@itechsmart/prooflink-verifier 1.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +175 -108
- package/bin/cli.js +54 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +20 -0
- package/dist/index.js.map +1 -1
- package/dist/live.d.ts +40 -0
- package/dist/live.d.ts.map +1 -0
- package/dist/live.js +69 -0
- package/dist/live.js.map +1 -0
- package/dist/prooflink-verifier.d.ts +3 -0
- package/dist/prooflink-verifier.d.ts.map +1 -1
- package/dist/prooflink-verifier.js +3 -0
- package/dist/prooflink-verifier.js.map +1 -1
- package/dist/standard-v3.d.ts +78 -0
- package/dist/standard-v3.d.ts.map +1 -0
- package/dist/standard-v3.js +154 -0
- package/dist/standard-v3.js.map +1 -0
- package/package.json +18 -7
package/README.md
CHANGED
|
@@ -1,159 +1,220 @@
|
|
|
1
1
|
# ProofLink™ Verifier
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[](https://github.com/Iteksmart/prooflink-verifier/actions/workflows/ci.yml) [](https://www.npmjs.com/package/@itechsmart/prooflink-verifier)
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
[](https://www.npmjs.com/package/@itechsmart/prooflink-verifier)
|
|
6
|
+
[](./LICENSE)
|
|
7
|
+
[](https://verify.itechsmart.dev)
|
|
8
|
+
[](https://verify.itechsmart.dev)
|
|
6
9
|
|
|
7
|
-
|
|
10
|
+
> **Every other AI-accountability standard is a PDF. ProofLink is a running ledger of
|
|
11
|
+
> 80,000+ cryptographically-sealed AI actions you can verify right now — not a spec, a
|
|
12
|
+
> live chain.** → **[verify.itechsmart.dev](https://verify.itechsmart.dev)**
|
|
8
13
|
|
|
9
|
-
|
|
14
|
+
**Open-source, zero-dependency cryptographic verification logic for iTechSmart UAIO
|
|
15
|
+
receipts** — the reference implementation of the
|
|
16
|
+
[ProofLink Receipt Standard **v3.0**](https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md).
|
|
10
17
|
|
|
11
|
-
|
|
18
|
+
**Independently verify what an autonomous AI actually did.**
|
|
12
19
|
|
|
13
|
-
|
|
20
|
+
ProofLink is the **Trust & Accountability Layer for Autonomous AI** by [iTechSmart Inc.](https://itechsmart.dev) Every autonomous action seals a cryptographic receipt — SHA-256 hash-chained, **Ed25519-signed**, Bitcoin-anchored via OpenTimestamps — into a public ledger.
|
|
14
21
|
|
|
15
|
-
You don't need
|
|
22
|
+
This package is the open-source verifier. You don't need an account. You don't need a demo. You don't need to trust iTechSmart.
|
|
16
23
|
|
|
17
|
-
|
|
24
|
+
> **Don't trust the AI. Trust the math.**
|
|
18
25
|
|
|
19
|
-
##
|
|
26
|
+
## Not a spec — a running chain
|
|
20
27
|
|
|
21
|
-
|
|
28
|
+
Live snapshot (2026-07-02, `/api/chain` + `/api/stats`): **79,000+ receipts**, chain
|
|
29
|
+
**intact (`chain_intact: true`, 0 breaks)**, **2,100+ strict cryptographically-verifiable v3
|
|
30
|
+
receipts** (every new action is sealed as v3), **13,700+ Bitcoin-anchored** (~17%, growing
|
|
31
|
+
daily).
|
|
22
32
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
33
|
+
**Honest two-era note.** The `*V3` API below strictly verifies v3 receipts
|
|
34
|
+
(`schema_version "3.0"`): hash recompute + canonical re-derivation + Ed25519 + chain link.
|
|
35
|
+
Legacy v1/v2 receipts are pointer-linked and preserved unmodified — disclosed openly at
|
|
36
|
+
`/api/stats`. `strict_full_chain_linked: false` is the disclosed count of legacy pointer
|
|
37
|
+
links, **not a chain break** (`breaks: 0`). We do not claim all 79k are strict-verifiable;
|
|
38
|
+
2,100+ v3 are, and the count grows with every action.
|
|
27
39
|
|
|
28
|
-
|
|
40
|
+
## Built for the regulations
|
|
29
41
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
42
|
+
| Regulation / framework | ProofLink field / mechanism that satisfies it |
|
|
43
|
+
|---|---|
|
|
44
|
+
| **EU AI Act (Reg. 2024/1689) Article 12** — automatic tamper-evident logging for high-risk AI | Append-only hash chain; every action seals `timestamp`, `actor`, `action`, `subject`, `outcome`, `details` |
|
|
45
|
+
| **NIST AI RMF 1.0 — MEASURE 2.7 / MANAGE 4.1** — monitoring evaluated & documented | `security` / `platform_fix` / `platform_health_check` receipts, signed & immutable; `actor` separates system/agent/operator |
|
|
46
|
+
| **CMMC L2 — AU.L2-3.3.1 / AU.L2-3.3.8** — retain & protect audit logs | SHA-256 chain + Ed25519 make any edit/deletion/reorder detectable; Bitcoin anchoring adds external existence proof |
|
|
47
|
+
| **SOC 2 — CC7.2 / CC7.3 / CC8.1** — anomaly monitoring & change management | `signal_classified` / `security` receipts; `config_change` records `{before_hash, after_hash, diff_summary}` |
|
|
48
|
+
| **ISO/IEC 42001:2023 — Clause 9.1** — retain documented monitoring evidence | The receipt ledger is the retained cryptographic evidence; `compliance_tags` seal the control claim inside the signature |
|
|
49
|
+
|
|
50
|
+
## Connect anything — every call seals a receipt
|
|
51
|
+
|
|
52
|
+
- **MCP server** — verify/search receipts from any MCP client (Claude, Cursor, Copilot,
|
|
53
|
+
LangGraph, CrewAI): `prooflink_verify_receipt`, `prooflink_search_receipts`,
|
|
54
|
+
`prooflink_verify_chain`.
|
|
55
|
+
- **FastAPI / REST** — `verify.itechsmart.dev` exposes `/api/export`, `/api/verify/<id>`,
|
|
56
|
+
`/api/chain`, `/api/stats`, `/api/anchors`, `/api/how-to-verify`.
|
|
57
|
+
- **SDK** — [`prooflink-sdk`](https://github.com/Iteksmart/prooflink-sdk) (Python +
|
|
58
|
+
TypeScript) for sealing; this repo for zero-dependency verification.
|
|
38
59
|
|
|
39
|
-
|
|
40
|
-
-
|
|
41
|
-
|
|
60
|
+
ProofLink aligns conceptually with the IETF Internet-Draft
|
|
61
|
+
[`draft-sharif-agent-audit-trail-00`](https://datatracker.ietf.org/doc/html/draft-sharif-agent-audit-trail-00)
|
|
62
|
+
(same problem, shared SHA-256 hash-chain core) while differing deliberately on
|
|
63
|
+
canonicalization (`json.dumps`, not RFC 8785 JCS) and signature (Ed25519, not ECDSA P-256).
|
|
42
64
|
|
|
43
65
|
---
|
|
44
66
|
|
|
45
|
-
##
|
|
67
|
+
## Verify a real receipt in 30 seconds
|
|
46
68
|
|
|
47
69
|
```bash
|
|
48
|
-
|
|
70
|
+
# Full cryptographic verification of one receipt from the live public ledger:
|
|
71
|
+
npx @itechsmart/prooflink-verifier 450ebfeb2a1cb00d
|
|
72
|
+
|
|
73
|
+
# ✓ hash_integrity SHA256(canonical_bytes) == hash_sha256
|
|
74
|
+
# ✓ canonical_rederivation re-derived canonical bytes match
|
|
75
|
+
# ✓ ed25519_signature Ed25519 OK
|
|
76
|
+
# VERIFIED
|
|
77
|
+
|
|
78
|
+
# Pointer-linkage check on the newest 25 receipts in the chain:
|
|
79
|
+
npx @itechsmart/prooflink-verifier --chain 25
|
|
49
80
|
```
|
|
50
81
|
|
|
51
|
-
|
|
82
|
+
Grab any receipt ID from the live ledger at **[verify.itechsmart.dev](https://verify.itechsmart.dev)** — no account, no demo, no trust required.
|
|
52
83
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
84
|
+
---
|
|
85
|
+
|
|
86
|
+
## Conformance to ProofLink Receipt Standard v3.0
|
|
87
|
+
|
|
88
|
+
This verifier ships a **Standard v3.0-conformant** verifier for the **live v3
|
|
89
|
+
receipt format** ([`ProofLink-Receipt-Standard-v3.md`](https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md)). Import the `*V3` API:
|
|
90
|
+
|
|
91
|
+
```ts
|
|
92
|
+
import { verifyV3, verifyReceiptV3, verifyChainV3 } from "prooflink-verifier";
|
|
93
|
+
|
|
94
|
+
const res = await fetch("https://verify.itechsmart.dev/api/verify/<id>");
|
|
95
|
+
const { receipt } = await res.json();
|
|
96
|
+
verifyV3(receipt); // boolean — all 4 Standard checks
|
|
97
|
+
verifyReceiptV3(receipt, prevHash) // { valid, checks[], errors[] }
|
|
57
98
|
```
|
|
58
99
|
|
|
100
|
+
It performs the four normative checks: (1) `SHA256(canonical_bytes) == hash_sha256`,
|
|
101
|
+
(2) canonical re-derivation of `canonical_bytes`, (3) Ed25519 signature over the raw
|
|
102
|
+
`canonical_bytes` under the embedded (published) public key, (4) `prev_hash` chain link.
|
|
103
|
+
|
|
104
|
+
### ⚠ Schema drift — read this
|
|
105
|
+
|
|
106
|
+
The **original** exports (`computeReceiptHash`, `verifyReceipt`, `verifyChain`,
|
|
107
|
+
`ProofLinkVerifier`) target a **pre-v3 / legacy receipt shape**
|
|
108
|
+
(`receipt_id`, `sha256`, `previous_hash`, `before_state`, `after_state`,
|
|
109
|
+
`nist_controls`, `arbiter_policy`, …) and hash a **fixed field list** with
|
|
110
|
+
`JSON.stringify` and **no signature**. **Live receipts no longer match that shape.**
|
|
111
|
+
The live ledger emits v3 receipts (`id`, `hash_sha256`, `prev_hash`,
|
|
112
|
+
`canonical_bytes`, Ed25519 `signature`, full-payload canonicalization). Use the
|
|
113
|
+
`*V3` API above for anything fetched from `verify.itechsmart.dev` today. The legacy
|
|
114
|
+
exports are retained unchanged for historical/pre-v3 receipts. See the DRIFT NOTICE
|
|
115
|
+
at the top of `src/standard-v3.ts`.
|
|
116
|
+
|
|
59
117
|
---
|
|
60
118
|
|
|
61
|
-
## Usage
|
|
62
119
|
|
|
63
|
-
|
|
120
|
+
## Why Cryptographic Proof?
|
|
64
121
|
|
|
65
|
-
|
|
66
|
-
import { verifyReceipt } from '@itechsmart/prooflink-verifier'
|
|
122
|
+
Modern enterprise IT generates millions of autonomous actions per day — auto-scaling, patching, remediating, classifying. Most happen with no human in the loop. The audit story today is a mess of mutable logs, ad-hoc PDFs, and dashboards no one trusts.
|
|
67
123
|
|
|
68
|
-
|
|
124
|
+
Regulators are catching up. **EU AI Act Article 12** (enforcement 2026-08-02) requires high-risk AI systems to maintain tamper-evident logs of every decision. NIST AI RMF and SOC 2 are tightening too.
|
|
69
125
|
|
|
70
|
-
|
|
71
|
-
console.log(result.tamper_detected) // true if hash or chain broken
|
|
72
|
-
console.log(result.checks) // detailed check results
|
|
73
|
-
console.log(result.errors) // list of failures
|
|
74
|
-
```
|
|
126
|
+
A cryptographic receipt chain is the cheapest way to meet those requirements *and* the only way to prove autonomous behavior to a skeptical auditor. ProofLink generates one receipt per autonomous action, SHA-256 hashed, linked to the previous receipt, and publicly verifiable at [verify.itechsmart.dev](https://verify.itechsmart.dev).
|
|
75
127
|
|
|
76
|
-
|
|
128
|
+
## EU AI Act Article 12 Alignment
|
|
77
129
|
|
|
78
|
-
|
|
79
|
-
import { verifyChain } from '@itechsmart/prooflink-verifier'
|
|
130
|
+
Article 12 of the EU AI Act (effective 2026-08-02) requires providers of high-risk AI systems to maintain automatic, tamper-evident logs of every decision. Mutable log files, post-hoc PDFs, and ephemeral dashboards do not satisfy this requirement.
|
|
80
131
|
|
|
81
|
-
|
|
82
|
-
const result = verifyChain(receipts)
|
|
132
|
+
ProofLink receipts satisfy Article 12 by design:
|
|
83
133
|
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
134
|
+
| Article 12 requirement | ProofLink mechanism |
|
|
135
|
+
|---|---|
|
|
136
|
+
| Automatic logging at runtime | Receipt generated synchronously on every autonomous action |
|
|
137
|
+
| Tamper-evident records | SHA-256 hash chain — altering any receipt invalidates every subsequent one |
|
|
138
|
+
| Identification of the system | `executor` field carries the model/agent identifier |
|
|
139
|
+
| Chronological ordering | `chain_position` integer + ISO 8601 `timestamp`, both verified during chain checks |
|
|
140
|
+
| Retention | Hash chain stored append-only; OpenTimestamps anchor optionally pins to Bitcoin |
|
|
89
141
|
|
|
90
|
-
|
|
142
|
+
## NIST 800-53 Control Mapping
|
|
91
143
|
|
|
92
|
-
|
|
93
|
-
import { computeReceiptHash } from '@itechsmart/prooflink-verifier'
|
|
144
|
+
Each receipt asserts compliance with the following NIST 800-53 controls. The mapping is recorded inside the receipts `nist_controls` field so it travels with the proof:
|
|
94
145
|
|
|
95
|
-
|
|
96
|
-
|
|
146
|
+
| Control | Title | How ProofLink supports |
|
|
147
|
+
|---|---|---|
|
|
148
|
+
| **AU-2** | Event Logging | Every autonomous action generates an event record |
|
|
149
|
+
| **AU-10** | Non-Repudiation | Hash chain + executor identity prevent denial |
|
|
150
|
+
| **SI-7** | Software, Firmware, and Information Integrity | Tamper-evident chain on the action trail |
|
|
151
|
+
| **SA-11** | Developer Testing and Evaluation | `test_result` field captured per receipt |
|
|
97
152
|
|
|
98
|
-
|
|
153
|
+
## What gets verified (schema v3 — the live ledger format)
|
|
154
|
+
|
|
155
|
+
Every v3 receipt is sealed like this on the platform side:
|
|
156
|
+
|
|
157
|
+
```
|
|
158
|
+
payload = all receipt fields EXCEPT (canonical_bytes, signature, hash_sha256)
|
|
159
|
+
— including prev_hash and chain_position, so the chain link
|
|
160
|
+
itself is covered by the hash AND the signature
|
|
161
|
+
canonical_bytes = canonical JSON of payload (sorted keys, compact, UTF-8), hex-encoded
|
|
162
|
+
hash_sha256 = SHA-256(canonical_bytes)
|
|
163
|
+
signature = Ed25519 over the raw canonical bytes (32-byte public key, hex)
|
|
99
164
|
```
|
|
100
165
|
|
|
166
|
+
The verifier independently re-checks all three:
|
|
167
|
+
|
|
168
|
+
| Check | What it proves |
|
|
169
|
+
|---|---|
|
|
170
|
+
| `hash_integrity` | The recorded hash really is the SHA-256 of the signed bytes |
|
|
171
|
+
| `payload_consistency` | The fields you're reading are exactly what was hashed and signed — nothing displayed differs from the sealed record |
|
|
172
|
+
| `signature_valid` | The Ed25519 signature verifies against the canonical bytes |
|
|
173
|
+
|
|
174
|
+
Chain-level checks (`--chain`, `verifyPublicChain`): every receipt's `previous_hash` must equal the prior receipt's `sha256`, positions must be sequential, timestamps ordered. Altering any historic receipt breaks every receipt after it — the same principle as Bitcoin's blockchain, applied to AI accountability.
|
|
175
|
+
|
|
176
|
+
Beyond this library: receipts are also anchored to the **Bitcoin blockchain via OpenTimestamps**, are **SCITT-compatible** (IETF architecture), and carry **W3C Verifiable Credential** envelopes plus clause-level **EU AI Act Article 12(1)/(2)/(4)** and NIST AI RMF mappings. See the [public verification spec](https://verify.itechsmart.dev/api/how-to-verify).
|
|
177
|
+
|
|
101
178
|
---
|
|
102
179
|
|
|
103
|
-
##
|
|
180
|
+
## Installation & library usage
|
|
104
181
|
|
|
105
|
-
|
|
182
|
+
```bash
|
|
183
|
+
npm install @itechsmart/prooflink-verifier
|
|
184
|
+
```
|
|
106
185
|
|
|
107
186
|
```typescript
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
previous_hash: receipt.previous_hash,
|
|
124
|
-
chain_position: receipt.chain_position,
|
|
125
|
-
}, null, 0)
|
|
126
|
-
|
|
127
|
-
return crypto.createHash('sha256').update(canonical, 'utf8').digest('hex')
|
|
128
|
-
}
|
|
187
|
+
import {
|
|
188
|
+
fetchAndVerifyReceipt, // full crypto against the live ledger
|
|
189
|
+
fetchAndVerifyChain, // pointer-linkage check on the newest N receipts
|
|
190
|
+
verifyReceiptV3, // verify a v3 receipt object you already have
|
|
191
|
+
verifyPublicChain, // verify a list from /api/receipts
|
|
192
|
+
verify, verifyAnyChain, // schema-aware: auto-detects v3 vs legacy receipts
|
|
193
|
+
} from '@itechsmart/prooflink-verifier'
|
|
194
|
+
|
|
195
|
+
const result = await fetchAndVerifyReceipt('450ebfeb2a1cb00d')
|
|
196
|
+
console.log(result.valid) // true
|
|
197
|
+
console.log(result.checks) // hash_integrity, payload_consistency, signature_valid
|
|
198
|
+
|
|
199
|
+
const chain = await fetchAndVerifyChain(50)
|
|
200
|
+
console.log(chain.chain_valid) // true
|
|
201
|
+
console.log(chain.ledger_total) // 80,000+ and counting
|
|
129
202
|
```
|
|
130
203
|
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
---
|
|
204
|
+
Public API endpoints (no auth):
|
|
134
205
|
|
|
135
|
-
|
|
206
|
+
- `GET https://verify.itechsmart.dev/api/receipt/<id>` — full receipt incl. `canonical_bytes` + `signature`
|
|
207
|
+
- `GET https://verify.itechsmart.dev/api/receipts?limit=N` — newest receipts (summary)
|
|
208
|
+
- `GET https://verify.itechsmart.dev/api/stats` — live totals + chain integrity
|
|
209
|
+
- `GET https://verify.itechsmart.dev/api/how-to-verify` — the full verification spec
|
|
136
210
|
|
|
137
|
-
For
|
|
138
|
-
|
|
139
|
-
| Check | What it verifies |
|
|
140
|
-
|-------|-----------------|
|
|
141
|
-
| `schema_valid` | All required fields present |
|
|
142
|
-
| `receipt_integrity` | Stored SHA-256 matches recomputed hash |
|
|
143
|
-
| `chain_link` | `previous_hash` matches prior receipt's `sha256` |
|
|
144
|
-
| `chain_position` | Position is sequential (no gaps) |
|
|
145
|
-
| `timestamp_order` | Timestamps are chronologically ordered |
|
|
211
|
+
**For AI agents:** the same verification is exposed over MCP at [mcp.itechsmart.dev](https://mcp.itechsmart.dev) — Claude, GPT, Copilot and Cursor can verify receipts directly (17 tools).
|
|
146
212
|
|
|
147
213
|
---
|
|
148
214
|
|
|
149
|
-
##
|
|
150
|
-
|
|
151
|
-
Verify real receipts from iTechSmart's production ledger:
|
|
215
|
+
## Legacy schema (v1)
|
|
152
216
|
|
|
153
|
-
|
|
154
|
-
https://verify.itechsmart.dev
|
|
155
|
-
https://api.itechsmart.dev/api/v1/prooflink/receipts
|
|
156
|
-
```
|
|
217
|
+
Earlier receipts used a fixed-field schema (`container`, `executor`, `trigger`, …). The original verification functions (`verifyReceipt`, `verifyChain`, `computeReceiptHash`) still support it, and `verify()` / `verifyAnyChain()` auto-detect which schema you're holding.
|
|
157
218
|
|
|
158
219
|
---
|
|
159
220
|
|
|
@@ -174,23 +235,29 @@ This verifier is intentionally minimal. The goal is auditable simplicity — not
|
|
|
174
235
|
PRs welcome for:
|
|
175
236
|
- Additional language implementations (Python, Go, Rust)
|
|
176
237
|
- OpenTimestamps proof verification
|
|
177
|
-
- CLI tool
|
|
178
238
|
- Test vectors
|
|
179
239
|
|
|
180
240
|
---
|
|
181
241
|
|
|
182
|
-
##
|
|
242
|
+
## Why this exists
|
|
243
|
+
|
|
244
|
+
Regulators (EU AI Act Article 12, enforcement August 2, 2026), auditors, and customers increasingly ask one question about autonomous AI: **"Prove it."**
|
|
183
245
|
|
|
184
|
-
|
|
246
|
+
Audit logs can be edited. Dashboards can be wrong. Vendor attestations require trust. A hash-chained, signed, Bitcoin-anchored receipt that *anyone* can verify with open-source code requires none of those things.
|
|
185
247
|
|
|
186
248
|
---
|
|
187
249
|
|
|
188
250
|
## About iTechSmart
|
|
189
251
|
|
|
190
|
-
iTechSmart builds UAIO (Unified Autonomous IT Operations) — the first enterprise platform that autonomously detects, remediates, and cryptographically proves every infrastructure action.
|
|
252
|
+
iTechSmart Inc. builds UAIO (Unified Autonomous IT Operations) — the first enterprise platform that autonomously detects, remediates, and cryptographically proves every infrastructure action — and operates ProofLink, the Trust & Accountability Layer for Autonomous AI.
|
|
191
253
|
|
|
192
|
-
-
|
|
254
|
+
- Product: [prooflink.itechsmart.dev](https://prooflink.itechsmart.dev)
|
|
193
255
|
- Verify receipts: [verify.itechsmart.dev](https://verify.itechsmart.dev)
|
|
256
|
+
- Website: [itechsmart.dev](https://itechsmart.dev)
|
|
194
257
|
- Whitepaper: [whitepaper.itechsmart.dev](https://whitepaper.itechsmart.dev)
|
|
195
258
|
|
|
196
|
-
SDVOSB · CAGE: 172W2 ·
|
|
259
|
+
SDVOSB · CAGE: 172W2 · UEI: ZCPFX4N86G36 · NVIDIA Inception
|
|
260
|
+
|
|
261
|
+
## License
|
|
262
|
+
|
|
263
|
+
MIT © iTechSmart Inc. — use freely, audit openly, verify everything. ProofLink™ is a registered federal trademark of iTechSmart Inc.
|
package/bin/cli.js
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/* ProofLink verifier CLI — verify receipts on the live public ledger.
|
|
3
|
+
*
|
|
4
|
+
* npx @itechsmart/prooflink-verifier <receipt_id> full crypto verify of one receipt
|
|
5
|
+
* npx @itechsmart/prooflink-verifier --chain [N] pointer-linkage check on newest N (default 25)
|
|
6
|
+
*/
|
|
7
|
+
const { fetchAndVerifyReceipt, fetchAndVerifyChain } = require('../dist/index.js');
|
|
8
|
+
|
|
9
|
+
const GREEN = '\x1b[32m', RED = '\x1b[31m', DIM = '\x1b[2m', BOLD = '\x1b[1m', RESET = '\x1b[0m';
|
|
10
|
+
|
|
11
|
+
async function main() {
|
|
12
|
+
const args = process.argv.slice(2);
|
|
13
|
+
if (!args.length || args[0] === '--help' || args[0] === '-h') {
|
|
14
|
+
console.log(`${BOLD}ProofLink Verifier${RESET} — don't trust the AI, trust the math.
|
|
15
|
+
|
|
16
|
+
Usage:
|
|
17
|
+
prooflink-verify <receipt_id> Fully verify one receipt (hash + payload + Ed25519)
|
|
18
|
+
prooflink-verify --chain [N] Verify pointer linkage of the newest N receipts (default 25)
|
|
19
|
+
|
|
20
|
+
Ledger: https://verify.itechsmart.dev (no account required)`);
|
|
21
|
+
process.exit(0);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
if (args[0] === '--chain') {
|
|
25
|
+
const n = parseInt(args[1], 10) || 25;
|
|
26
|
+
const r = await fetchAndVerifyChain(n);
|
|
27
|
+
console.log(`${BOLD}ProofLink public chain check${RESET} ${DIM}(newest ${r.receipts_verified} of ${r.ledger_total.toLocaleString()} receipts)${RESET}`);
|
|
28
|
+
console.log(r.chain_valid
|
|
29
|
+
? `${GREEN}✓ ${r.summary}${RESET}`
|
|
30
|
+
: `${RED}✗ ${r.summary}${RESET}`);
|
|
31
|
+
if (r.errors.length) r.errors.slice(0, 5).forEach(e => console.log(` ${RED}- ${e}${RESET}`));
|
|
32
|
+
console.log(`${DIM}Ledger-reported chain_intact: ${r.ledger_chain_intact}${RESET}`);
|
|
33
|
+
process.exit(r.chain_valid ? 0 : 1);
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
const id = args[0];
|
|
37
|
+
const r = await fetchAndVerifyReceipt(id);
|
|
38
|
+
if (!r.found) {
|
|
39
|
+
console.log(`${RED}✗ Receipt ${id} not found on the public ledger${RESET}`);
|
|
40
|
+
process.exit(2);
|
|
41
|
+
}
|
|
42
|
+
console.log(`${BOLD}ProofLink receipt ${id}${RESET}`);
|
|
43
|
+
for (const c of r.checks) {
|
|
44
|
+
console.log(` ${c.passed ? GREEN + '✓' : RED + '✗'} ${c.name}${RESET} ${DIM}${c.detail}${RESET}`);
|
|
45
|
+
}
|
|
46
|
+
console.log(r.valid
|
|
47
|
+
? `${GREEN}${BOLD}VERIFIED${RESET} — hash intact, payload consistent, Ed25519 signature valid.`
|
|
48
|
+
: r.tamper_detected
|
|
49
|
+
? `${RED}${BOLD}TAMPER DETECTED${RESET}`
|
|
50
|
+
: `${RED}${BOLD}NOT FULLY VERIFIED${RESET} ${DIM}(see checks above)${RESET}`);
|
|
51
|
+
process.exit(r.valid ? 0 : 1);
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
main().catch(e => { console.error(`${RED}Error: ${e.message}${RESET}`); process.exit(3); });
|
package/dist/index.d.ts
CHANGED
|
@@ -1,2 +1,6 @@
|
|
|
1
1
|
export * from './prooflink-verifier';
|
|
2
|
+
export { verifyReceiptV3, verifyV3, verifyChainV3, canonicalize as canonicalizeV3, importEd25519PublicKey, PUBLISHED_PUBLIC_KEY, } from './standard-v3';
|
|
3
|
+
export type { V3Receipt, V3Signature, V3Check, V3Result } from './standard-v3';
|
|
4
|
+
export { fetchAndVerifyReceipt, fetchAndVerifyChain, verifyPublicChain, DEFAULT_LEDGER, } from './live';
|
|
5
|
+
export type { PublicChainReceipt, PublicChainResult } from './live';
|
|
2
6
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,sBAAsB,CAAC;AAIrC,OAAO,EACL,eAAe,EACf,QAAQ,EACR,aAAa,EACb,YAAY,IAAI,cAAc,EAC9B,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAI/E,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,GACf,MAAM,QAAQ,CAAC;AAChB,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -14,5 +14,25 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.DEFAULT_LEDGER = exports.verifyPublicChain = exports.fetchAndVerifyChain = exports.fetchAndVerifyReceipt = exports.PUBLISHED_PUBLIC_KEY = exports.importEd25519PublicKey = exports.canonicalizeV3 = exports.verifyChainV3 = exports.verifyV3 = exports.verifyReceiptV3 = void 0;
|
|
18
|
+
// Legacy pre-v3 verifier (verifies the historical ProofLinkReceipt shape:
|
|
19
|
+
// receipt_id / sha256 / previous_hash / before_state / nist_controls …).
|
|
20
|
+
// See the DRIFT NOTICE in ./standard-v3 — the LIVE ledger emits v3 receipts.
|
|
17
21
|
__exportStar(require("./prooflink-verifier"), exports);
|
|
22
|
+
// ProofLink Receipt Standard v3.0 — conformant verifier for LIVE v3 receipts.
|
|
23
|
+
// Spec: https://verify.itechsmart.dev/api/how-to-verify
|
|
24
|
+
var standard_v3_1 = require("./standard-v3");
|
|
25
|
+
Object.defineProperty(exports, "verifyReceiptV3", { enumerable: true, get: function () { return standard_v3_1.verifyReceiptV3; } });
|
|
26
|
+
Object.defineProperty(exports, "verifyV3", { enumerable: true, get: function () { return standard_v3_1.verifyV3; } });
|
|
27
|
+
Object.defineProperty(exports, "verifyChainV3", { enumerable: true, get: function () { return standard_v3_1.verifyChainV3; } });
|
|
28
|
+
Object.defineProperty(exports, "canonicalizeV3", { enumerable: true, get: function () { return standard_v3_1.canonicalize; } });
|
|
29
|
+
Object.defineProperty(exports, "importEd25519PublicKey", { enumerable: true, get: function () { return standard_v3_1.importEd25519PublicKey; } });
|
|
30
|
+
Object.defineProperty(exports, "PUBLISHED_PUBLIC_KEY", { enumerable: true, get: function () { return standard_v3_1.PUBLISHED_PUBLIC_KEY; } });
|
|
31
|
+
// Live-ledger helpers: fetch + verify against verify.itechsmart.dev, and
|
|
32
|
+
// pointer-linkage verification for the public summary list (/api/receipts).
|
|
33
|
+
var live_1 = require("./live");
|
|
34
|
+
Object.defineProperty(exports, "fetchAndVerifyReceipt", { enumerable: true, get: function () { return live_1.fetchAndVerifyReceipt; } });
|
|
35
|
+
Object.defineProperty(exports, "fetchAndVerifyChain", { enumerable: true, get: function () { return live_1.fetchAndVerifyChain; } });
|
|
36
|
+
Object.defineProperty(exports, "verifyPublicChain", { enumerable: true, get: function () { return live_1.verifyPublicChain; } });
|
|
37
|
+
Object.defineProperty(exports, "DEFAULT_LEDGER", { enumerable: true, get: function () { return live_1.DEFAULT_LEDGER; } });
|
|
18
38
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,uDAAqC;AAErC,8EAA8E;AAC9E,wDAAwD;AACxD,6CAOuB;AANrB,8GAAA,eAAe,OAAA;AACf,uGAAA,QAAQ,OAAA;AACR,4GAAA,aAAa,OAAA;AACb,6GAAA,YAAY,OAAkB;AAC9B,qHAAA,sBAAsB,OAAA;AACtB,mHAAA,oBAAoB,OAAA;AAItB,yEAAyE;AACzE,4EAA4E;AAC5E,+BAKgB;AAJd,6GAAA,qBAAqB,OAAA;AACrB,2GAAA,mBAAmB,OAAA;AACnB,yGAAA,iBAAiB,OAAA;AACjB,sGAAA,cAAc,OAAA"}
|
package/dist/live.d.ts
ADDED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Live-ledger helpers: fetch receipts from verify.itechsmart.dev and verify
|
|
3
|
+
* them with the Standard v3.0 verifier (see ./standard-v3), plus a
|
|
4
|
+
* pointer-linkage check for the public summary list (/api/receipts).
|
|
5
|
+
*/
|
|
6
|
+
import { type V3Result } from './standard-v3';
|
|
7
|
+
export declare const DEFAULT_LEDGER = "https://verify.itechsmart.dev";
|
|
8
|
+
export interface PublicChainReceipt {
|
|
9
|
+
receipt_id: string;
|
|
10
|
+
chain_position: number;
|
|
11
|
+
previous_hash: string;
|
|
12
|
+
sha256: string;
|
|
13
|
+
timestamp: string;
|
|
14
|
+
[key: string]: unknown;
|
|
15
|
+
}
|
|
16
|
+
export interface PublicChainResult {
|
|
17
|
+
chain_valid: boolean;
|
|
18
|
+
tamper_detected: boolean;
|
|
19
|
+
receipts_verified: number;
|
|
20
|
+
tamper_position: number | null;
|
|
21
|
+
summary: string;
|
|
22
|
+
errors: string[];
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Pointer-linkage verification for the public summary list (/api/receipts):
|
|
26
|
+
* previous_hash links, monotonic chain positions, timestamp order.
|
|
27
|
+
* Full crypto per receipt requires the detail endpoint (see fetchAndVerifyReceipt).
|
|
28
|
+
*/
|
|
29
|
+
export declare function verifyPublicChain(receipts: PublicChainReceipt[]): PublicChainResult;
|
|
30
|
+
/** Fetch a receipt by id from the public ledger and fully verify it (Standard v3.0). */
|
|
31
|
+
export declare function fetchAndVerifyReceipt(receiptId: string, base?: string): Promise<V3Result & {
|
|
32
|
+
receipt_id: string;
|
|
33
|
+
found: boolean;
|
|
34
|
+
}>;
|
|
35
|
+
/** Fetch the newest N receipts from the public ledger and verify pointer linkage. */
|
|
36
|
+
export declare function fetchAndVerifyChain(limit?: number, base?: string): Promise<PublicChainResult & {
|
|
37
|
+
ledger_total: number;
|
|
38
|
+
ledger_chain_intact: boolean;
|
|
39
|
+
}>;
|
|
40
|
+
//# sourceMappingURL=live.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"live.d.ts","sourceRoot":"","sources":["../src/live.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAmC,KAAK,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/E,eAAO,MAAM,cAAc,kCAAkC,CAAC;AAE9D,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,EAAE,GAAG,iBAAiB,CA+BnF;AAED,wFAAwF;AACxF,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,MAAuB,GAC5B,OAAO,CAAC,QAAQ,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAU5D;AAED,qFAAqF;AACrF,wBAAsB,mBAAmB,CACvC,KAAK,SAAK,EACV,IAAI,GAAE,MAAuB,GAC5B,OAAO,CAAC,iBAAiB,GAAG;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,mBAAmB,EAAE,OAAO,CAAA;CAAE,CAAC,CAIrF"}
|
package/dist/live.js
ADDED
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.DEFAULT_LEDGER = void 0;
|
|
4
|
+
exports.verifyPublicChain = verifyPublicChain;
|
|
5
|
+
exports.fetchAndVerifyReceipt = fetchAndVerifyReceipt;
|
|
6
|
+
exports.fetchAndVerifyChain = fetchAndVerifyChain;
|
|
7
|
+
/**
|
|
8
|
+
* Live-ledger helpers: fetch receipts from verify.itechsmart.dev and verify
|
|
9
|
+
* them with the Standard v3.0 verifier (see ./standard-v3), plus a
|
|
10
|
+
* pointer-linkage check for the public summary list (/api/receipts).
|
|
11
|
+
*/
|
|
12
|
+
const standard_v3_1 = require("./standard-v3");
|
|
13
|
+
exports.DEFAULT_LEDGER = 'https://verify.itechsmart.dev';
|
|
14
|
+
/**
|
|
15
|
+
* Pointer-linkage verification for the public summary list (/api/receipts):
|
|
16
|
+
* previous_hash links, monotonic chain positions, timestamp order.
|
|
17
|
+
* Full crypto per receipt requires the detail endpoint (see fetchAndVerifyReceipt).
|
|
18
|
+
*/
|
|
19
|
+
function verifyPublicChain(receipts) {
|
|
20
|
+
const errors = [];
|
|
21
|
+
let tamperPosition = null;
|
|
22
|
+
const sorted = [...receipts].sort((a, b) => a.chain_position - b.chain_position);
|
|
23
|
+
for (let i = 1; i < sorted.length; i++) {
|
|
24
|
+
const prev = sorted[i - 1];
|
|
25
|
+
const cur = sorted[i];
|
|
26
|
+
if (cur.chain_position !== prev.chain_position + 1) {
|
|
27
|
+
errors.push(`Gap between positions ${prev.chain_position} and ${cur.chain_position}`);
|
|
28
|
+
tamperPosition = tamperPosition ?? cur.chain_position;
|
|
29
|
+
continue;
|
|
30
|
+
}
|
|
31
|
+
if (cur.previous_hash !== prev.sha256) {
|
|
32
|
+
errors.push(`Broken link at position ${cur.chain_position}: previous_hash does not match prior sha256`);
|
|
33
|
+
tamperPosition = tamperPosition ?? cur.chain_position;
|
|
34
|
+
}
|
|
35
|
+
if (new Date(cur.timestamp).getTime() < new Date(prev.timestamp).getTime()) {
|
|
36
|
+
errors.push(`Timestamp regression at position ${cur.chain_position}`);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
const ok = errors.length === 0;
|
|
40
|
+
return {
|
|
41
|
+
chain_valid: ok,
|
|
42
|
+
tamper_detected: !ok,
|
|
43
|
+
receipts_verified: sorted.length,
|
|
44
|
+
tamper_position: tamperPosition,
|
|
45
|
+
summary: ok
|
|
46
|
+
? `Chain VALID — ${sorted.length} receipts, pointer linkage intact`
|
|
47
|
+
: `Chain INVALID — ${errors.length} problem(s), first at position ${tamperPosition}`,
|
|
48
|
+
errors,
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
/** Fetch a receipt by id from the public ledger and fully verify it (Standard v3.0). */
|
|
52
|
+
async function fetchAndVerifyReceipt(receiptId, base = exports.DEFAULT_LEDGER) {
|
|
53
|
+
const res = await fetch(`${base}/api/receipt/${encodeURIComponent(receiptId)}`);
|
|
54
|
+
if (!res.ok) {
|
|
55
|
+
return { receipt_id: receiptId, found: false, valid: false, id: receiptId, checks: [], errors: [`HTTP ${res.status} from ledger`] };
|
|
56
|
+
}
|
|
57
|
+
const body = (await res.json());
|
|
58
|
+
if (!body.found || !body.receipt) {
|
|
59
|
+
return { receipt_id: receiptId, found: false, valid: false, id: receiptId, checks: [], errors: ['Receipt not found'] };
|
|
60
|
+
}
|
|
61
|
+
return { receipt_id: receiptId, found: true, ...(0, standard_v3_1.verifyReceiptV3)(body.receipt) };
|
|
62
|
+
}
|
|
63
|
+
/** Fetch the newest N receipts from the public ledger and verify pointer linkage. */
|
|
64
|
+
async function fetchAndVerifyChain(limit = 25, base = exports.DEFAULT_LEDGER) {
|
|
65
|
+
const res = await fetch(`${base}/api/receipts?limit=${limit}`);
|
|
66
|
+
const body = (await res.json());
|
|
67
|
+
return { ...verifyPublicChain(body.receipts || []), ledger_total: body.total, ledger_chain_intact: body.chain_intact };
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=live.js.map
|
package/dist/live.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"live.js","sourceRoot":"","sources":["../src/live.ts"],"names":[],"mappings":";;;AAgCA,8CA+BC;AAGD,sDAaC;AAGD,kDAOC;AAzFD;;;;GAIG;AACH,+CAA+E;AAElE,QAAA,cAAc,GAAG,+BAA+B,CAAC;AAoB9D;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,QAA8B;IAC9D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAC;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAI,CAAC,cAAc,QAAQ,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;YACtF,cAAc,GAAG,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC;YACtD,SAAS;QACX,CAAC;QACD,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,2BAA2B,GAAG,CAAC,cAAc,6CAA6C,CAAC,CAAC;YACxG,cAAc,GAAG,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC,oCAAoC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/B,OAAO;QACL,WAAW,EAAE,EAAE;QACf,eAAe,EAAE,CAAC,EAAE;QACpB,iBAAiB,EAAE,MAAM,CAAC,MAAM;QAChC,eAAe,EAAE,cAAc;QAC/B,OAAO,EAAE,EAAE;YACT,CAAC,CAAC,iBAAiB,MAAM,CAAC,MAAM,mCAAmC;YACnE,CAAC,CAAC,mBAAmB,MAAM,CAAC,MAAM,kCAAkC,cAAc,EAAE;QACtF,MAAM;KACP,CAAC;AACJ,CAAC;AAED,wFAAwF;AACjF,KAAK,UAAU,qBAAqB,CACzC,SAAiB,EACjB,OAAe,sBAAc;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,gBAAgB,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,GAAG,CAAC,MAAM,cAAc,CAAC,EAAE,CAAC;IACtI,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6C,CAAC;IAC5E,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;IACzH,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;AAClF,CAAC;AAED,qFAAqF;AAC9E,KAAK,UAAU,mBAAmB,CACvC,KAAK,GAAG,EAAE,EACV,OAAe,sBAAc;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uBAAuB,KAAK,EAAE,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6E,CAAC;IAC5G,OAAO,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,mBAAmB,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;AACzH,CAAC"}
|
|
@@ -47,6 +47,9 @@ export interface VerificationCheck {
|
|
|
47
47
|
* Compute the expected SHA-256 hash for a receipt.
|
|
48
48
|
* The hash covers all fields EXCEPT the sha256 field itself.
|
|
49
49
|
* This is the canonical hash function — open for inspection.
|
|
50
|
+
*
|
|
51
|
+
* @param receipt Receipt object without the sha256 field
|
|
52
|
+
* @returns Hexadecimal string of the computed SHA-256 hash
|
|
50
53
|
*/
|
|
51
54
|
export declare function computeReceiptHash(receipt: Omit<ProofLinkReceipt, 'sha256'>): string;
|
|
52
55
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prooflink-verifier.d.ts","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC1C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,WAAW,CAAA;IACxB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,QAAQ,CAAA;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,CAAA;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,iBAAiB,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;IACxB,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAMD
|
|
1
|
+
{"version":3,"file":"prooflink-verifier.d.ts","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC1C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,WAAW,CAAA;IACxB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,GAAG,mBAAmB,GAAG,QAAQ,CAAA;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,CAAA;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,iBAAiB,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;IACxB,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAMD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG,MAAM,CAoBpF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAYnF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CA4BnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAqBnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,eAAe,EAAE,gBAAgB,GAAG,IAAI,GACvC,iBAAiB,CAgBnB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,iBAAiB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,gBAAgB,EACzB,eAAe,GAAE,gBAAgB,GAAG,IAAW,GAC9C,kBAAkB,CAwBpB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,GAAG;IACzD,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,OAAO,EAAE,kBAAkB,EAAE,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAsCA;AAMD,eAAO,MAAM,iBAAiB;;;;;;CAM7B,CAAA;AAED,eAAe,iBAAiB,CAAA"}
|
|
@@ -28,6 +28,9 @@ const crypto_1 = __importDefault(require("crypto"));
|
|
|
28
28
|
* Compute the expected SHA-256 hash for a receipt.
|
|
29
29
|
* The hash covers all fields EXCEPT the sha256 field itself.
|
|
30
30
|
* This is the canonical hash function — open for inspection.
|
|
31
|
+
*
|
|
32
|
+
* @param receipt Receipt object without the sha256 field
|
|
33
|
+
* @returns Hexadecimal string of the computed SHA-256 hash
|
|
31
34
|
*/
|
|
32
35
|
function computeReceiptHash(receipt) {
|
|
33
36
|
const canonical = JSON.stringify({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prooflink-verifier.js","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;
|
|
1
|
+
{"version":3,"file":"prooflink-verifier.js","sourceRoot":"","sources":["../src/prooflink-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;AA6DH,gDAoBC;AAMD,wDAYC;AAOD,0CA+BC;AAKD,kDAwBC;AAKD,oDAmBC;AAKD,kDAkBC;AAMD,sCA2BC;AAMD,kCA4CC;AAtSD,oDAA2B;AA+C3B,gDAAgD;AAChD,0BAA0B;AAC1B,gDAAgD;AAEhD;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,OAAyC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;IAEjD,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,OAAyB;IAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IACnC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,iBAAiB,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;YAC/C,CAAC,CAAC,2BAA2B,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KACjG,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAC7B,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,IAAI,CAAA;QAC7C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,MAAM,EAAE,MAAM;gBACZ,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,wDAAwD,OAAO,CAAC,aAAa,EAAE;SACpF,CAAA;IACH,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,oDAAoD,OAAO,CAAC,cAAc,GAAG,CAAC,gBAAgB;SACvG,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,KAAK,eAAe,CAAC,MAAM,CAAA;IAC/D,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,kCAAkC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YACnF,CAAC,CAAC,0BAA0B,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;KAC9H,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,OAAyB,EACzB,eAAwC;IAExC,IAAI,OAAO,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAA;IAChF,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,iDAAiD;SAC1D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,KAAK,eAAe,CAAC,cAAc,GAAG,CAAC,CAAA;IAC5E,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,YAAY,OAAO,CAAC,cAAc,YAAY,eAAe,CAAC,cAAc,EAAE;YAChF,CAAC,CAAC,0BAA0B,eAAe,CAAC,cAAc,MAAM,OAAO,CAAC,cAAc,EAAE;KAC3F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,OAAyB,EACzB,eAAwC;IAExC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IAC5F,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IACrD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IAC9D,MAAM,MAAM,GAAG,OAAO,IAAI,QAAQ,CAAA;IAElC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,0BAA0B,OAAO,CAAC,SAAS,OAAO,eAAe,CAAC,SAAS,EAAE;YAC/E,CAAC,CAAC,4BAA4B,OAAO,CAAC,SAAS,aAAa,eAAe,CAAC,SAAS,EAAE;KAC1F,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU;QAC7D,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa;QAClD,QAAQ,EAAE,gBAAgB,EAAE,aAAa;KAC1C,CAAA;IAED,MAAM,CAAC,GAAG,OAAkC,CAAA;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,CAAC,CAAA;IAEjF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAA;IACnC,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,MAAM;QACN,MAAM,EAAE,MAAM;YACZ,CAAC,CAAC,6BAA6B;YAC/B,CAAC,CAAC,4BAA4B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrD,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,OAAyB,EACzB,kBAA2C,IAAI;IAE/C,MAAM,MAAM,GAAwB;QAClC,mBAAmB,CAAC,OAAO,CAAC;QAC5B,sBAAsB,CAAC,OAAO,CAAC;QAC/B,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC;QACzC,mBAAmB,CAAC,OAAO,EAAE,eAAe,CAAC;QAC7C,oBAAoB,CAAC,OAAO,EAAE,eAAe,CAAC;KAC/C,CAAA;IAED,MAAM,MAAM,GAAG,MAAM;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;IAEtC,MAAM,cAAc,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,EAAE,MAAM;QAC9E,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAA;IAEpD,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM;QACN,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,cAAc;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,QAA4B;IAOtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,IAAI;YACrB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,iCAAiC;SAC3C,CAAA;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC,CAAA;IAEhF,MAAM,OAAO,GAAyB,EAAE,CAAA;IACxC,IAAI,cAAc,GAAkB,IAAI,CAAA;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACrE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEpB,IAAI,MAAM,CAAC,eAAe,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;YACtD,cAAc,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAA;QAC3C,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,cAAc,GAAG,cAAc,KAAK,IAAI,CAAA;IAE9C,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,cAAc;QAC/B,eAAe,EAAE,cAAc;QAC/B,OAAO;QACP,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,iBAAiB,QAAQ,CAAC,MAAM,2CAA2C;YAC7E,CAAC,CAAC,kDAAkD,cAAc,EAAE;KACvE,CAAA;AACH,CAAC;AAED,gDAAgD;AAChD,aAAa;AACb,gDAAgD;AAEnC,QAAA,iBAAiB,GAAG;IAC/B,WAAW,EAAE,kBAAkB;IAC/B,aAAa;IACb,WAAW;IACX,eAAe,EAAE,sBAAsB;IACvC,eAAe;CAChB,CAAA;AAED,kBAAe,yBAAiB,CAAA"}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ProofLink Receipt Standard v3.0 — conformant v3 verifier.
|
|
3
|
+
*
|
|
4
|
+
* Spec: https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md
|
|
5
|
+
* Live: https://verify.itechsmart.dev/api/how-to-verify
|
|
6
|
+
*
|
|
7
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
8
|
+
* DRIFT NOTICE
|
|
9
|
+
* The original exports in `prooflink-verifier.ts` (computeReceiptHash,
|
|
10
|
+
* verifyReceipt, verifyChain over the `ProofLinkReceipt` shape with fields
|
|
11
|
+
* receipt_id / sha256 / previous_hash / before_state / nist_controls …) verify
|
|
12
|
+
* a PRE-v3 receipt shape that the LIVE ledger no longer emits. Live v3 receipts
|
|
13
|
+
* use id / hash_sha256 / prev_hash / canonical_bytes / signature, are Ed25519
|
|
14
|
+
* signed, and hash the FULL canonicalized payload (not a fixed field list).
|
|
15
|
+
* This module is the Standard-v3.0-conformant verifier for live v3 receipts.
|
|
16
|
+
* The legacy exports are retained unchanged for historical/pre-v3 receipts.
|
|
17
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
18
|
+
*
|
|
19
|
+
* Zero third-party dependencies (Node 18+ built-in `crypto`).
|
|
20
|
+
* Reproduces the canonical live verification exactly:
|
|
21
|
+
* 1. hash integrity SHA256(canonical_bytes) == hash_sha256
|
|
22
|
+
* 2. canonical re-derive json.dumps(payload, sort_keys, separators=(",",":"),
|
|
23
|
+
* ensure_ascii=False) == canonical_bytes
|
|
24
|
+
* 3. Ed25519 signature sig over raw canonical_bytes under embedded pubkey
|
|
25
|
+
* 4. chain link prev_hash == previous entry's hash_sha256
|
|
26
|
+
*/
|
|
27
|
+
import { KeyObject } from "node:crypto";
|
|
28
|
+
export declare const PUBLISHED_PUBLIC_KEY = "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97";
|
|
29
|
+
export interface V3Signature {
|
|
30
|
+
algorithm: string;
|
|
31
|
+
public_key: string;
|
|
32
|
+
value: string;
|
|
33
|
+
signs?: string;
|
|
34
|
+
}
|
|
35
|
+
export interface V3Receipt {
|
|
36
|
+
id: string;
|
|
37
|
+
timestamp: string;
|
|
38
|
+
category: string;
|
|
39
|
+
subject: string;
|
|
40
|
+
action: string;
|
|
41
|
+
actor: string;
|
|
42
|
+
outcome: string;
|
|
43
|
+
schema_version: string;
|
|
44
|
+
prev_hash: string;
|
|
45
|
+
chain_position: number;
|
|
46
|
+
canonical_bytes: string;
|
|
47
|
+
hash_sha256: string;
|
|
48
|
+
signature: V3Signature;
|
|
49
|
+
compliance_tags?: string[];
|
|
50
|
+
supersedes?: string;
|
|
51
|
+
learned_from?: string[];
|
|
52
|
+
[k: string]: unknown;
|
|
53
|
+
}
|
|
54
|
+
export interface V3Check {
|
|
55
|
+
name: string;
|
|
56
|
+
passed: boolean;
|
|
57
|
+
detail: string;
|
|
58
|
+
}
|
|
59
|
+
export interface V3Result {
|
|
60
|
+
valid: boolean;
|
|
61
|
+
id: string;
|
|
62
|
+
checks: V3Check[];
|
|
63
|
+
errors: string[];
|
|
64
|
+
}
|
|
65
|
+
/** Canonical JSON bytes byte-for-byte identical to Python's
|
|
66
|
+
* json.dumps(x, sort_keys=True, separators=(",",":"), ensure_ascii=False). */
|
|
67
|
+
export declare function canonicalize(value: unknown): Buffer;
|
|
68
|
+
export declare function importEd25519PublicKey(hex: string): KeyObject;
|
|
69
|
+
/** Verify one v3 receipt against Standard v3.0. Never throws on a failed check. */
|
|
70
|
+
export declare function verifyReceiptV3(receipt: V3Receipt, prevHash?: string): V3Result;
|
|
71
|
+
/** Boolean convenience wrapper. */
|
|
72
|
+
export declare function verifyV3(receipt: V3Receipt, prevHash?: string): boolean;
|
|
73
|
+
/** Verify an oldest-first chain (e.g. /api/export order) of v3 receipts. */
|
|
74
|
+
export declare function verifyChainV3(receipts: V3Receipt[]): {
|
|
75
|
+
chain_valid: boolean;
|
|
76
|
+
results: V3Result[];
|
|
77
|
+
};
|
|
78
|
+
//# sourceMappingURL=standard-v3.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"standard-v3.d.ts","sourceRoot":"","sources":["../src/standard-v3.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAmD,SAAS,EAAE,MAAM,aAAa,CAAC;AAEzF,eAAO,MAAM,oBAAoB,qEACmC,CAAC;AAErE,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,WAAW,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,OAAO,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,OAAO,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAID;+EAC+E;AAC/E,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEnD;AAcD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAM7D;AAED,mFAAmF;AACnF,wBAAgB,eAAe,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,CA8E/E;AAED,mCAAmC;AACnC,wBAAgB,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAEvE;AAED,4EAA4E;AAC5E,wBAAgB,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,GAAG;IAAE,WAAW,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,QAAQ,EAAE,CAAA;CAAE,CAGlG"}
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ProofLink Receipt Standard v3.0 — conformant v3 verifier.
|
|
4
|
+
*
|
|
5
|
+
* Spec: https://github.com/Iteksmart/prooflink-standard/blob/main/ProofLink-Receipt-Standard-v3.md
|
|
6
|
+
* Live: https://verify.itechsmart.dev/api/how-to-verify
|
|
7
|
+
*
|
|
8
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
9
|
+
* DRIFT NOTICE
|
|
10
|
+
* The original exports in `prooflink-verifier.ts` (computeReceiptHash,
|
|
11
|
+
* verifyReceipt, verifyChain over the `ProofLinkReceipt` shape with fields
|
|
12
|
+
* receipt_id / sha256 / previous_hash / before_state / nist_controls …) verify
|
|
13
|
+
* a PRE-v3 receipt shape that the LIVE ledger no longer emits. Live v3 receipts
|
|
14
|
+
* use id / hash_sha256 / prev_hash / canonical_bytes / signature, are Ed25519
|
|
15
|
+
* signed, and hash the FULL canonicalized payload (not a fixed field list).
|
|
16
|
+
* This module is the Standard-v3.0-conformant verifier for live v3 receipts.
|
|
17
|
+
* The legacy exports are retained unchanged for historical/pre-v3 receipts.
|
|
18
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
19
|
+
*
|
|
20
|
+
* Zero third-party dependencies (Node 18+ built-in `crypto`).
|
|
21
|
+
* Reproduces the canonical live verification exactly:
|
|
22
|
+
* 1. hash integrity SHA256(canonical_bytes) == hash_sha256
|
|
23
|
+
* 2. canonical re-derive json.dumps(payload, sort_keys, separators=(",",":"),
|
|
24
|
+
* ensure_ascii=False) == canonical_bytes
|
|
25
|
+
* 3. Ed25519 signature sig over raw canonical_bytes under embedded pubkey
|
|
26
|
+
* 4. chain link prev_hash == previous entry's hash_sha256
|
|
27
|
+
*/
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
exports.PUBLISHED_PUBLIC_KEY = void 0;
|
|
30
|
+
exports.canonicalize = canonicalize;
|
|
31
|
+
exports.importEd25519PublicKey = importEd25519PublicKey;
|
|
32
|
+
exports.verifyReceiptV3 = verifyReceiptV3;
|
|
33
|
+
exports.verifyV3 = verifyV3;
|
|
34
|
+
exports.verifyChainV3 = verifyChainV3;
|
|
35
|
+
const node_crypto_1 = require("node:crypto");
|
|
36
|
+
exports.PUBLISHED_PUBLIC_KEY = "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97";
|
|
37
|
+
const COMPUTED = ["canonical_bytes", "signature", "hash_sha256"];
|
|
38
|
+
/** Canonical JSON bytes byte-for-byte identical to Python's
|
|
39
|
+
* json.dumps(x, sort_keys=True, separators=(",",":"), ensure_ascii=False). */
|
|
40
|
+
function canonicalize(value) {
|
|
41
|
+
return Buffer.from(canon(value), "utf-8");
|
|
42
|
+
}
|
|
43
|
+
function canon(v) {
|
|
44
|
+
if (v === null || typeof v !== "object")
|
|
45
|
+
return JSON.stringify(v);
|
|
46
|
+
if (Array.isArray(v))
|
|
47
|
+
return "[" + v.map(canon).join(",") + "]";
|
|
48
|
+
const o = v;
|
|
49
|
+
const parts = [];
|
|
50
|
+
for (const k of Object.keys(o).sort()) {
|
|
51
|
+
if (o[k] === undefined)
|
|
52
|
+
continue;
|
|
53
|
+
parts.push(JSON.stringify(k) + ":" + canon(o[k]));
|
|
54
|
+
}
|
|
55
|
+
return "{" + parts.join(",") + "}";
|
|
56
|
+
}
|
|
57
|
+
const SPKI = Buffer.from("302a300506032b6570032100", "hex");
|
|
58
|
+
function importEd25519PublicKey(hex) {
|
|
59
|
+
return (0, node_crypto_1.createPublicKey)({
|
|
60
|
+
key: Buffer.concat([SPKI, Buffer.from(hex, "hex")]),
|
|
61
|
+
format: "der",
|
|
62
|
+
type: "spki",
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
/** Verify one v3 receipt against Standard v3.0. Never throws on a failed check. */
|
|
66
|
+
function verifyReceiptV3(receipt, prevHash) {
|
|
67
|
+
const checks = [];
|
|
68
|
+
const errors = [];
|
|
69
|
+
const id = receipt?.id ?? "<no-id>";
|
|
70
|
+
const schema = String(receipt?.schema_version);
|
|
71
|
+
const v3 = schema === "3.0";
|
|
72
|
+
// v2.0 receipts sealed with the same crypto (canonical_bytes + Ed25519 over
|
|
73
|
+
// them) are signature-verifiable; only hash recompute + canonical re-derivation
|
|
74
|
+
// are v3-normative (a v2 hash_sha256 is a pre-chain ledger-internal link).
|
|
75
|
+
const v2crypto = schema === "2.0" && !!receipt.canonical_bytes && !!receipt.signature;
|
|
76
|
+
if (!v3 && !v2crypto) {
|
|
77
|
+
errors.push(`schema_version is ${JSON.stringify(receipt?.schema_version)}; covers "3.0" (and crypto-bearing "2.0")`);
|
|
78
|
+
return { valid: false, id, checks, errors };
|
|
79
|
+
}
|
|
80
|
+
let canonBytes;
|
|
81
|
+
try {
|
|
82
|
+
canonBytes = Buffer.from(receipt.canonical_bytes, "hex");
|
|
83
|
+
}
|
|
84
|
+
catch (e) {
|
|
85
|
+
checks.push({ name: "hash_integrity", passed: false, detail: `canonical_bytes not hex: ${e}` });
|
|
86
|
+
return { valid: false, id, checks, errors };
|
|
87
|
+
}
|
|
88
|
+
if (v3) {
|
|
89
|
+
// 1. hash integrity
|
|
90
|
+
const got = (0, node_crypto_1.createHash)("sha256").update(canonBytes).digest("hex");
|
|
91
|
+
const h1 = got === receipt.hash_sha256;
|
|
92
|
+
checks.push({ name: "hash_integrity", passed: h1,
|
|
93
|
+
detail: h1 ? "SHA256(canonical_bytes) == hash_sha256"
|
|
94
|
+
: `hash mismatch: ${got.slice(0, 16)}… vs ${String(receipt.hash_sha256).slice(0, 16)}…` });
|
|
95
|
+
// 2. canonical re-derivation
|
|
96
|
+
const payload = {};
|
|
97
|
+
for (const [k, v] of Object.entries(receipt))
|
|
98
|
+
if (!COMPUTED.includes(k))
|
|
99
|
+
payload[k] = v;
|
|
100
|
+
const rederived = canonicalize(payload);
|
|
101
|
+
const h2 = rederived.equals(canonBytes);
|
|
102
|
+
checks.push({ name: "canonical_rederivation", passed: h2,
|
|
103
|
+
detail: h2 ? "re-derived canonical bytes match" : "canonical re-derivation MISMATCH — signed field tampered" });
|
|
104
|
+
}
|
|
105
|
+
else {
|
|
106
|
+
// v2: bind via signed-payload consistency (hash/canonical not recomputable).
|
|
107
|
+
try {
|
|
108
|
+
const signed = JSON.parse(canonBytes.toString("utf-8"));
|
|
109
|
+
const core = ["category", "actor", "subject", "action", "outcome", "timestamp"];
|
|
110
|
+
const mism = core.filter((k) => k in signed && receipt[k] !== undefined
|
|
111
|
+
&& signed[k] !== receipt[k]);
|
|
112
|
+
checks.push({ name: "payload_consistency", passed: mism.length === 0,
|
|
113
|
+
detail: mism.length === 0 ? "displayed core fields match the signed canonical payload"
|
|
114
|
+
: `signed-payload mismatch on: ${mism.join(", ")}` });
|
|
115
|
+
}
|
|
116
|
+
catch (e) {
|
|
117
|
+
checks.push({ name: "payload_consistency", passed: false, detail: `canonical_bytes not JSON: ${e}` });
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
// 3. Ed25519 signature
|
|
121
|
+
const sig = receipt.signature;
|
|
122
|
+
if (!sig || !sig.public_key || !sig.value) {
|
|
123
|
+
checks.push({ name: "ed25519_signature", passed: false, detail: "signature missing/malformed" });
|
|
124
|
+
}
|
|
125
|
+
else {
|
|
126
|
+
try {
|
|
127
|
+
const ok = (0, node_crypto_1.verify)(null, canonBytes, importEd25519PublicKey(sig.public_key), Buffer.from(sig.value, "hex"));
|
|
128
|
+
checks.push({ name: "ed25519_signature", passed: ok,
|
|
129
|
+
detail: ok ? `Ed25519 OK (key ${sig.public_key.slice(0, 16)}…)` : "Ed25519 signature INVALID" });
|
|
130
|
+
}
|
|
131
|
+
catch (e) {
|
|
132
|
+
checks.push({ name: "ed25519_signature", passed: false, detail: `signature error: ${e}` });
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
// 4. chain link
|
|
136
|
+
if (prevHash !== undefined) {
|
|
137
|
+
const h4 = receipt.prev_hash === prevHash;
|
|
138
|
+
checks.push({ name: "chain_link", passed: h4,
|
|
139
|
+
detail: h4 ? "prev_hash links to previous entry"
|
|
140
|
+
: `chain BROKEN: ${String(receipt.prev_hash).slice(0, 16)}… != ${prevHash.slice(0, 16)}…` });
|
|
141
|
+
}
|
|
142
|
+
const valid = checks.every((c) => c.passed) && errors.length === 0;
|
|
143
|
+
return { valid, id, checks, errors };
|
|
144
|
+
}
|
|
145
|
+
/** Boolean convenience wrapper. */
|
|
146
|
+
function verifyV3(receipt, prevHash) {
|
|
147
|
+
return verifyReceiptV3(receipt, prevHash).valid;
|
|
148
|
+
}
|
|
149
|
+
/** Verify an oldest-first chain (e.g. /api/export order) of v3 receipts. */
|
|
150
|
+
function verifyChainV3(receipts) {
|
|
151
|
+
const results = receipts.map((r, i) => verifyReceiptV3(r, i > 0 ? receipts[i - 1].hash_sha256 : undefined));
|
|
152
|
+
return { chain_valid: results.every((r) => r.valid), results };
|
|
153
|
+
}
|
|
154
|
+
//# sourceMappingURL=standard-v3.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"standard-v3.js","sourceRoot":"","sources":["../src/standard-v3.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;AAmDH,oCAEC;AAcD,wDAMC;AAGD,0CA8EC;AAGD,4BAEC;AAGD,sCAGC;AAnKD,6CAAyF;AAE5E,QAAA,oBAAoB,GAC/B,kEAAkE,CAAC;AA0CrE,MAAM,QAAQ,GAAG,CAAC,iBAAiB,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;AAEjE;+EAC+E;AAC/E,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AACD,SAAS,KAAK,CAAC,CAAU;IACvB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChE,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,SAAS;QACjC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC;AAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAC5D,SAAgB,sBAAsB,CAAC,GAAW;IAChD,OAAO,IAAA,6BAAe,EAAC;QACrB,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QACnD,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;AACL,CAAC;AAED,mFAAmF;AACnF,SAAgB,eAAe,CAAC,OAAkB,EAAE,QAAiB;IACnE,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,OAAO,EAAE,EAAE,IAAI,SAAS,CAAC;IAEpC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAC/C,MAAM,EAAE,GAAG,MAAM,KAAK,KAAK,CAAC;IAC5B,4EAA4E;IAC5E,gFAAgF;IAChF,2EAA2E;IAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACtF,IAAI,CAAC,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,2CAA2C,CAAC,CAAC;QACrH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,CAAC,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,EAAE,EAAE,CAAC;QACP,oBAAoB;QACpB,MAAM,GAAG,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,EAAE,GAAG,GAAG,KAAK,OAAO,CAAC,WAAW,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE;YAC9C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,wCAAwC;gBAC1C,CAAC,CAAC,kBAAkB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;QAExG,6BAA6B;QAC7B,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACxF,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,EAAE;YACtD,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,0DAA0D,EAAE,CAAC,CAAC;IACpH,CAAC;SAAM,CAAC;QACN,6EAA6E;QAC7E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAA4B,CAAC;YACnF,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YAChF,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,MAAM,IAAK,OAAmC,CAAC,CAAC,CAAC,KAAK,SAAS;mBACjE,MAAM,CAAC,CAAC,CAAC,KAAM,OAAmC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1F,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC;gBAClE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,0DAA0D;oBAC5D,CAAC,CAAC,+BAA+B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACpF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,CAAC,EAAE,EAAE,CAAC,CAAC;QACxG,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;IAC9B,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC,CAAC;IACnG,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAA,oBAAQ,EAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YAC7G,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,EAAE;gBACjD,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,2BAA2B,EAAE,CAAC,CAAC;QACrG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mCAAmC;gBACrC,CAAC,CAAC,iBAAiB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IACnE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED,mCAAmC;AACnC,SAAgB,QAAQ,CAAC,OAAkB,EAAE,QAAiB;IAC5D,OAAO,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC;AAClD,CAAC;AAED,4EAA4E;AAC5E,SAAgB,aAAa,CAAC,QAAqB;IACjD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5G,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC;AACjE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@itechsmart/prooflink-verifier",
|
|
3
|
-
"version": "1.0
|
|
4
|
-
"description": "
|
|
3
|
+
"version": "2.1.0",
|
|
4
|
+
"description": "Verify ProofLink receipts \u2014 the Trust & Accountability Layer for Autonomous AI by iTechSmart. Full cryptographic verification (SHA-256 hash chain + Ed25519 signatures) against the live public ledger. Don't trust the AI. Trust the math.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"files": [
|
|
8
8
|
"dist",
|
|
9
|
+
"bin",
|
|
9
10
|
"README.md",
|
|
10
11
|
"LICENSE"
|
|
11
12
|
],
|
|
@@ -16,13 +17,20 @@
|
|
|
16
17
|
},
|
|
17
18
|
"keywords": [
|
|
18
19
|
"prooflink",
|
|
19
|
-
"
|
|
20
|
-
"
|
|
20
|
+
"ai-accountability-layer",
|
|
21
|
+
"ai-audit-trail",
|
|
21
22
|
"cryptographic-verification",
|
|
22
|
-
"
|
|
23
|
+
"ed25519",
|
|
23
24
|
"sha256",
|
|
24
25
|
"hash-chain",
|
|
25
|
-
"tamper-evident"
|
|
26
|
+
"tamper-evident",
|
|
27
|
+
"eu-ai-act",
|
|
28
|
+
"article-12",
|
|
29
|
+
"scitt",
|
|
30
|
+
"uaio",
|
|
31
|
+
"itechsmart",
|
|
32
|
+
"bitcoin-anchoring",
|
|
33
|
+
"opentimestamps"
|
|
26
34
|
],
|
|
27
35
|
"author": "iTechSmart Inc.",
|
|
28
36
|
"license": "MIT",
|
|
@@ -44,5 +52,8 @@
|
|
|
44
52
|
"@types/node": "^20.0.0",
|
|
45
53
|
"typescript": "^5.4.0",
|
|
46
54
|
"vitest": "^1.6.0"
|
|
55
|
+
},
|
|
56
|
+
"bin": {
|
|
57
|
+
"prooflink-verify": "bin/cli.js"
|
|
47
58
|
}
|
|
48
|
-
}
|
|
59
|
+
}
|