ocp-verify 1.2.0 → 2.0.0

package/reference-cli/commit.js

@@ -1,37 +0,0 @@
-#!/usr/bin/env node
-
-const fs = require("fs");
-const crypto = require("crypto");
-
-const [, , filePath, proofArg] = process.argv;
-
-if (!filePath) {
-  console.error("Usage: ocp-commit <file> [proof.json]");
-  process.exit(1);
-}
-
-if (!fs.existsSync(filePath)) {
-  console.error(`ERROR: file not found: ${filePath}`);
-  process.exit(1);
-}
-
-const proofPath =
-  proofArg ||
-  filePath.replace(/(\.[^/.]+)?$/, ".proof.json");
-
-const fileBytes = fs.readFileSync(filePath);
-const hash = "0x" + crypto.createHash("sha256").update(fileBytes).digest("hex");
-
-const proof = {
-  version: "ocp-1",
-  hash,
-  txHash: "0x0000000000000000000000000000000000000000000000000000000000000000",
-  network: "demo-local",
-  contract: "0x0000000000000000000000000000000000000000",
-  extractionRule: "demo:proof.hash"
-};
-
-fs.writeFileSync(proofPath, JSON.stringify(proof, null, 2) + "\n");
-
-// Clean output
-console.log(`COMMITTED: ${filePath} → ${proofPath}`);

package/reference-cli/hash-browser.js

@@ -1,67 +0,0 @@
-// OCP Reference: Browser-native digest computation
-// Uses Web Crypto API — no dependencies, no libraries
-// Companion to reference-cli/verify.js (Node.js implementation)
-//
-// Spec: docs/spec/appendix-evm-r.md
-// This is the write-side primitive: observation → digest
-// The digest produced here is what gets passed to record(bytes32) on-chain
-
-"use strict";
-
-/**
- * Compute the OCP digest of a File object.
- *
- * Implements the commitment procedure from appendix-evm-r.md:
- *   - Serialization: raw-bytes (no encoding applied)
- *   - Hash function: sha2-256
- *   - Output: lowercase hex string, no 0x prefix
- *
- * @param {File} file - Any File object (browser File API)
- * @returns {Promise<string>} SHA-256 digest as lowercase hex, no 0x prefix
- */
-async function hashFile(file) {
-  const buffer = await file.arrayBuffer();
-  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-
-/**
- * Compute the OCP digest of an arbitrary byte array.
- *
- * @param {ArrayBuffer|Uint8Array} bytes - Raw bytes
- * @returns {Promise<string>} SHA-256 digest as lowercase hex, no 0x prefix
- */
-async function hashBytes(bytes) {
-  const buffer = bytes instanceof ArrayBuffer ? bytes : bytes.buffer;
-  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-
-/**
- * Compute the OCP digest of a UTF-8 string.
- * Note: the string is encoded as UTF-8 before hashing.
- * The verifier must apply the same encoding to reproduce the digest.
- *
- * @param {string} text - UTF-8 string
- * @returns {Promise<string>} SHA-256 digest as lowercase hex, no 0x prefix
- */
-async function hashString(text) {
-  const bytes = new TextEncoder().encode(text);
-  const hashBuffer = await crypto.subtle.digest("SHA-256", bytes);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-
-// Usage example:
-//
-// const file = document.querySelector('input[type="file"]').files[0];
-// const digest = await hashFile(file);
-// // digest is ready to pass to record(bytes32) on-chain
-// // or to include in an OCP proof envelope as commitment.digest
-
-// Node.js export (if used in a build pipeline)
-if (typeof module !== "undefined") {
-  module.exports = { hashFile, hashBytes, hashString };
-}

package/reference-cli/revoke.js

@@ -1,148 +0,0 @@
-// revoke.js — zero-dependency revocation helpers for OCP
-// CommonJS, Node.js >=18
-// Spec: docs/spec/appendix-revocation-r.md
-
-"use strict";
-
-const crypto = require("crypto");
-const https  = require("https");
-
-// Deployed contract addresses
-const REVOCATION_CONTRACTS = {
-  "eip155:84532": "0x2fa07c85439850ff6C5688d926bDa6DaEe62Db15",
-};
-
-// RPC endpoints — no API key required
-const RPC = {
-  "eip155:84532": "https://sepolia.base.org",
-  "eip155:8453":  "https://mainnet.base.org",
-};
-
-// keccak256("RevocationCommitted(bytes32,bytes32,address,uint256)")
-const REVOCATION_EVENT_TOPIC = "0xc19951599a519bc320c0f352b2f92f315e8a2368bd0efb2e5dca3b1196e76112";
-
-// getRevocation(bytes32) selector
-const GET_REVOCATION_SELECTOR = "0x8d4b2a4d";
-
-function normalizeHexDigest(value, fieldName) {
-  if (typeof value !== "string") {
-    throw new TypeError(`${fieldName} must be a string`);
-  }
-  if (!/^0x[0-9a-fA-F]{64}$/.test(value)) {
-    throw new Error(`${fieldName} must be a 0x-prefixed 32-byte hex digest`);
-  }
-  return value.toLowerCase();
-}
-
-function stableJson(value) {
-  if (value === null || typeof value !== "object") {
-    return JSON.stringify(value);
-  }
-  if (Array.isArray(value)) {
-    return `[${value.map(stableJson).join(",")}]`;
-  }
-  const keys = Object.keys(value).sort();
-  return `{${keys.map((key) => `${JSON.stringify(key)}:${stableJson(value[key])}`).join(",")}}`;
-}
-
-function rpcCall(url, method, params) {
-  return new Promise((resolve, reject) => {
-    const body = JSON.stringify({ jsonrpc: "2.0", id: 1, method, params });
-    const urlObj = new URL(url);
-    const options = {
-      hostname: urlObj.hostname,
-      path: urlObj.pathname,
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "Content-Length": Buffer.byteLength(body),
-      },
-    };
-    const req = https.request(options, (res) => {
-      let data = "";
-      res.on("data", (chunk) => { data += chunk; });
-      res.on("end", () => {
-        try {
-          const parsed = JSON.parse(data);
-          if (parsed.error) reject(new Error(`RPC error: ${parsed.error.message}`));
-          else resolve(parsed.result);
-        } catch (e) {
-          reject(new Error(`Failed to parse RPC response: ${data}`));
-        }
-      });
-    });
-    req.on("error", reject);
-    req.write(body);
-    req.end();
-  });
-}
-
-function decodeRevocationRecord(hex) {
-  const data = hex.startsWith("0x") ? hex.slice(2) : hex;
-  const revocationDigest = "0x" + data.slice(0, 64);
-  const revoker          = "0x" + data.slice(64, 128).slice(24);
-  const timestamp        = parseInt(data.slice(128, 192), 16);
-  const exists           = data.slice(192, 256) !== "0".repeat(64);
-  return { revocationDigest, revoker, timestamp, exists };
-}
-
-async function buildRevocationDigest(originalDigest, metadata = {}) {
-  const normalizedOriginalDigest = normalizeHexDigest(originalDigest, "originalDigest");
-  const payload = { originalDigest: normalizedOriginalDigest, ...metadata };
-  const encoded = stableJson(payload);
-  return `0x${crypto.createHash("sha256").update(encoded).digest("hex")}`;
-}
-
-async function checkRevocationStatus(originalDigest, chainId, rpcUrl, contractAddress) {
-  normalizeHexDigest(originalDigest, "originalDigest");
-
-  const resolvedRpc      = rpcUrl      || RPC[chainId];
-  const resolvedContract = contractAddress || REVOCATION_CONTRACTS[chainId];
-
-  if (!resolvedRpc)      throw new Error(`no RPC endpoint for chain ${chainId} — pass rpcUrl explicitly`);
-  if (!resolvedContract) throw new Error(`no contract address for chain ${chainId} — pass contractAddress explicitly`);
-
-  const digestHex = originalDigest.slice(2).toLowerCase();
-  const calldata  = GET_REVOCATION_SELECTOR + digestHex;
-
-  let result;
-  try {
-    result = await rpcCall(resolvedRpc, "eth_call", [
-      { to: resolvedContract, data: calldata },
-      "latest",
-    ]);
-  } catch (e) {
-    throw new Error(`RPC call failed: ${e.message}`);
-  }
-
-  if (!result || result === "0x") return { status: "NOT_FOUND", record: null };
-
-  const record = decodeRevocationRecord(result);
-  if (!record.exists) return { status: "NOT_FOUND", record: null };
-
-  return { status: "REVOKED", record };
-}
-
-async function verifyWithRevocation(originalDigest, asOfTimestamp, chainId, rpcUrl, contractAddress) {
-  normalizeHexDigest(originalDigest, "originalDigest");
-
-  if (typeof asOfTimestamp !== "number") {
-    throw new TypeError("asOfTimestamp must be a number (Unix seconds)");
-  }
-
-  const { status, record } = await checkRevocationStatus(
-    originalDigest, chainId, rpcUrl, contractAddress
-  );
-
-  if (status === "NOT_FOUND") return "NOT_FOUND";
-  if (record.timestamp <= asOfTimestamp) return "REVOKED";
-  return "VALID";
-}
-
-module.exports = {
-  buildRevocationDigest,
-  checkRevocationStatus,
-  verifyWithRevocation,
-  stableJson,
-  REVOCATION_EVENT_TOPIC,
-};

package/reference-cli/temporal-bounds.js

@@ -1,164 +0,0 @@
-// temporal-bounds.js — zero-dependency temporal bound helper for OCP
-// CommonJS, Node.js >=18
-// Spec: docs/spec/appendix-temporal-bounds-r.md
-
-"use strict";
-
-const https = require("https");
-
-// RPC endpoints — no API key required
-const RPC = {
-  "eip155:1":        "https://cloudflare-eth.com",
-  "eip155:8453":     "https://mainnet.base.org",
-  "eip155:84532":    "https://sepolia.base.org",
-  "eip155:11155111": "https://rpc.sepolia.org",
-};
-
-// Finality table — F(L) per network
-// Source: docs/spec/appendix-temporal-bounds-r.md
-const FINALITY = {
-  "eip155:1": {
-    safe_depth: 64,
-    finality_window_seconds: 720,
-    validator_influence_window: 12,
-    finality_model: "Casper FFG — 2 epochs",
-  },
-  "eip155:8453": {
-    safe_depth: 32,
-    finality_window_seconds: 420,
-    validator_influence_window: 2,
-    finality_model: "L2 soft finality",
-    l1_chain_id: "eip155:1",
-  },
-  "eip155:84532": {
-    safe_depth: 32,
-    finality_window_seconds: 420,
-    validator_influence_window: 2,
-    finality_model: "L2 soft finality",
-    l1_chain_id: "eip155:11155111",
-  },
-  "eip155:11155111": {
-    safe_depth: 64,
-    finality_window_seconds: 720,
-    validator_influence_window: 12,
-    finality_model: "Casper FFG — 2 epochs",
-  },
-};
-
-function rpcCall(url, method, params) {
-  return new Promise((resolve, reject) => {
-    const body = JSON.stringify({ jsonrpc: "2.0", id: 1, method, params });
-    const urlObj = new URL(url);
-    const options = {
-      hostname: urlObj.hostname,
-      path: urlObj.pathname,
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "Content-Length": Buffer.byteLength(body),
-      },
-    };
-    const req = https.request(options, (res) => {
-      let data = "";
-      res.on("data", (chunk) => { data += chunk; });
-      res.on("end", () => {
-        try {
-          const parsed = JSON.parse(data);
-          if (parsed.error) reject(new Error(`RPC error: ${parsed.error.message}`));
-          else resolve(parsed.result);
-        } catch (e) {
-          reject(new Error(`Failed to parse RPC response: ${data}`));
-        }
-      });
-    });
-    req.on("error", reject);
-    req.write(body);
-    req.end();
-  });
-}
-
-function toIso8601(unixSeconds) {
-  return new Date(unixSeconds * 1000).toISOString();
-}
-
-function normalizeHexDigest(value, fieldName) {
-  if (typeof value !== "string") {
-    throw new TypeError(`${fieldName} must be a string`);
-  }
-  if (!/^0x[0-9a-fA-F]{64}$/.test(value)) {
-    throw new Error(`${fieldName} must be a 0x-prefixed 32-byte hex digest`);
-  }
-  return value.toLowerCase();
-}
-
-async function getTemporalBound(txHash, chainId, rpcUrl) {
-  if (!txHash || !/^0x[0-9a-fA-F]{64}$/.test(txHash)) {
-    throw new Error("txHash must be a 0x-prefixed 32-byte hex string");
-  }
-
-  const finality = FINALITY[chainId];
-  if (!finality) {
-    throw new Error(`unsupported chainId: ${chainId} — add to FINALITY table`);
-  }
-
-  const resolvedRpc = rpcUrl || RPC[chainId];
-  if (!resolvedRpc) {
-    throw new Error(`no RPC endpoint for chain ${chainId} — pass rpcUrl explicitly`);
-  }
-
-  // Step 1 — fetch transaction receipt to get block number
-  let receipt;
-  try {
-    receipt = await rpcCall(resolvedRpc, "eth_getTransactionReceipt", [txHash]);
-  } catch (e) {
-    throw new Error(`RPC call failed: ${e.message}`);
-  }
-  if (!receipt) throw new Error(`transaction not found: ${txHash}`);
-
-  const blockNumber = parseInt(receipt.blockNumber, 16);
-
-  // Step 2 — fetch block to get timestamp
-  let block;
-  try {
-    block = await rpcCall(resolvedRpc, "eth_getBlockByNumber", [receipt.blockNumber, false]);
-  } catch (e) {
-    throw new Error(`RPC call failed fetching block: ${e.message}`);
-  }
-  if (!block) throw new Error(`block not found: ${receipt.blockNumber}`);
-
-  const blockTimestamp = parseInt(block.timestamp, 16);
-
-  // Step 3 — fetch current block number to compute finality depth
-  let currentBlockHex;
-  try {
-    currentBlockHex = await rpcCall(resolvedRpc, "eth_blockNumber", []);
-  } catch (e) {
-    throw new Error(`RPC call failed fetching current block: ${e.message}`);
-  }
-  const currentBlock = parseInt(currentBlockHex, 16);
-  const depth = currentBlock - blockNumber;
-  const finalized = depth >= finality.safe_depth;
-
-  // Step 4 — compute upper bound
-  const upperBound = blockTimestamp + finality.validator_influence_window;
-
-  return {
-    tx_hash: txHash,
-    chain_id: chainId,
-    block_number: blockNumber,
-    block_timestamp: blockTimestamp,
-    block_timestamp_iso: toIso8601(blockTimestamp),
-    finality_depth_confirmed: depth,
-    finality_depth_required: finality.safe_depth,
-    finality_model: finality.finality_model,
-    finalized,
-    validator_influence_window: finality.validator_influence_window,
-    upper_bound: upperBound,
-    upper_bound_iso: toIso8601(upperBound),
-  };
-}
-
-module.exports = {
-  getTemporalBound,
-  FINALITY,
-};

package/reference-cli/verify.js

@@ -1,241 +0,0 @@
-#!/usr/bin/env node
-
-// OCP Reference Verifier v2.1.0
-// Implements: evm/event-log extraction rule
-// Dependencies: zero — Node.js stdlib only (https, crypto, fs)
-// Spec: docs/spec/appendix-evm-r.md
-
-"use strict";
-
-const fs = require("fs");
-const crypto = require("crypto");
-const https = require("https");
-
-// RPC endpoints — no API key required
-const RPC = {
-  "eip155:84532":    "https://sepolia.base.org",
-  "eip155:8453":     "https://mainnet.base.org",
-  "eip155:1":        "https://cloudflare-eth.com",
-  "eip155:11155111": "https://rpc.sepolia.org",
-};
-
-// Network name to CAIP-2 chain ID (proof-format-v1 compatibility)
-const NETWORK_TO_CHAIN_ID = {
-  "base-sepolia": "eip155:84532",
-  "base":         "eip155:8453",
-  "mainnet":      "eip155:1",
-  "homestead":    "eip155:1",
-  "sepolia":      "eip155:11155111",
-};
-
-// keccak256("Recorded(bytes32,address)")
-// Confirmed from live Base Sepolia transaction logs
-const KNOWN_EVENT_TOPIC = "0xdca60c2087041cbb12d9a57628c6cad28ecbd0437e47c7ab6c3aa6e162bf4497";
-
-// Identity pipeline sentinel hash
-// Canonical identity spec: ipfs://QmTst97dG8i9tFrutdetqMbVhSHqJGJaxMmPzWCcVVTWDU
-// Confirmed independently against Dinamic.eth implementation — locked
-const IDENTITY_PIPELINE_SENTINEL = "8116eec29078e8f57c07077d5e8080a35bde73036581df3abb93755d1b1a16ea";
-
-function fail(message) {
-  console.error(`INVALID: ${message}`);
-  process.exit(1);
-}
-
-function log(message) {
-  console.log(message);
-}
-
-function rpcCall(url, method, params) {
-  return new Promise((resolve, reject) => {
-    const body = JSON.stringify({ jsonrpc: "2.0", id: 1, method, params });
-    const urlObj = new URL(url);
-    const options = {
-      hostname: urlObj.hostname,
-      path: urlObj.pathname,
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "Content-Length": Buffer.byteLength(body),
-      },
-    };
-    const req = https.request(options, (res) => {
-      let data = "";
-      res.on("data", (chunk) => { data += chunk; });
-      res.on("end", () => {
-        try {
-          const parsed = JSON.parse(data);
-          if (parsed.error) reject(new Error(`RPC error: ${parsed.error.message}`));
-          else resolve(parsed.result);
-        } catch (e) {
-          reject(new Error(`Failed to parse RPC response: ${data}`));
-        }
-      });
-    });
-    req.on("error", reject);
-    req.write(body);
-    req.end();
-  });
-}
-
-function normalizeHash(h) {
-  if (!h) return null;
-  return h.toLowerCase().startsWith("0x") ? h.toLowerCase() : "0x" + h.toLowerCase();
-}
-
-function stripPrefix(h) {
-  if (!h) return null;
-  return h.toLowerCase().startsWith("0x") ? h.slice(2).toLowerCase() : h.toLowerCase();
-}
-
-function applyExtractionRule(receipt, eventTopic) {
-  const extracted = new Set();
-  if (!receipt.logs || !Array.isArray(receipt.logs)) return extracted;
-  for (const log of receipt.logs) {
-    if (!log.topics || log.topics.length < 2) continue;
-    if (normalizeHash(log.topics[0]) !== normalizeHash(eventTopic)) continue;
-    const digest = stripPrefix(log.topics[1]);
-    if (digest) extracted.add(digest);
-  }
-  return extracted;
-}
-
-async function main() {
-  const [, , filePath, proofArg] = process.argv;
-
-  if (!filePath) {
-    console.error("Usage: ocp-verify <file> [proof.json]");
-    console.error("");
-    console.error("Environment:");
-    console.error("  OCP_RPC_URL=<url>   Override RPC endpoint (optional)");
-    process.exit(1);
-  }
-
-  if (!fs.existsSync(filePath)) fail(`file not found: ${filePath}`);
-
-  const proofPath = proofArg || filePath.replace(/(\.[^/.]+)?$/, ".proof.json");
-  if (!fs.existsSync(proofPath)) fail(`proof not found: ${proofPath}`);
-
-  const fileBytes = fs.readFileSync(filePath);
-  let proof;
-  try {
-    proof = JSON.parse(fs.readFileSync(proofPath, "utf8"));
-  } catch {
-    fail("invalid JSON in proof file");
-  }
-
-  const isEnvelope = !!proof.ocp;
-  const isV1 = proof.version === "ocp-1";
-  if (!isEnvelope && !isV1) fail("unrecognized proof format — expected ocp-1 or envelope format");
-
-  let txHash, chainId, commitmentDigest, blockHash;
-
-  if (isV1) {
-    const requiredFields = ["version", "hash", "txHash", "network", "contract", "extractionRule"];
-    for (const field of requiredFields) {
-      if (!proof[field]) fail(`missing required field: ${field}`);
-    }
-    if (!/^0x[a-f0-9]{64}$/.test(proof.hash))        fail("invalid hash format");
-    if (!/^0x[a-fA-F0-9]{64}$/.test(proof.txHash))   fail("invalid txHash format");
-    if (!/^0x[a-fA-F0-9]{40}$/.test(proof.contract)) fail("invalid contract format");
-
-    txHash           = proof.txHash;
-    chainId          = NETWORK_TO_CHAIN_ID[proof.network];
-    commitmentDigest = stripPrefix(proof.hash);
-    blockHash        = null;
-
-    if (!chainId) fail(`unknown network: ${proof.network} — add to NETWORK_TO_CHAIN_ID`);
-
-  } else {
-    if (!proof.chain?.id)                  fail("missing chain.id");
-    if (!proof.chain?.namespace)           fail("missing chain.namespace");
-    if (!proof.commitment?.digest)         fail("missing commitment.digest");
-    if (!proof.commitment?.hash_function)  fail("missing commitment.hash_function");
-    if (!proof.commitment?.serialization)  fail("missing commitment.serialization");
-    if (!proof.ledger_ref?.transaction_id) fail("missing ledger_ref.transaction_id");
-    if (!proof.ledger_ref?.block_hash)     fail("missing ledger_ref.block_hash");
-    if (!proof.extraction?.rule_id)        fail("missing extraction.rule_id");
-
-    if (proof.commitment.hash_function !== "sha2-256")
-      fail(`unsupported hash function: ${proof.commitment.hash_function}`);
-    if (proof.commitment.serialization !== "raw-bytes")
-      fail(`unsupported serialization: ${proof.commitment.serialization}`);
-    if (!proof.extraction.rule_id.startsWith("evm/"))
-      fail(`unsupported extraction rule namespace: ${proof.extraction.rule_id}`);
-
-    txHash           = proof.ledger_ref.transaction_id;
-    chainId          = proof.chain.id;
-    commitmentDigest = proof.commitment.digest.toLowerCase();
-    blockHash        = proof.ledger_ref.block_hash;
-  }
-
-  // Step 1 — Recompute digest
-  const computedHash = crypto.createHash("sha256").update(fileBytes).digest("hex");
-  if (computedHash !== commitmentDigest) {
-    fail(`hash mismatch\n  computed: ${computedHash}\n  proof:    ${commitmentDigest}`);
-  }
-  log(`  hash      MATCH  ${computedHash}`);
-
-  // Step 2 — Resolve RPC
-  const rpcUrl = process.env.OCP_RPC_URL || RPC[chainId];
-  if (!rpcUrl) fail(`no RPC endpoint for chain ${chainId} — set OCP_RPC_URL`);
-
-  log(`  chain     ${chainId}`);
-  log(`  rpc       ${rpcUrl}`);
-  log(`  tx        ${txHash}`);
-
-  // Step 3 — Fetch receipt
-  let receipt;
-  try {
-    receipt = await rpcCall(rpcUrl, "eth_getTransactionReceipt", [txHash]);
-  } catch (e) {
-    fail(`RPC call failed: ${e.message}`);
-  }
-  if (!receipt) fail(`transaction not found: ${txHash}`);
-
-  // Step 4 — Confirm block hash (envelope only)
-  if (blockHash) {
-    const receiptBlockHash  = normalizeHash(receipt.blockHash);
-    const expectedBlockHash = normalizeHash(blockHash);
-    if (receiptBlockHash !== expectedBlockHash) {
-      fail(`block hash mismatch\n  receipt: ${receiptBlockHash}\n  proof:   ${expectedBlockHash}`);
-    }
-    log(`  block     MATCH  ${receiptBlockHash}`);
-  }
-
-  // Step 5 — Apply extraction rule
-  const extracted = applyExtractionRule(receipt, KNOWN_EVENT_TOPIC);
-  if (extracted.size === 0) {
-    fail(
-      `no Recorded events found in transaction ${txHash}\n` +
-      `  event topic: ${KNOWN_EVENT_TOPIC}\n` +
-      `  logs found:  ${receipt.logs?.length ?? 0}`
-    );
-  }
-  log(`  logs      found ${extracted.size} Recorded event(s)`);
-
-  // Step 6 — Confirm inclusion
-  if (!extracted.has(commitmentDigest)) {
-    fail(
-      `digest not found in transaction logs\n` +
-      `  looking for: ${commitmentDigest}\n` +
-      `  found:       ${[...extracted].join(", ")}`
-    );
-  }
-  log(`  digest    MATCH  ${commitmentDigest}`);
-
-  // Step 7 — Report finality
-  if (isEnvelope && proof.ledger_ref?.finality) {
-    const { depth, assertion_time_utc } = proof.ledger_ref.finality;
-    log(`  finality  depth=${depth} at ${assertion_time_utc}`);
-    if (depth < 3) log(`  WARNING   finality depth ${depth} is below recommended minimum (3)`);
-  }
-
-  log("");
-  log("VALID");
-}
-
-main().catch((e) => {
-  console.error(`ERROR: ${e.message}`);
-  process.exit(1);
-});