@itechsmart/prooflink-verifier 1.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,159 +1,220 @@
1
1
  # ProofLink™ Verifier
2
2
 
3
- **Open-source cryptographic verification logic for iTechSmart UAIO receipts.**
3
+ [![CI](https://github.com/Iteksmart/prooflink-verifier/actions/workflows/ci.yml/badge.svg)](https://github.com/Iteksmart/prooflink-verifier/actions/workflows/ci.yml) [![npm](https://img.shields.io/npm/v/%40itechsmart%2Fprooflink-verifier)](https://www.npmjs.com/package/@itechsmart/prooflink-verifier)
4
4
 
5
- > Don't trust our AI. Trust the math.
5
+ [![npm](https://img.shields.io/npm/v/%40itechsmart%2Fprooflink-verifier)](https://www.npmjs.com/package/@itechsmart/prooflink-verifier)
6
+ [![license](https://img.shields.io/badge/license-MIT-blue)](./LICENSE)
7
+ [![Verify Live](https://img.shields.io/badge/verify-live-00A870)](https://verify.itechsmart.dev)
8
+ [![ledger](https://img.shields.io/badge/live_ledger-80%2C000%2B_receipts-22d3ee)](https://verify.itechsmart.dev)
6
9
 
7
- ---
10
+ > **Every other AI-accountability standard is a PDF. ProofLink is a running ledger of
11
+ > 80,000+ cryptographically-sealed AI actions you can verify right now — not a spec, a
12
+ > live chain.** → **[verify.itechsmart.dev](https://verify.itechsmart.dev)**
8
13
 
9
- ## What is this?
14
+ **Open-source, zero-dependency cryptographic verification logic for iTechSmart UAIO
15
+ receipts** — the reference implementation of the
16
+ [ProofLink Receipt Standard **v3.0**](https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md).
10
17
 
11
- When iTechSmart's UAIO platform autonomously remediates infrastructure — restarting a crashed pod, patching a misconfiguration, rolling back a bad deployment — it generates a **ProofLink receipt**: a cryptographically signed, hash-chained record of exactly what happened, when, and why.
18
+ **Independently verify what an autonomous AI actually did.**
12
19
 
13
- This repository contains the **open-source verification logic** that anyone can use to independently confirm those receipts haven't been tampered with.
20
+ ProofLink is the **Trust & Accountability Layer for Autonomous AI** by [iTechSmart Inc.](https://itechsmart.dev) Every autonomous action seals a cryptographic receipt SHA-256 hash-chained, **Ed25519-signed**, Bitcoin-anchored via OpenTimestamps — into a public ledger.
14
21
 
15
- You don't need to trust us. You can verify the math yourself.
22
+ This package is the open-source verifier. You don't need an account. You don't need a demo. You don't need to trust iTechSmart.
16
23
 
17
- ---
24
+ > **Don't trust the AI. Trust the math.**
18
25
 
19
- ## How it works
26
+ ## Not a spec — a running chain
20
27
 
21
- Each ProofLink receipt contains:
28
+ Live snapshot (2026-07-02, `/api/chain` + `/api/stats`): **79,000+ receipts**, chain
29
+ **intact (`chain_intact: true`, 0 breaks)**, **2,100+ strict cryptographically-verifiable v3
30
+ receipts** (every new action is sealed as v3), **13,700+ Bitcoin-anchored** (~17%, growing
31
+ daily).
22
32
 
23
- 1. **SHA-256 hash** computed over all fields of the receipt (deterministic, canonical JSON)
24
- 2. **Previous hash** the SHA-256 of the preceding receipt, creating a tamper-evident chain
25
- 3. **Chain position** sequential integer; gaps indicate missing receipts
26
- 4. **Timestamp** ISO 8601, must be chronologically ordered
33
+ **Honest two-era note.** The `*V3` API below strictly verifies v3 receipts
34
+ (`schema_version "3.0"`): hash recompute + canonical re-derivation + Ed25519 + chain link.
35
+ Legacy v1/v2 receipts are pointer-linked and preserved unmodified disclosed openly at
36
+ `/api/stats`. `strict_full_chain_linked: false` is the disclosed count of legacy pointer
37
+ links, **not a chain break** (`breaks: 0`). We do not claim all 79k are strict-verifiable;
38
+ 2,100+ v3 are, and the count grows with every action.
27
39
 
28
- Altering **any** receipt in the chain invalidates **every subsequent receipt** — the same principle as Bitcoin's blockchain, applied to infrastructure audit trails.
40
+ ## Built for the regulations
29
41
 
30
- ```
31
- Receipt 0 (genesis) Receipt 1 Receipt 2
32
- ┌─────────────────────┐ ┌─────────────────────┐ ┌─────────────────────┐
33
- sha256: abc123... │──────▶│ prev_hash: abc123... │─────▶│ prev_hash: def456...│
34
- prev_hash: null │ │ sha256: def456... │ │ sha256: ghi789... │
35
- chain_position: 0 │ │ chain_position: 1 │ │ chain_position: 2 │
36
- └─────────────────────┘ └─────────────────────┘ └─────────────────────┘
37
- ```
42
+ | Regulation / framework | ProofLink field / mechanism that satisfies it |
43
+ |---|---|
44
+ | **EU AI Act (Reg. 2024/1689) Article 12** — automatic tamper-evident logging for high-risk AI | Append-only hash chain; every action seals `timestamp`, `actor`, `action`, `subject`, `outcome`, `details` |
45
+ | **NIST AI RMF 1.0 MEASURE 2.7 / MANAGE 4.1** — monitoring evaluated & documented | `security` / `platform_fix` / `platform_health_check` receipts, signed & immutable; `actor` separates system/agent/operator |
46
+ | **CMMC L2 AU.L2-3.3.1 / AU.L2-3.3.8** — retain & protect audit logs | SHA-256 chain + Ed25519 make any edit/deletion/reorder detectable; Bitcoin anchoring adds external existence proof |
47
+ | **SOC 2 CC7.2 / CC7.3 / CC8.1** anomaly monitoring & change management | `signal_classified` / `security` receipts; `config_change` records `{before_hash, after_hash, diff_summary}` |
48
+ | **ISO/IEC 42001:2023 — Clause 9.1** — retain documented monitoring evidence | The receipt ledger is the retained cryptographic evidence; `compliance_tags` seal the control claim inside the signature |
49
+
50
+ ## Connect anything — every call seals a receipt
51
+
52
+ - **MCP server** — verify/search receipts from any MCP client (Claude, Cursor, Copilot,
53
+ LangGraph, CrewAI): `prooflink_verify_receipt`, `prooflink_search_receipts`,
54
+ `prooflink_verify_chain`.
55
+ - **FastAPI / REST** — `verify.itechsmart.dev` exposes `/api/export`, `/api/verify/<id>`,
56
+ `/api/chain`, `/api/stats`, `/api/anchors`, `/api/how-to-verify`.
57
+ - **SDK** — [`prooflink-sdk`](https://github.com/Iteksmart/prooflink-sdk) (Python +
58
+ TypeScript) for sealing; this repo for zero-dependency verification.
38
59
 
39
- If you alter Receipt 1's `action` field:
40
- - Its computed SHA-256 changes → `sha256` field no longer matches → **tamper detected**
41
- - Receipt 2's `prev_hash` no longer matches **chain broken**
60
+ ProofLink aligns conceptually with the IETF Internet-Draft
61
+ [`draft-sharif-agent-audit-trail-00`](https://datatracker.ietf.org/doc/html/draft-sharif-agent-audit-trail-00)
62
+ (same problem, shared SHA-256 hash-chain core) while differing deliberately on
63
+ canonicalization (`json.dumps`, not RFC 8785 JCS) and signature (Ed25519, not ECDSA P-256).
42
64
 
43
65
  ---
44
66
 
45
- ## Installation
67
+ ## Verify a real receipt in 30 seconds
46
68
 
47
69
  ```bash
48
- npm install @itechsmart/prooflink-verifier
70
+ # Full cryptographic verification of one receipt from the live public ledger:
71
+ npx @itechsmart/prooflink-verifier 450ebfeb2a1cb00d
72
+
73
+ # ✓ hash_integrity SHA256(canonical_bytes) == hash_sha256
74
+ # ✓ canonical_rederivation re-derived canonical bytes match
75
+ # ✓ ed25519_signature Ed25519 OK
76
+ # VERIFIED
77
+
78
+ # Pointer-linkage check on the newest 25 receipts in the chain:
79
+ npx @itechsmart/prooflink-verifier --chain 25
49
80
  ```
50
81
 
51
- Or clone and use directly:
82
+ Grab any receipt ID from the live ledger at **[verify.itechsmart.dev](https://verify.itechsmart.dev)** — no account, no demo, no trust required.
52
83
 
53
- ```bash
54
- git clone https://github.com/Iteksmart/prooflink-verifier
55
- cd prooflink-verifier
56
- npm install
84
+ ---
85
+
86
+ ## Conformance to ProofLink Receipt Standard v3.0
87
+
88
+ This verifier ships a **Standard v3.0-conformant** verifier for the **live v3
89
+ receipt format** ([`ProofLink-Receipt-Standard-v3.md`](https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md)). Import the `*V3` API:
90
+
91
+ ```ts
92
+ import { verifyV3, verifyReceiptV3, verifyChainV3 } from "prooflink-verifier";
93
+
94
+ const res = await fetch("https://verify.itechsmart.dev/api/verify/<id>");
95
+ const { receipt } = await res.json();
96
+ verifyV3(receipt); // boolean — all 4 Standard checks
97
+ verifyReceiptV3(receipt, prevHash) // { valid, checks[], errors[] }
57
98
  ```
58
99
 
100
+ It performs the four normative checks: (1) `SHA256(canonical_bytes) == hash_sha256`,
101
+ (2) canonical re-derivation of `canonical_bytes`, (3) Ed25519 signature over the raw
102
+ `canonical_bytes` under the embedded (published) public key, (4) `prev_hash` chain link.
103
+
104
+ ### ⚠ Schema drift — read this
105
+
106
+ The **original** exports (`computeReceiptHash`, `verifyReceipt`, `verifyChain`,
107
+ `ProofLinkVerifier`) target a **pre-v3 / legacy receipt shape**
108
+ (`receipt_id`, `sha256`, `previous_hash`, `before_state`, `after_state`,
109
+ `nist_controls`, `arbiter_policy`, …) and hash a **fixed field list** with
110
+ `JSON.stringify` and **no signature**. **Live receipts no longer match that shape.**
111
+ The live ledger emits v3 receipts (`id`, `hash_sha256`, `prev_hash`,
112
+ `canonical_bytes`, Ed25519 `signature`, full-payload canonicalization). Use the
113
+ `*V3` API above for anything fetched from `verify.itechsmart.dev` today. The legacy
114
+ exports are retained unchanged for historical/pre-v3 receipts. See the DRIFT NOTICE
115
+ at the top of `src/standard-v3.ts`.
116
+
59
117
  ---
60
118
 
61
- ## Usage
62
119
 
63
- ### Verify a single receipt
120
+ ## Why Cryptographic Proof?
64
121
 
65
- ```typescript
66
- import { verifyReceipt } from '@itechsmart/prooflink-verifier'
122
+ Modern enterprise IT generates millions of autonomous actions per day — auto-scaling, patching, remediating, classifying. Most happen with no human in the loop. The audit story today is a mess of mutable logs, ad-hoc PDFs, and dashboards no one trusts.
67
123
 
68
- const result = verifyReceipt(receipt, previousReceipt)
124
+ Regulators are catching up. **EU AI Act Article 12** (enforcement 2026-08-02) requires high-risk AI systems to maintain tamper-evident logs of every decision. NIST AI RMF and SOC 2 are tightening too.
69
125
 
70
- console.log(result.valid) // true/false
71
- console.log(result.tamper_detected) // true if hash or chain broken
72
- console.log(result.checks) // detailed check results
73
- console.log(result.errors) // list of failures
74
- ```
126
+ A cryptographic receipt chain is the cheapest way to meet those requirements *and* the only way to prove autonomous behavior to a skeptical auditor. ProofLink generates one receipt per autonomous action, SHA-256 hashed, linked to the previous receipt, and publicly verifiable at [verify.itechsmart.dev](https://verify.itechsmart.dev).
75
127
 
76
- ### Verify an entire chain
128
+ ## EU AI Act Article 12 Alignment
77
129
 
78
- ```typescript
79
- import { verifyChain } from '@itechsmart/prooflink-verifier'
130
+ Article 12 of the EU AI Act (effective 2026-08-02) requires providers of high-risk AI systems to maintain automatic, tamper-evident logs of every decision. Mutable log files, post-hoc PDFs, and ephemeral dashboards do not satisfy this requirement.
80
131
 
81
- const receipts = await fetchReceiptsFromLedger()
82
- const result = verifyChain(receipts)
132
+ ProofLink receipts satisfy Article 12 by design:
83
133
 
84
- console.log(result.chain_valid) // true if all receipts intact
85
- console.log(result.tamper_detected) // true if any tampering found
86
- console.log(result.tamper_position) // which position was altered
87
- console.log(result.summary) // human-readable summary
88
- ```
134
+ | Article 12 requirement | ProofLink mechanism |
135
+ |---|---|
136
+ | Automatic logging at runtime | Receipt generated synchronously on every autonomous action |
137
+ | Tamper-evident records | SHA-256 hash chain — altering any receipt invalidates every subsequent one |
138
+ | Identification of the system | `executor` field carries the model/agent identifier |
139
+ | Chronological ordering | `chain_position` integer + ISO 8601 `timestamp`, both verified during chain checks |
140
+ | Retention | Hash chain stored append-only; OpenTimestamps anchor optionally pins to Bitcoin |
89
141
 
90
- ### Compute a hash yourself
142
+ ## NIST 800-53 Control Mapping
91
143
 
92
- ```typescript
93
- import { computeReceiptHash } from '@itechsmart/prooflink-verifier'
144
+ Each receipt asserts compliance with the following NIST 800-53 controls. The mapping is recorded inside the receipts `nist_controls` field so it travels with the proof:
94
145
 
95
- const { sha256, ...receiptWithoutHash } = receipt
96
- const computed = computeReceiptHash(receiptWithoutHash)
146
+ | Control | Title | How ProofLink supports |
147
+ |---|---|---|
148
+ | **AU-2** | Event Logging | Every autonomous action generates an event record |
149
+ | **AU-10** | Non-Repudiation | Hash chain + executor identity prevent denial |
150
+ | **SI-7** | Software, Firmware, and Information Integrity | Tamper-evident chain on the action trail |
151
+ | **SA-11** | Developer Testing and Evaluation | `test_result` field captured per receipt |
97
152
 
98
- console.log(computed === receipt.sha256) // true if untampered
153
+ ## What gets verified (schema v3 the live ledger format)
154
+
155
+ Every v3 receipt is sealed like this on the platform side:
156
+
157
+ ```
158
+ payload = all receipt fields EXCEPT (canonical_bytes, signature, hash_sha256)
159
+ — including prev_hash and chain_position, so the chain link
160
+ itself is covered by the hash AND the signature
161
+ canonical_bytes = canonical JSON of payload (sorted keys, compact, UTF-8), hex-encoded
162
+ hash_sha256 = SHA-256(canonical_bytes)
163
+ signature = Ed25519 over the raw canonical bytes (32-byte public key, hex)
99
164
  ```
100
165
 
166
+ The verifier independently re-checks all three:
167
+
168
+ | Check | What it proves |
169
+ |---|---|
170
+ | `hash_integrity` | The recorded hash really is the SHA-256 of the signed bytes |
171
+ | `payload_consistency` | The fields you're reading are exactly what was hashed and signed — nothing displayed differs from the sealed record |
172
+ | `signature_valid` | The Ed25519 signature verifies against the canonical bytes |
173
+
174
+ Chain-level checks (`--chain`, `verifyPublicChain`): every receipt's `previous_hash` must equal the prior receipt's `sha256`, positions must be sequential, timestamps ordered. Altering any historic receipt breaks every receipt after it — the same principle as Bitcoin's blockchain, applied to AI accountability.
175
+
176
+ Beyond this library: receipts are also anchored to the **Bitcoin blockchain via OpenTimestamps**, are **SCITT-compatible** (IETF architecture), and carry **W3C Verifiable Credential** envelopes plus clause-level **EU AI Act Article 12(1)/(2)/(4)** and NIST AI RMF mappings. See the [public verification spec](https://verify.itechsmart.dev/api/how-to-verify).
177
+
101
178
  ---
102
179
 
103
- ## The canonical hash function
180
+ ## Installation & library usage
104
181
 
105
- The hash is computed over a deterministic JSON serialization of all fields **except** `sha256` itself:
182
+ ```bash
183
+ npm install @itechsmart/prooflink-verifier
184
+ ```
106
185
 
107
186
  ```typescript
108
- export function computeReceiptHash(receipt: Omit<ProofLinkReceipt, 'sha256'>): string {
109
- const canonical = JSON.stringify({
110
- receipt_id: receipt.receipt_id,
111
- version: receipt.version,
112
- timestamp: receipt.timestamp,
113
- container: receipt.container,
114
- executor: receipt.executor,
115
- trigger: receipt.trigger,
116
- action: receipt.action,
117
- action_parameters: receipt.action_parameters,
118
- before_state: receipt.before_state,
119
- after_state: receipt.after_state,
120
- nist_controls: receipt.nist_controls,
121
- human_input: receipt.human_input,
122
- arbiter_policy: receipt.arbiter_policy,
123
- previous_hash: receipt.previous_hash,
124
- chain_position: receipt.chain_position,
125
- }, null, 0)
126
-
127
- return crypto.createHash('sha256').update(canonical, 'utf8').digest('hex')
128
- }
187
+ import {
188
+ fetchAndVerifyReceipt, // full crypto against the live ledger
189
+ fetchAndVerifyChain, // pointer-linkage check on the newest N receipts
190
+ verifyReceiptV3, // verify a v3 receipt object you already have
191
+ verifyPublicChain, // verify a list from /api/receipts
192
+ verify, verifyAnyChain, // schema-aware: auto-detects v3 vs legacy receipts
193
+ } from '@itechsmart/prooflink-verifier'
194
+
195
+ const result = await fetchAndVerifyReceipt('450ebfeb2a1cb00d')
196
+ console.log(result.valid) // true
197
+ console.log(result.checks) // hash_integrity, payload_consistency, signature_valid
198
+
199
+ const chain = await fetchAndVerifyChain(50)
200
+ console.log(chain.chain_valid) // true
201
+ console.log(chain.ledger_total) // 80,000+ and counting
129
202
  ```
130
203
 
131
- The field ordering is fixed and documented. You can reimplement this in any language and verify receipts independently.
132
-
133
- ---
204
+ Public API endpoints (no auth):
134
205
 
135
- ## Verification checks
206
+ - `GET https://verify.itechsmart.dev/api/receipt/<id>` — full receipt incl. `canonical_bytes` + `signature`
207
+ - `GET https://verify.itechsmart.dev/api/receipts?limit=N` — newest receipts (summary)
208
+ - `GET https://verify.itechsmart.dev/api/stats` — live totals + chain integrity
209
+ - `GET https://verify.itechsmart.dev/api/how-to-verify` — the full verification spec
136
210
 
137
- For each receipt, the verifier runs 5 checks:
138
-
139
- | Check | What it verifies |
140
- |-------|-----------------|
141
- | `schema_valid` | All required fields present |
142
- | `receipt_integrity` | Stored SHA-256 matches recomputed hash |
143
- | `chain_link` | `previous_hash` matches prior receipt's `sha256` |
144
- | `chain_position` | Position is sequential (no gaps) |
145
- | `timestamp_order` | Timestamps are chronologically ordered |
211
+ **For AI agents:** the same verification is exposed over MCP at [mcp.itechsmart.dev](https://mcp.itechsmart.dev) — Claude, GPT, Copilot and Cursor can verify receipts directly (17 tools).
146
212
 
147
213
  ---
148
214
 
149
- ## Live receipts
150
-
151
- Verify real receipts from iTechSmart's production ledger:
215
+ ## Legacy schema (v1)
152
216
 
153
- ```
154
- https://verify.itechsmart.dev
155
- https://api.itechsmart.dev/api/v1/prooflink/receipts
156
- ```
217
+ Earlier receipts used a fixed-field schema (`container`, `executor`, `trigger`, …). The original verification functions (`verifyReceipt`, `verifyChain`, `computeReceiptHash`) still support it, and `verify()` / `verifyAnyChain()` auto-detect which schema you're holding.
157
218
 
158
219
  ---
159
220
 
@@ -174,23 +235,29 @@ This verifier is intentionally minimal. The goal is auditable simplicity — not
174
235
  PRs welcome for:
175
236
  - Additional language implementations (Python, Go, Rust)
176
237
  - OpenTimestamps proof verification
177
- - CLI tool
178
238
  - Test vectors
179
239
 
180
240
  ---
181
241
 
182
- ## License
242
+ ## Why this exists
243
+
244
+ Regulators (EU AI Act Article 12, enforcement August 2, 2026), auditors, and customers increasingly ask one question about autonomous AI: **"Prove it."**
183
245
 
184
- MIT use freely, audit openly, verify everything.
246
+ Audit logs can be edited. Dashboards can be wrong. Vendor attestations require trust. A hash-chained, signed, Bitcoin-anchored receipt that *anyone* can verify with open-source code requires none of those things.
185
247
 
186
248
  ---
187
249
 
188
250
  ## About iTechSmart
189
251
 
190
- iTechSmart builds UAIO (Unified Autonomous IT Operations) — the first enterprise platform that autonomously detects, remediates, and cryptographically proves every infrastructure action.
252
+ iTechSmart Inc. builds UAIO (Unified Autonomous IT Operations) — the first enterprise platform that autonomously detects, remediates, and cryptographically proves every infrastructure action — and operates ProofLink, the Trust & Accountability Layer for Autonomous AI.
191
253
 
192
- - Website: [itechsmart.dev](https://itechsmart.dev)
254
+ - Product: [prooflink.itechsmart.dev](https://prooflink.itechsmart.dev)
193
255
  - Verify receipts: [verify.itechsmart.dev](https://verify.itechsmart.dev)
256
+ - Website: [itechsmart.dev](https://itechsmart.dev)
194
257
  - Whitepaper: [whitepaper.itechsmart.dev](https://whitepaper.itechsmart.dev)
195
258
 
196
- SDVOSB · CAGE: 172W2 · NVIDIA Inception · NIST CSF 96/100
259
+ SDVOSB · CAGE: 172W2 · UEI: ZCPFX4N86G36 · NVIDIA Inception
260
+
261
+ ## License
262
+
263
+ MIT © iTechSmart Inc. — use freely, audit openly, verify everything. ProofLink™ is a registered federal trademark of iTechSmart Inc.
package/bin/cli.js ADDED
@@ -0,0 +1,54 @@
1
+ #!/usr/bin/env node
2
+ /* ProofLink verifier CLI — verify receipts on the live public ledger.
3
+ *
4
+ * npx @itechsmart/prooflink-verifier <receipt_id> full crypto verify of one receipt
5
+ * npx @itechsmart/prooflink-verifier --chain [N] pointer-linkage check on newest N (default 25)
6
+ */
7
+ const { fetchAndVerifyReceipt, fetchAndVerifyChain } = require('../dist/index.js');
8
+
9
+ const GREEN = '\x1b[32m', RED = '\x1b[31m', DIM = '\x1b[2m', BOLD = '\x1b[1m', RESET = '\x1b[0m';
10
+
11
+ async function main() {
12
+ const args = process.argv.slice(2);
13
+ if (!args.length || args[0] === '--help' || args[0] === '-h') {
14
+ console.log(`${BOLD}ProofLink Verifier${RESET} — don't trust the AI, trust the math.
15
+
16
+ Usage:
17
+ prooflink-verify <receipt_id> Fully verify one receipt (hash + payload + Ed25519)
18
+ prooflink-verify --chain [N] Verify pointer linkage of the newest N receipts (default 25)
19
+
20
+ Ledger: https://verify.itechsmart.dev (no account required)`);
21
+ process.exit(0);
22
+ }
23
+
24
+ if (args[0] === '--chain') {
25
+ const n = parseInt(args[1], 10) || 25;
26
+ const r = await fetchAndVerifyChain(n);
27
+ console.log(`${BOLD}ProofLink public chain check${RESET} ${DIM}(newest ${r.receipts_verified} of ${r.ledger_total.toLocaleString()} receipts)${RESET}`);
28
+ console.log(r.chain_valid
29
+ ? `${GREEN}✓ ${r.summary}${RESET}`
30
+ : `${RED}✗ ${r.summary}${RESET}`);
31
+ if (r.errors.length) r.errors.slice(0, 5).forEach(e => console.log(` ${RED}- ${e}${RESET}`));
32
+ console.log(`${DIM}Ledger-reported chain_intact: ${r.ledger_chain_intact}${RESET}`);
33
+ process.exit(r.chain_valid ? 0 : 1);
34
+ }
35
+
36
+ const id = args[0];
37
+ const r = await fetchAndVerifyReceipt(id);
38
+ if (!r.found) {
39
+ console.log(`${RED}✗ Receipt ${id} not found on the public ledger${RESET}`);
40
+ process.exit(2);
41
+ }
42
+ console.log(`${BOLD}ProofLink receipt ${id}${RESET}`);
43
+ for (const c of r.checks) {
44
+ console.log(` ${c.passed ? GREEN + '✓' : RED + '✗'} ${c.name}${RESET} ${DIM}${c.detail}${RESET}`);
45
+ }
46
+ console.log(r.valid
47
+ ? `${GREEN}${BOLD}VERIFIED${RESET} — hash intact, payload consistent, Ed25519 signature valid.`
48
+ : r.tamper_detected
49
+ ? `${RED}${BOLD}TAMPER DETECTED${RESET}`
50
+ : `${RED}${BOLD}NOT FULLY VERIFIED${RESET} ${DIM}(see checks above)${RESET}`);
51
+ process.exit(r.valid ? 0 : 1);
52
+ }
53
+
54
+ main().catch(e => { console.error(`${RED}Error: ${e.message}${RESET}`); process.exit(3); });
package/dist/index.d.ts CHANGED
@@ -1,2 +1,6 @@
1
1
  export * from './prooflink-verifier';
2
+ export { verifyReceiptV3, verifyV3, verifyChainV3, canonicalize as canonicalizeV3, importEd25519PublicKey, PUBLISHED_PUBLIC_KEY, } from './standard-v3';
3
+ export type { V3Receipt, V3Signature, V3Check, V3Result } from './standard-v3';
4
+ export { fetchAndVerifyReceipt, fetchAndVerifyChain, verifyPublicChain, DEFAULT_LEDGER, } from './live';
5
+ export type { PublicChainReceipt, PublicChainResult } from './live';
2
6
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,sBAAsB,CAAC;AAIrC,OAAO,EACL,eAAe,EACf,QAAQ,EACR,aAAa,EACb,YAAY,IAAI,cAAc,EAC9B,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAI/E,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,GACf,MAAM,QAAQ,CAAC;AAChB,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC"}
package/dist/index.js CHANGED
@@ -14,5 +14,25 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
14
  for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
+ exports.DEFAULT_LEDGER = exports.verifyPublicChain = exports.fetchAndVerifyChain = exports.fetchAndVerifyReceipt = exports.PUBLISHED_PUBLIC_KEY = exports.importEd25519PublicKey = exports.canonicalizeV3 = exports.verifyChainV3 = exports.verifyV3 = exports.verifyReceiptV3 = void 0;
18
+ // Legacy pre-v3 verifier (verifies the historical ProofLinkReceipt shape:
19
+ // receipt_id / sha256 / previous_hash / before_state / nist_controls …).
20
+ // See the DRIFT NOTICE in ./standard-v3 — the LIVE ledger emits v3 receipts.
17
21
  __exportStar(require("./prooflink-verifier"), exports);
22
+ // ProofLink Receipt Standard v3.0 — conformant verifier for LIVE v3 receipts.
23
+ // Spec: https://verify.itechsmart.dev/api/how-to-verify
24
+ var standard_v3_1 = require("./standard-v3");
25
+ Object.defineProperty(exports, "verifyReceiptV3", { enumerable: true, get: function () { return standard_v3_1.verifyReceiptV3; } });
26
+ Object.defineProperty(exports, "verifyV3", { enumerable: true, get: function () { return standard_v3_1.verifyV3; } });
27
+ Object.defineProperty(exports, "verifyChainV3", { enumerable: true, get: function () { return standard_v3_1.verifyChainV3; } });
28
+ Object.defineProperty(exports, "canonicalizeV3", { enumerable: true, get: function () { return standard_v3_1.canonicalize; } });
29
+ Object.defineProperty(exports, "importEd25519PublicKey", { enumerable: true, get: function () { return standard_v3_1.importEd25519PublicKey; } });
30
+ Object.defineProperty(exports, "PUBLISHED_PUBLIC_KEY", { enumerable: true, get: function () { return standard_v3_1.PUBLISHED_PUBLIC_KEY; } });
31
+ // Live-ledger helpers: fetch + verify against verify.itechsmart.dev, and
32
+ // pointer-linkage verification for the public summary list (/api/receipts).
33
+ var live_1 = require("./live");
34
+ Object.defineProperty(exports, "fetchAndVerifyReceipt", { enumerable: true, get: function () { return live_1.fetchAndVerifyReceipt; } });
35
+ Object.defineProperty(exports, "fetchAndVerifyChain", { enumerable: true, get: function () { return live_1.fetchAndVerifyChain; } });
36
+ Object.defineProperty(exports, "verifyPublicChain", { enumerable: true, get: function () { return live_1.verifyPublicChain; } });
37
+ Object.defineProperty(exports, "DEFAULT_LEDGER", { enumerable: true, get: function () { return live_1.DEFAULT_LEDGER; } });
18
38
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAqC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,uDAAqC;AAErC,8EAA8E;AAC9E,wDAAwD;AACxD,6CAOuB;AANrB,8GAAA,eAAe,OAAA;AACf,uGAAA,QAAQ,OAAA;AACR,4GAAA,aAAa,OAAA;AACb,6GAAA,YAAY,OAAkB;AAC9B,qHAAA,sBAAsB,OAAA;AACtB,mHAAA,oBAAoB,OAAA;AAItB,yEAAyE;AACzE,4EAA4E;AAC5E,+BAKgB;AAJd,6GAAA,qBAAqB,OAAA;AACrB,2GAAA,mBAAmB,OAAA;AACnB,yGAAA,iBAAiB,OAAA;AACjB,sGAAA,cAAc,OAAA"}
package/dist/live.d.ts ADDED
@@ -0,0 +1,40 @@
1
+ /**
2
+ * Live-ledger helpers: fetch receipts from verify.itechsmart.dev and verify
3
+ * them with the Standard v3.0 verifier (see ./standard-v3), plus a
4
+ * pointer-linkage check for the public summary list (/api/receipts).
5
+ */
6
+ import { type V3Result } from './standard-v3';
7
+ export declare const DEFAULT_LEDGER = "https://verify.itechsmart.dev";
8
+ export interface PublicChainReceipt {
9
+ receipt_id: string;
10
+ chain_position: number;
11
+ previous_hash: string;
12
+ sha256: string;
13
+ timestamp: string;
14
+ [key: string]: unknown;
15
+ }
16
+ export interface PublicChainResult {
17
+ chain_valid: boolean;
18
+ tamper_detected: boolean;
19
+ receipts_verified: number;
20
+ tamper_position: number | null;
21
+ summary: string;
22
+ errors: string[];
23
+ }
24
+ /**
25
+ * Pointer-linkage verification for the public summary list (/api/receipts):
26
+ * previous_hash links, monotonic chain positions, timestamp order.
27
+ * Full crypto per receipt requires the detail endpoint (see fetchAndVerifyReceipt).
28
+ */
29
+ export declare function verifyPublicChain(receipts: PublicChainReceipt[]): PublicChainResult;
30
+ /** Fetch a receipt by id from the public ledger and fully verify it (Standard v3.0). */
31
+ export declare function fetchAndVerifyReceipt(receiptId: string, base?: string): Promise<V3Result & {
32
+ receipt_id: string;
33
+ found: boolean;
34
+ }>;
35
+ /** Fetch the newest N receipts from the public ledger and verify pointer linkage. */
36
+ export declare function fetchAndVerifyChain(limit?: number, base?: string): Promise<PublicChainResult & {
37
+ ledger_total: number;
38
+ ledger_chain_intact: boolean;
39
+ }>;
40
+ //# sourceMappingURL=live.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"live.d.ts","sourceRoot":"","sources":["../src/live.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAmC,KAAK,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/E,eAAO,MAAM,cAAc,kCAAkC,CAAC;AAE9D,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,EAAE,GAAG,iBAAiB,CA+BnF;AAED,wFAAwF;AACxF,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,MAAuB,GAC5B,OAAO,CAAC,QAAQ,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAU5D;AAED,qFAAqF;AACrF,wBAAsB,mBAAmB,CACvC,KAAK,SAAK,EACV,IAAI,GAAE,MAAuB,GAC5B,OAAO,CAAC,iBAAiB,GAAG;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,mBAAmB,EAAE,OAAO,CAAA;CAAE,CAAC,CAIrF"}
package/dist/live.js ADDED
@@ -0,0 +1,69 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.DEFAULT_LEDGER = void 0;
4
+ exports.verifyPublicChain = verifyPublicChain;
5
+ exports.fetchAndVerifyReceipt = fetchAndVerifyReceipt;
6
+ exports.fetchAndVerifyChain = fetchAndVerifyChain;
7
+ /**
8
+ * Live-ledger helpers: fetch receipts from verify.itechsmart.dev and verify
9
+ * them with the Standard v3.0 verifier (see ./standard-v3), plus a
10
+ * pointer-linkage check for the public summary list (/api/receipts).
11
+ */
12
+ const standard_v3_1 = require("./standard-v3");
13
+ exports.DEFAULT_LEDGER = 'https://verify.itechsmart.dev';
14
+ /**
15
+ * Pointer-linkage verification for the public summary list (/api/receipts):
16
+ * previous_hash links, monotonic chain positions, timestamp order.
17
+ * Full crypto per receipt requires the detail endpoint (see fetchAndVerifyReceipt).
18
+ */
19
+ function verifyPublicChain(receipts) {
20
+ const errors = [];
21
+ let tamperPosition = null;
22
+ const sorted = [...receipts].sort((a, b) => a.chain_position - b.chain_position);
23
+ for (let i = 1; i < sorted.length; i++) {
24
+ const prev = sorted[i - 1];
25
+ const cur = sorted[i];
26
+ if (cur.chain_position !== prev.chain_position + 1) {
27
+ errors.push(`Gap between positions ${prev.chain_position} and ${cur.chain_position}`);
28
+ tamperPosition = tamperPosition ?? cur.chain_position;
29
+ continue;
30
+ }
31
+ if (cur.previous_hash !== prev.sha256) {
32
+ errors.push(`Broken link at position ${cur.chain_position}: previous_hash does not match prior sha256`);
33
+ tamperPosition = tamperPosition ?? cur.chain_position;
34
+ }
35
+ if (new Date(cur.timestamp).getTime() < new Date(prev.timestamp).getTime()) {
36
+ errors.push(`Timestamp regression at position ${cur.chain_position}`);
37
+ }
38
+ }
39
+ const ok = errors.length === 0;
40
+ return {
41
+ chain_valid: ok,
42
+ tamper_detected: !ok,
43
+ receipts_verified: sorted.length,
44
+ tamper_position: tamperPosition,
45
+ summary: ok
46
+ ? `Chain VALID — ${sorted.length} receipts, pointer linkage intact`
47
+ : `Chain INVALID — ${errors.length} problem(s), first at position ${tamperPosition}`,
48
+ errors,
49
+ };
50
+ }
51
+ /** Fetch a receipt by id from the public ledger and fully verify it (Standard v3.0). */
52
+ async function fetchAndVerifyReceipt(receiptId, base = exports.DEFAULT_LEDGER) {
53
+ const res = await fetch(`${base}/api/receipt/${encodeURIComponent(receiptId)}`);
54
+ if (!res.ok) {
55
+ return { receipt_id: receiptId, found: false, valid: false, id: receiptId, checks: [], errors: [`HTTP ${res.status} from ledger`] };
56
+ }
57
+ const body = (await res.json());
58
+ if (!body.found || !body.receipt) {
59
+ return { receipt_id: receiptId, found: false, valid: false, id: receiptId, checks: [], errors: ['Receipt not found'] };
60
+ }
61
+ return { receipt_id: receiptId, found: true, ...(0, standard_v3_1.verifyReceiptV3)(body.receipt) };
62
+ }
63
+ /** Fetch the newest N receipts from the public ledger and verify pointer linkage. */
64
+ async function fetchAndVerifyChain(limit = 25, base = exports.DEFAULT_LEDGER) {
65
+ const res = await fetch(`${base}/api/receipts?limit=${limit}`);
66
+ const body = (await res.json());
67
+ return { ...verifyPublicChain(body.receipts || []), ledger_total: body.total, ledger_chain_intact: body.chain_intact };
68
+ }
69
+ //# sourceMappingURL=live.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"live.js","sourceRoot":"","sources":["../src/live.ts"],"names":[],"mappings":";;;AAgCA,8CA+BC;AAGD,sDAaC;AAGD,kDAOC;AAzFD;;;;GAIG;AACH,+CAA+E;AAElE,QAAA,cAAc,GAAG,+BAA+B,CAAC;AAoB9D;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,QAA8B;IAC9D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAC;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAI,CAAC,cAAc,QAAQ,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;YACtF,cAAc,GAAG,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC;YACtD,SAAS;QACX,CAAC;QACD,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,2BAA2B,GAAG,CAAC,cAAc,6CAA6C,CAAC,CAAC;YACxG,cAAc,GAAG,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC,oCAAoC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/B,OAAO;QACL,WAAW,EAAE,EAAE;QACf,eAAe,EAAE,CAAC,EAAE;QACpB,iBAAiB,EAAE,MAAM,CAAC,MAAM;QAChC,eAAe,EAAE,cAAc;QAC/B,OAAO,EAAE,EAAE;YACT,CAAC,CAAC,iBAAiB,MAAM,CAAC,MAAM,mCAAmC;YACnE,CAAC,CAAC,mBAAmB,MAAM,CAAC,MAAM,kCAAkC,cAAc,EAAE;QACtF,MAAM;KACP,CAAC;AACJ,CAAC;AAED,wFAAwF;AACjF,KAAK,UAAU,qBAAqB,CACzC,SAAiB,EACjB,OAAe,sBAAc;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,gBAAgB,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,GAAG,CAAC,MAAM,cAAc,CAAC,EAAE,CAAC;IACtI,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6C,CAAC;IAC5E,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;IACzH,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;AAClF,CAAC;AAED,qFAAqF;AAC9E,KAAK,UAAU,mBAAmB,CACvC,KAAK,GAAG,EAAE,EACV,OAAe,sBAAc;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uBAAuB,KAAK,EAAE,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6E,CAAC;IAC5G,OAAO,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,mBAAmB,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;AACzH,CAAC"}
@@ -47,6 +47,9 @@ export interface VerificationCheck {
47
47
  * Compute the expected SHA-256 hash for a receipt.
48
48
  * The hash covers all fields EXCEPT the sha256 field itself.
49
49
  * This is the canonical hash function — open for inspection.
50
+ *
51
+ * @param receipt Receipt object without the sha256 field
52
+ * @returns Hexadecimal string of the computed SHA-256 hash
50
53
  */
51
54
  export declare function computeReceiptHash(receipt: Omit<ProofLinkReceipt, 'sha256'>): string;
52
55
  /**
@@ -1 +1 @@
1
- {"version":3,"file":"prooflink-verifier.d.ts","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC1C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,WAAW,CAAA;IACxB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,QAAQ,CAAA;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,CAAA;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,iBAAiB,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;IACxB,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG,MAAM,CAoBpF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAYnF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CA4BnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAqBnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAgBnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,iBAAiB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,gBAAgB,EACzB,eAAe,GAAE,gBAAgB,GAAG,IAAW,GAC9C,kBAAkB,CAwBpB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,GAAG;IACzD,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,OAAO,EAAE,kBAAkB,EAAE,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAsCA;AAMD,eAAO,MAAM,iBAAiB;;;;;;CAM7B,CAAA;AAED,eAAe,iBAAiB,CAAA"}
1
+ {"version":3,"file":"prooflink-verifier.d.ts","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC1C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,WAAW,CAAA;IACxB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,QAAQ,CAAA;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,CAAA;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,iBAAiB,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;IACxB,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAMD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG,MAAM,CAoBpF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAYnF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CA4BnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAqBnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAgBnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,iBAAiB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,gBAAgB,EACzB,eAAe,GAAE,gBAAgB,GAAG,IAAW,GAC9C,kBAAkB,CAwBpB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,GAAG;IACzD,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,OAAO,EAAE,kBAAkB,EAAE,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAsCA;AAMD,eAAO,MAAM,iBAAiB;;;;;;CAM7B,CAAA;AAED,eAAe,iBAAiB,CAAA"}
@@ -28,6 +28,9 @@ const crypto_1 = __importDefault(require("crypto"));
28
28
  * Compute the expected SHA-256 hash for a receipt.
29
29
  * The hash covers all fields EXCEPT the sha256 field itself.
30
30
  * This is the canonical hash function — open for inspection.
31
+ *
32
+ * @param receipt Receipt object without the sha256 field
33
+ * @returns Hexadecimal string of the computed SHA-256 hash
31
34
  */
32
35
  function computeReceiptHash(receipt) {
33
36
  const canonical = JSON.stringify({
@@ -1 +1 @@
1
- {"version":3,"file":"prooflink-verifier.js","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;AA0DH,gDAoBC;AAMD,wDAYC;AAOD,0CA+BC;AAKD,kDAwBC;AAKD,oDAmBC;AAKD,kDAkBC;AAMD,sCA2BC;AAMD,kCA4CC;AAnSD,oDAA2B;AA+C3B,gDAAgD;AAChD,0BAA0B;AAC1B,gDAAgD;AAEhD;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,OAAyC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;IAEjD,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,OAAyB;IAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IACnC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,iBAAiB,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;YAC/C,CAAC,CAAC,2BAA2B,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KACjG,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAC7B,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,IAAI,CAAA;QAC7C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,MAAM,EAAE,MAAM;gBACZ,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,wDAAwD,OAAO,CAAC,aAAa,EAAE;SACpF,CAAA;IACH,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,oDAAoD,OAAO,CAAC,cAAc,GAAG,CAAC,gBAAgB;SACvG,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,eAAe,CAAC,MAAM,CAAA;IAC/D,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,kCAAkC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YACnF,CAAC,CAAC,0BAA0B,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KAC9H,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAA;IAChF,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,iDAAiD;SAC1D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,KAAK,eAAe,CAAC,cAAc,GAAG,CAAC,CAAA;IAC5E,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,YAAY,OAAO,CAAC,cAAc,YAAY,eAAe,CAAC,cAAc,EAAE;YAChF,CAAC,CAAC,0BAA0B,eAAe,CAAC,cAAc,MAAM,OAAO,CAAC,cAAc,EAAE;KAC3F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,OAAyB,EACzB,eAAwC;IAExC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IAC5F,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IACrD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IAC9D,MAAM,MAAM,GAAG,OAAO,IAAI,QAAQ,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,0BAA0B,OAAO,CAAC,SAAS,OAAO,eAAe,CAAC,SAAS,EAAE;YAC/E,CAAC,CAAC,4BAA4B,OAAO,CAAC,SAAS,aAAa,eAAe,CAAC,SAAS,EAAE;KAC1F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU;QAC7D,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa;QAClD,QAAQ,EAAE,gBAAgB,EAAE,aAAa;KAC1C,CAAA;IAED,MAAM,CAAC,GAAG,OAAkC,CAAA;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,CAAC,CAAA;IAEjF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAA;IACnC,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,6BAA6B;YAC/B,CAAC,CAAC,4BAA4B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrD,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,OAAyB,EACzB,kBAA2C,IAAI;IAE/C,MAAM,MAAM,GAAwB;QAClC,mBAAmB,CAAC,OAAO,CAAC;QAC5B,sBAAsB,CAAC,OAAO,CAAC;QAC/B,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC;QACzC,mBAAmB,CAAC,OAAO,EAAE,eAAe,CAAC;QAC7C,oBAAoB,CAAC,OAAO,EAAE,eAAe,CAAC;KAC/C,CAAA;IAED,MAAM,MAAM,GAAG,MAAM;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;IAEtC,MAAM,cAAc,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,EAAE,MAAM;QAC9E,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAA;IAEpD,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM;QACN,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,cAAc;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,QAA4B;IAOtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,IAAI;YACrB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,iCAAiC;SAC3C,CAAA;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAA;IAEhF,MAAM,OAAO,GAAyB,EAAE,CAAA;IACxC,IAAI,cAAc,GAAkB,IAAI,CAAA;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACrE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEpB,IAAI,MAAM,CAAC,eAAe,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;YACtD,cAAc,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAA;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,cAAc,GAAG,cAAc,KAAK,IAAI,CAAA;IAE9C,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,cAAc;QAC/B,eAAe,EAAE,cAAc;QAC/B,OAAO;QACP,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,iBAAiB,QAAQ,CAAC,MAAM,2CAA2C;YAC7E,CAAC,CAAC,kDAAkD,cAAc,EAAE;KACvE,CAAA;AACH,CAAC;AAED,gDAAgD;AAChD,aAAa;AACb,gDAAgD;AAEnC,QAAA,iBAAiB,GAAG;IAC/B,WAAW,EAAE,kBAAkB;IAC/B,aAAa;IACb,WAAW;IACX,eAAe,EAAE,sBAAsB;IACvC,eAAe;CAChB,CAAA;AAED,kBAAe,yBAAiB,CAAA"}
1
+ {"version":3,"file":"prooflink-verifier.js","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;AA6DH,gDAoBC;AAMD,wDAYC;AAOD,0CA+BC;AAKD,kDAwBC;AAKD,oDAmBC;AAKD,kDAkBC;AAMD,sCA2BC;AAMD,kCA4CC;AAtSD,oDAA2B;AA+C3B,gDAAgD;AAChD,0BAA0B;AAC1B,gDAAgD;AAEhD;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,OAAyC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;IAEjD,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,OAAyB;IAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IACnC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,iBAAiB,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;YAC/C,CAAC,CAAC,2BAA2B,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KACjG,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAC7B,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,IAAI,CAAA;QAC7C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,MAAM,EAAE,MAAM;gBACZ,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,wDAAwD,OAAO,CAAC,aAAa,EAAE;SACpF,CAAA;IACH,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,oDAAoD,OAAO,CAAC,cAAc,GAAG,CAAC,gBAAgB;SACvG,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,eAAe,CAAC,MAAM,CAAA;IAC/D,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,kCAAkC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YACnF,CAAC,CAAC,0BAA0B,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KAC9H,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAA;IAChF,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,iDAAiD;SAC1D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,KAAK,eAAe,CAAC,cAAc,GAAG,CAAC,CAAA;IAC5E,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,YAAY,OAAO,CAAC,cAAc,YAAY,eAAe,CAAC,cAAc,EAAE;YAChF,CAAC,CAAC,0BAA0B,eAAe,CAAC,cAAc,MAAM,OAAO,CAAC,cAAc,EAAE;KAC3F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,OAAyB,EACzB,eAAwC;IAExC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IAC5F,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IACrD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IAC9D,MAAM,MAAM,GAAG,OAAO,IAAI,QAAQ,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,0BAA0B,OAAO,CAAC,SAAS,OAAO,eAAe,CAAC,SAAS,EAAE;YAC/E,CAAC,CAAC,4BAA4B,OAAO,CAAC,SAAS,aAAa,eAAe,CAAC,SAAS,EAAE;KAC1F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU;QAC7D,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa;QAClD,QAAQ,EAAE,gBAAgB,EAAE,aAAa;KAC1C,CAAA;IAED,MAAM,CAAC,GAAG,OAAkC,CAAA;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,CAAC,CAAA;IAEjF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAA;IACnC,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,6BAA6B;YAC/B,CAAC,CAAC,4BAA4B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrD,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,OAAyB,EACzB,kBAA2C,IAAI;IAE/C,MAAM,MAAM,GAAwB;QAClC,mBAAmB,CAAC,OAAO,CAAC;QAC5B,sBAAsB,CAAC,OAAO,CAAC;QAC/B,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC;QACzC,mBAAmB,CAAC,OAAO,EAAE,eAAe,CAAC;QAC7C,oBAAoB,CAAC,OAAO,EAAE,eAAe,CAAC;KAC/C,CAAA;IAED,MAAM,MAAM,GAAG,MAAM;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;IAEtC,MAAM,cAAc,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,EAAE,MAAM;QAC9E,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAA;IAEpD,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM;QACN,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,cAAc;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,QAA4B;IAOtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,IAAI;YACrB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,iCAAiC;SAC3C,CAAA;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAA;IAEhF,MAAM,OAAO,GAAyB,EAAE,CAAA;IACxC,IAAI,cAAc,GAAkB,IAAI,CAAA;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACrE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEpB,IAAI,MAAM,CAAC,eAAe,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;YACtD,cAAc,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAA;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,cAAc,GAAG,cAAc,KAAK,IAAI,CAAA;IAE9C,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,cAAc;QAC/B,eAAe,EAAE,cAAc;QAC/B,OAAO;QACP,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,iBAAiB,QAAQ,CAAC,MAAM,2CAA2C;YAC7E,CAAC,CAAC,kDAAkD,cAAc,EAAE;KACvE,CAAA;AACH,CAAC;AAED,gDAAgD;AAChD,aAAa;AACb,gDAAgD;AAEnC,QAAA,iBAAiB,GAAG;IAC/B,WAAW,EAAE,kBAAkB;IAC/B,aAAa;IACb,WAAW;IACX,eAAe,EAAE,sBAAsB;IACvC,eAAe;CAChB,CAAA;AAED,kBAAe,yBAAiB,CAAA"}
@@ -0,0 +1,78 @@
1
+ /**
2
+ * ProofLink Receipt Standard v3.0 — conformant v3 verifier.
3
+ *
4
+ * Spec: https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md
5
+ * Live: https://verify.itechsmart.dev/api/how-to-verify
6
+ *
7
+ * ─────────────────────────────────────────────────────────────────────────
8
+ * DRIFT NOTICE
9
+ * The original exports in `prooflink-verifier.ts` (computeReceiptHash,
10
+ * verifyReceipt, verifyChain over the `ProofLinkReceipt` shape with fields
11
+ * receipt_id / sha256 / previous_hash / before_state / nist_controls …) verify
12
+ * a PRE-v3 receipt shape that the LIVE ledger no longer emits. Live v3 receipts
13
+ * use id / hash_sha256 / prev_hash / canonical_bytes / signature, are Ed25519
14
+ * signed, and hash the FULL canonicalized payload (not a fixed field list).
15
+ * This module is the Standard-v3.0-conformant verifier for live v3 receipts.
16
+ * The legacy exports are retained unchanged for historical/pre-v3 receipts.
17
+ * ─────────────────────────────────────────────────────────────────────────
18
+ *
19
+ * Zero third-party dependencies (Node 18+ built-in `crypto`).
20
+ * Reproduces the canonical live verification exactly:
21
+ * 1. hash integrity SHA256(canonical_bytes) == hash_sha256
22
+ * 2. canonical re-derive json.dumps(payload, sort_keys, separators=(",",":"),
23
+ * ensure_ascii=False) == canonical_bytes
24
+ * 3. Ed25519 signature sig over raw canonical_bytes under embedded pubkey
25
+ * 4. chain link prev_hash == previous entry's hash_sha256
26
+ */
27
+ import { KeyObject } from "node:crypto";
28
+ export declare const PUBLISHED_PUBLIC_KEY = "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97";
29
+ export interface V3Signature {
30
+ algorithm: string;
31
+ public_key: string;
32
+ value: string;
33
+ signs?: string;
34
+ }
35
+ export interface V3Receipt {
36
+ id: string;
37
+ timestamp: string;
38
+ category: string;
39
+ subject: string;
40
+ action: string;
41
+ actor: string;
42
+ outcome: string;
43
+ schema_version: string;
44
+ prev_hash: string;
45
+ chain_position: number;
46
+ canonical_bytes: string;
47
+ hash_sha256: string;
48
+ signature: V3Signature;
49
+ compliance_tags?: string[];
50
+ supersedes?: string;
51
+ learned_from?: string[];
52
+ [k: string]: unknown;
53
+ }
54
+ export interface V3Check {
55
+ name: string;
56
+ passed: boolean;
57
+ detail: string;
58
+ }
59
+ export interface V3Result {
60
+ valid: boolean;
61
+ id: string;
62
+ checks: V3Check[];
63
+ errors: string[];
64
+ }
65
+ /** Canonical JSON bytes byte-for-byte identical to Python's
66
+ * json.dumps(x, sort_keys=True, separators=(",",":"), ensure_ascii=False). */
67
+ export declare function canonicalize(value: unknown): Buffer;
68
+ export declare function importEd25519PublicKey(hex: string): KeyObject;
69
+ /** Verify one v3 receipt against Standard v3.0. Never throws on a failed check. */
70
+ export declare function verifyReceiptV3(receipt: V3Receipt, prevHash?: string): V3Result;
71
+ /** Boolean convenience wrapper. */
72
+ export declare function verifyV3(receipt: V3Receipt, prevHash?: string): boolean;
73
+ /** Verify an oldest-first chain (e.g. /api/export order) of v3 receipts. */
74
+ export declare function verifyChainV3(receipts: V3Receipt[]): {
75
+ chain_valid: boolean;
76
+ results: V3Result[];
77
+ };
78
+ //# sourceMappingURL=standard-v3.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"standard-v3.d.ts","sourceRoot":"","sources":["../src/standard-v3.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAmD,SAAS,EAAE,MAAM,aAAa,CAAC;AAEzF,eAAO,MAAM,oBAAoB,qEACmC,CAAC;AAErE,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,WAAW,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,OAAO,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,OAAO,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAID;+EAC+E;AAC/E,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEnD;AAcD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAM7D;AAED,mFAAmF;AACnF,wBAAgB,eAAe,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,CA8E/E;AAED,mCAAmC;AACnC,wBAAgB,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAEvE;AAED,4EAA4E;AAC5E,wBAAgB,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,GAAG;IAAE,WAAW,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,QAAQ,EAAE,CAAA;CAAE,CAGlG"}
@@ -0,0 +1,154 @@
1
+ "use strict";
2
+ /**
3
+ * ProofLink Receipt Standard v3.0 — conformant v3 verifier.
4
+ *
5
+ * Spec: https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md
6
+ * Live: https://verify.itechsmart.dev/api/how-to-verify
7
+ *
8
+ * ─────────────────────────────────────────────────────────────────────────
9
+ * DRIFT NOTICE
10
+ * The original exports in `prooflink-verifier.ts` (computeReceiptHash,
11
+ * verifyReceipt, verifyChain over the `ProofLinkReceipt` shape with fields
12
+ * receipt_id / sha256 / previous_hash / before_state / nist_controls …) verify
13
+ * a PRE-v3 receipt shape that the LIVE ledger no longer emits. Live v3 receipts
14
+ * use id / hash_sha256 / prev_hash / canonical_bytes / signature, are Ed25519
15
+ * signed, and hash the FULL canonicalized payload (not a fixed field list).
16
+ * This module is the Standard-v3.0-conformant verifier for live v3 receipts.
17
+ * The legacy exports are retained unchanged for historical/pre-v3 receipts.
18
+ * ─────────────────────────────────────────────────────────────────────────
19
+ *
20
+ * Zero third-party dependencies (Node 18+ built-in `crypto`).
21
+ * Reproduces the canonical live verification exactly:
22
+ * 1. hash integrity SHA256(canonical_bytes) == hash_sha256
23
+ * 2. canonical re-derive json.dumps(payload, sort_keys, separators=(",",":"),
24
+ * ensure_ascii=False) == canonical_bytes
25
+ * 3. Ed25519 signature sig over raw canonical_bytes under embedded pubkey
26
+ * 4. chain link prev_hash == previous entry's hash_sha256
27
+ */
28
+ Object.defineProperty(exports, "__esModule", { value: true });
29
+ exports.PUBLISHED_PUBLIC_KEY = void 0;
30
+ exports.canonicalize = canonicalize;
31
+ exports.importEd25519PublicKey = importEd25519PublicKey;
32
+ exports.verifyReceiptV3 = verifyReceiptV3;
33
+ exports.verifyV3 = verifyV3;
34
+ exports.verifyChainV3 = verifyChainV3;
35
+ const node_crypto_1 = require("node:crypto");
36
+ exports.PUBLISHED_PUBLIC_KEY = "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97";
37
+ const COMPUTED = ["canonical_bytes", "signature", "hash_sha256"];
38
+ /** Canonical JSON bytes byte-for-byte identical to Python's
39
+ * json.dumps(x, sort_keys=True, separators=(",",":"), ensure_ascii=False). */
40
+ function canonicalize(value) {
41
+ return Buffer.from(canon(value), "utf-8");
42
+ }
43
+ function canon(v) {
44
+ if (v === null || typeof v !== "object")
45
+ return JSON.stringify(v);
46
+ if (Array.isArray(v))
47
+ return "[" + v.map(canon).join(",") + "]";
48
+ const o = v;
49
+ const parts = [];
50
+ for (const k of Object.keys(o).sort()) {
51
+ if (o[k] === undefined)
52
+ continue;
53
+ parts.push(JSON.stringify(k) + ":" + canon(o[k]));
54
+ }
55
+ return "{" + parts.join(",") + "}";
56
+ }
57
+ const SPKI = Buffer.from("302a300506032b6570032100", "hex");
58
+ function importEd25519PublicKey(hex) {
59
+ return (0, node_crypto_1.createPublicKey)({
60
+ key: Buffer.concat([SPKI, Buffer.from(hex, "hex")]),
61
+ format: "der",
62
+ type: "spki",
63
+ });
64
+ }
65
+ /** Verify one v3 receipt against Standard v3.0. Never throws on a failed check. */
66
+ function verifyReceiptV3(receipt, prevHash) {
67
+ const checks = [];
68
+ const errors = [];
69
+ const id = receipt?.id ?? "<no-id>";
70
+ const schema = String(receipt?.schema_version);
71
+ const v3 = schema === "3.0";
72
+ // v2.0 receipts sealed with the same crypto (canonical_bytes + Ed25519 over
73
+ // them) are signature-verifiable; only hash recompute + canonical re-derivation
74
+ // are v3-normative (a v2 hash_sha256 is a pre-chain ledger-internal link).
75
+ const v2crypto = schema === "2.0" && !!receipt.canonical_bytes && !!receipt.signature;
76
+ if (!v3 && !v2crypto) {
77
+ errors.push(`schema_version is ${JSON.stringify(receipt?.schema_version)}; covers "3.0" (and crypto-bearing "2.0")`);
78
+ return { valid: false, id, checks, errors };
79
+ }
80
+ let canonBytes;
81
+ try {
82
+ canonBytes = Buffer.from(receipt.canonical_bytes, "hex");
83
+ }
84
+ catch (e) {
85
+ checks.push({ name: "hash_integrity", passed: false, detail: `canonical_bytes not hex: ${e}` });
86
+ return { valid: false, id, checks, errors };
87
+ }
88
+ if (v3) {
89
+ // 1. hash integrity
90
+ const got = (0, node_crypto_1.createHash)("sha256").update(canonBytes).digest("hex");
91
+ const h1 = got === receipt.hash_sha256;
92
+ checks.push({ name: "hash_integrity", passed: h1,
93
+ detail: h1 ? "SHA256(canonical_bytes) == hash_sha256"
94
+ : `hash mismatch: ${got.slice(0, 16)}… vs ${String(receipt.hash_sha256).slice(0, 16)}…` });
95
+ // 2. canonical re-derivation
96
+ const payload = {};
97
+ for (const [k, v] of Object.entries(receipt))
98
+ if (!COMPUTED.includes(k))
99
+ payload[k] = v;
100
+ const rederived = canonicalize(payload);
101
+ const h2 = rederived.equals(canonBytes);
102
+ checks.push({ name: "canonical_rederivation", passed: h2,
103
+ detail: h2 ? "re-derived canonical bytes match" : "canonical re-derivation MISMATCH — signed field tampered" });
104
+ }
105
+ else {
106
+ // v2: bind via signed-payload consistency (hash/canonical not recomputable).
107
+ try {
108
+ const signed = JSON.parse(canonBytes.toString("utf-8"));
109
+ const core = ["category", "actor", "subject", "action", "outcome", "timestamp"];
110
+ const mism = core.filter((k) => k in signed && receipt[k] !== undefined
111
+ && signed[k] !== receipt[k]);
112
+ checks.push({ name: "payload_consistency", passed: mism.length === 0,
113
+ detail: mism.length === 0 ? "displayed core fields match the signed canonical payload"
114
+ : `signed-payload mismatch on: ${mism.join(", ")}` });
115
+ }
116
+ catch (e) {
117
+ checks.push({ name: "payload_consistency", passed: false, detail: `canonical_bytes not JSON: ${e}` });
118
+ }
119
+ }
120
+ // 3. Ed25519 signature
121
+ const sig = receipt.signature;
122
+ if (!sig || !sig.public_key || !sig.value) {
123
+ checks.push({ name: "ed25519_signature", passed: false, detail: "signature missing/malformed" });
124
+ }
125
+ else {
126
+ try {
127
+ const ok = (0, node_crypto_1.verify)(null, canonBytes, importEd25519PublicKey(sig.public_key), Buffer.from(sig.value, "hex"));
128
+ checks.push({ name: "ed25519_signature", passed: ok,
129
+ detail: ok ? `Ed25519 OK (key ${sig.public_key.slice(0, 16)}…)` : "Ed25519 signature INVALID" });
130
+ }
131
+ catch (e) {
132
+ checks.push({ name: "ed25519_signature", passed: false, detail: `signature error: ${e}` });
133
+ }
134
+ }
135
+ // 4. chain link
136
+ if (prevHash !== undefined) {
137
+ const h4 = receipt.prev_hash === prevHash;
138
+ checks.push({ name: "chain_link", passed: h4,
139
+ detail: h4 ? "prev_hash links to previous entry"
140
+ : `chain BROKEN: ${String(receipt.prev_hash).slice(0, 16)}… != ${prevHash.slice(0, 16)}…` });
141
+ }
142
+ const valid = checks.every((c) => c.passed) && errors.length === 0;
143
+ return { valid, id, checks, errors };
144
+ }
145
+ /** Boolean convenience wrapper. */
146
+ function verifyV3(receipt, prevHash) {
147
+ return verifyReceiptV3(receipt, prevHash).valid;
148
+ }
149
+ /** Verify an oldest-first chain (e.g. /api/export order) of v3 receipts. */
150
+ function verifyChainV3(receipts) {
151
+ const results = receipts.map((r, i) => verifyReceiptV3(r, i > 0 ? receipts[i - 1].hash_sha256 : undefined));
152
+ return { chain_valid: results.every((r) => r.valid), results };
153
+ }
154
+ //# sourceMappingURL=standard-v3.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"standard-v3.js","sourceRoot":"","sources":["../src/standard-v3.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;AAmDH,oCAEC;AAcD,wDAMC;AAGD,0CA8EC;AAGD,4BAEC;AAGD,sCAGC;AAnKD,6CAAyF;AAE5E,QAAA,oBAAoB,GAC/B,kEAAkE,CAAC;AA0CrE,MAAM,QAAQ,GAAG,CAAC,iBAAiB,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;AAEjE;+EAC+E;AAC/E,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AACD,SAAS,KAAK,CAAC,CAAU;IACvB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChE,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,SAAS;QACjC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC;AAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAC5D,SAAgB,sBAAsB,CAAC,GAAW;IAChD,OAAO,IAAA,6BAAe,EAAC;QACrB,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QACnD,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;AACL,CAAC;AAED,mFAAmF;AACnF,SAAgB,eAAe,CAAC,OAAkB,EAAE,QAAiB;IACnE,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,OAAO,EAAE,EAAE,IAAI,SAAS,CAAC;IAEpC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAC/C,MAAM,EAAE,GAAG,MAAM,KAAK,KAAK,CAAC;IAC5B,4EAA4E;IAC5E,gFAAgF;IAChF,2EAA2E;IAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACtF,IAAI,CAAC,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,2CAA2C,CAAC,CAAC;QACrH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,CAAC,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,EAAE,EAAE,CAAC;QACP,oBAAoB;QACpB,MAAM,GAAG,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,EAAE,GAAG,GAAG,KAAK,OAAO,CAAC,WAAW,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE;YAC9C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,wCAAwC;gBAC1C,CAAC,CAAC,kBAAkB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;QAExG,6BAA6B;QAC7B,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACxF,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,EAAE;YACtD,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,0DAA0D,EAAE,CAAC,CAAC;IACpH,CAAC;SAAM,CAAC;QACN,6EAA6E;QAC7E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAA4B,CAAC;YACnF,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YAChF,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,MAAM,IAAK,OAAmC,CAAC,CAAC,CAAC,KAAK,SAAS;mBACjE,MAAM,CAAC,CAAC,CAAC,KAAM,OAAmC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1F,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC;gBAClE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,0DAA0D;oBAC5D,CAAC,CAAC,+BAA+B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACpF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,CAAC,EAAE,EAAE,CAAC,CAAC;QACxG,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;IAC9B,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC,CAAC;IACnG,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAA,oBAAQ,EAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YAC7G,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,EAAE;gBACjD,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,2BAA2B,EAAE,CAAC,CAAC;QACrG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mCAAmC;gBACrC,CAAC,CAAC,iBAAiB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IACnE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED,mCAAmC;AACnC,SAAgB,QAAQ,CAAC,OAAkB,EAAE,QAAiB;IAC5D,OAAO,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC;AAClD,CAAC;AAED,4EAA4E;AAC5E,SAAgB,aAAa,CAAC,QAAqB;IACjD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5G,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC;AACjE,CAAC"}
package/package.json CHANGED
@@ -1,11 +1,12 @@
1
1
  {
2
2
  "name": "@itechsmart/prooflink-verifier",
3
- "version": "1.0.0",
4
- "description": "Open-source cryptographic verification for iTechSmart UAIO ProofLink receipts don't trust our AI, trust the math.",
3
+ "version": "2.1.0",
4
+ "description": "Verify ProofLink receipts \u2014 the Trust & Accountability Layer for Autonomous AI by iTechSmart. Full cryptographic verification (SHA-256 hash chain + Ed25519 signatures) against the live public ledger. Don't trust the AI. Trust the math.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
7
7
  "files": [
8
8
  "dist",
9
+ "bin",
9
10
  "README.md",
10
11
  "LICENSE"
11
12
  ],
@@ -16,13 +17,20 @@
16
17
  },
17
18
  "keywords": [
18
19
  "prooflink",
19
- "uaio",
20
- "itechsmart",
20
+ "ai-accountability-layer",
21
+ "ai-audit-trail",
21
22
  "cryptographic-verification",
22
- "audit",
23
+ "ed25519",
23
24
  "sha256",
24
25
  "hash-chain",
25
- "tamper-evident"
26
+ "tamper-evident",
27
+ "eu-ai-act",
28
+ "article-12",
29
+ "scitt",
30
+ "uaio",
31
+ "itechsmart",
32
+ "bitcoin-anchoring",
33
+ "opentimestamps"
26
34
  ],
27
35
  "author": "iTechSmart Inc.",
28
36
  "license": "MIT",
@@ -44,5 +52,8 @@
44
52
  "@types/node": "^20.0.0",
45
53
  "typescript": "^5.4.0",
46
54
  "vitest": "^1.6.0"
55
+ },
56
+ "bin": {
57
+ "prooflink-verify": "bin/cli.js"
47
58
  }
48
- }
59
+ }