twzrd-receipt-verifier 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -0
- package/package.json +1 -6
- package/verify_twzrd_receipt.js +29 -11
package/README.md
CHANGED
|
@@ -14,6 +14,21 @@ This tool recomputes the leaf **and** checks the signature against the published
|
|
|
14
14
|
key. If it says `VALID`, the receipt was authored by TWZRD and was not altered.
|
|
15
15
|
Unsigned, wrong-key, or tampered receipts fail.
|
|
16
16
|
|
|
17
|
+
## Where this fits: the agent trust loop
|
|
18
|
+
|
|
19
|
+
This verifier is the **last step** of the x402 trust rail an agent runs before and
|
|
20
|
+
after it spends:
|
|
21
|
+
|
|
22
|
+
1. **Discover** a model/provider - [`wzrd-client`](https://pypi.org/project/wzrd-client/) (PyPI) or [`@wzrd_sol/sdk`](https://www.npmjs.com/package/@wzrd_sol/sdk) (npm)
|
|
23
|
+
2. **Preflight** the seller wallet, free - `POST https://intel.twzrd.xyz/v1/intel/preflight` (or MCP `get_readiness_card_tool`)
|
|
24
|
+
3. **Pay** with a signed receipt - `GET https://intel.twzrd.xyz/v1/intel/trust/{seller}` (0.05 USDC, x402)
|
|
25
|
+
4. **Verify** the receipt offline - **this package** (trust nothing but the bytes + the public key)
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
# zero-install: verify a receipt straight from the published package
|
|
29
|
+
npx twzrd-receipt-verifier receipt.json --pubkey 9V6Pn19kiUA5Rn6JpQfNduanvGt2aXGwsarosNfa2Ldf
|
|
30
|
+
```
|
|
31
|
+
|
|
17
32
|
## The published signing key
|
|
18
33
|
|
|
19
34
|
| field | value |
|
package/package.json
CHANGED
|
@@ -1,14 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "twzrd-receipt-verifier",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.3",
|
|
4
4
|
"description": "Standalone offline verifier for TWZRD AO-Receipt V5 (Ed25519-signed keccak256 leaf). No trust in TWZRD servers or code.",
|
|
5
5
|
"keywords": ["twzrd", "x402", "solana", "ed25519", "keccak256", "receipt", "verifier", "agent", "attestation"],
|
|
6
6
|
"homepage": "https://intel.twzrd.xyz",
|
|
7
|
-
"repository": {
|
|
8
|
-
"type": "git",
|
|
9
|
-
"url": "git+https://github.com/twzrd-sol/wzrd-final.git",
|
|
10
|
-
"directory": "packages/twzrd-agent-intel/verifier"
|
|
11
|
-
},
|
|
12
7
|
"license": "MIT",
|
|
13
8
|
"author": "TWZRD",
|
|
14
9
|
"bin": {
|
package/verify_twzrd_receipt.js
CHANGED
|
@@ -69,17 +69,35 @@ function recomputeLeaf(pre) {
|
|
|
69
69
|
}
|
|
70
70
|
|
|
71
71
|
function fetchPublishedPubkey(baseUrl) {
|
|
72
|
-
const
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
72
|
+
const base = baseUrl.replace(/\/+$/, '');
|
|
73
|
+
const paths = [
|
|
74
|
+
'/.well-known/twzrd-receipt-pubkey',
|
|
75
|
+
'/v1/intel/pubkey',
|
|
76
|
+
'/.well-known/x402',
|
|
77
|
+
];
|
|
78
|
+
const headers = { 'User-Agent': 'twzrd-receipt-verifier/1.0' };
|
|
79
|
+
|
|
80
|
+
function fetchPath(i) {
|
|
81
|
+
if (i >= paths.length) return Promise.reject(new Error('no pubkey endpoint responded'));
|
|
82
|
+
const path = paths[i];
|
|
83
|
+
return new Promise((resolve, reject) => {
|
|
84
|
+
https.get(base + path, { headers }, (res) => {
|
|
85
|
+
let body = '';
|
|
86
|
+
res.on('data', (c) => (body += c));
|
|
87
|
+
res.on('end', () => {
|
|
88
|
+
try {
|
|
89
|
+
const doc = JSON.parse(body);
|
|
90
|
+
resolve(path.endsWith('/x402')
|
|
91
|
+
? doc.receipt.signature.public_key
|
|
92
|
+
: doc.public_key);
|
|
93
|
+
} catch (e) {
|
|
94
|
+
reject(e);
|
|
95
|
+
}
|
|
96
|
+
});
|
|
97
|
+
}).on('error', (err) => fetchPath(i + 1).then(resolve, reject));
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
return fetchPath(0);
|
|
83
101
|
}
|
|
84
102
|
|
|
85
103
|
function verify(receipt, trustedPubkey) {
|