the AI. Trust the math.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
7
7
  "files": [
8
8
  "dist",
9
+ "bin",
9
10
  "README.md",
10
11
  "LICENSE"
11
12
  ],
@@ -16,13 +17,20 @@
16
17
  },
17
18
  "keywords": [
18
19
  "prooflink",
19
- "uaio",
20
- "itechsmart",
20
+ "ai-accountability-layer",
21
+ "ai-audit-trail",
21
22
  "cryptographic-verification",
22
- "audit",
23
+ "ed25519",
23
24
  "sha256",
24
25
  "hash-chain",
25
- "tamper-evident"
26
+ "tamper-evident",
27
+ "eu-ai-act",
28
+ "article-12",
29
+ "scitt",
30
+ "uaio",
31
+ "itechsmart",
32
+ "bitcoin-anchoring",
33
+ "opentimestamps"
26
34
  ],
27
35
  "author": "iTechSmart Inc.",
28
36
  "license": "MIT",
@@ -44,5 +52,8 @@
44
52
  "@types/node": "^20.0.0",
45
53
  "typescript": "^5.4.0",
46
54
  "vitest": "^1.6.0"
55
+ },
56
+ "bin": {
57
+ "prooflink-verify": "bin/cli.js"
47
58
  }
48
- }
59
+ }