aragora-verify 0.1.0__tar.gz

aragora_verify-0.1.0/.gitignore

@@ -0,0 +1,7 @@
+.nomic/
+.benchmarks/
+*.db
+*.db-shm
+*.db-wal
+dist/
+*.egg-info/

aragora_verify-0.1.0/CHANGELOG.md

@@ -0,0 +1,20 @@
+# Changelog
+
+All notable changes to `aragora-verify` are documented here. The format follows
+[Keep a Changelog](https://keepachangelog.com/) and the project uses semantic
+versioning.
+
+## [0.1.0] — unreleased
+
+### Added
+- Initial release: standalone offline verifier for Open Decision Receipts (ODR v0.1).
+- `aragora-verify <receipt.json> [--pubkey KEY] [--chain JSONL] [--json]` CLI.
+- Library API: `verify`, `load_public_key`, `compute_key_id`, `validate_structure`,
+  `jcs_canonicalize`, `odr_content_digest`.
+- Checks: ODR v0.1 schema conformance (stdlib structural validator, with optional
+  `jsonschema` rigor), RFC 8785 (JCS) canonical digest recomputation, Ed25519
+  detached-signature verification, quorum participant consistency, and hash-chain
+  linkage/anchoring.
+- Absent markers and `"undisclosed"` model families surfaced as non-failing
+  weakening signals.
+- Dependencies: Python standard library plus `cryptography`; `jsonschema` optional.

aragora_verify-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Aragora Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

aragora_verify-0.1.0/PKG-INFO

@@ -0,0 +1,136 @@
+Metadata-Version: 2.4
+Name: aragora-verify
+Version: 0.1.0
+Summary: Standalone offline verifier for Open Decision Receipts (ODR) -- check schema, JCS canonical digest, Ed25519 signature, and hash-chain linkage with no Aragora install or account.
+Project-URL: Homepage, https://github.com/synaptent/aragora
+Project-URL: Documentation, https://github.com/synaptent/aragora/blob/main/docs/specs/OPEN_DECISION_RECEIPT.md
+Project-URL: Repository, https://github.com/synaptent/aragora/tree/main/aragora-verify
+Project-URL: Changelog, https://github.com/synaptent/aragora/blob/main/aragora-verify/CHANGELOG.md
+Project-URL: Bug Tracker, https://github.com/synaptent/aragora/issues
+Author-email: Aragora <team@aragora.dev>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: ai-governance,audit-trail,decision-integrity,decision-receipt,ed25519,eu-ai-act,jcs,odr,offline-verification,open-decision-receipt,rfc8785
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Legal Industry
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: cryptography>=41.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Provides-Extra: schema
+Requires-Dist: jsonschema>=4.0; extra == 'schema'
+Description-Content-Type: text/markdown
+
+# aragora-verify
+
+**Verify an [Open Decision Receipt](https://github.com/synaptent/aragora/blob/main/docs/specs/OPEN_DECISION_RECEIPT.md) offline — no Aragora install, no server, no account.**
+
+Action-level receipts (Microsoft AGT, SCITT, in-toto/SLSA) prove *what happened
+and whether policy allowed it*. An **Open Decision Receipt (ODR)** proves the
+layer above: *why it was decided, who adversarially examined it with what model
+diversity, who dissented, how calibrated the confidence was, and whether an
+accountable human accepted the risk.*
+
+`aragora-verify` is the free, standalone tool that lets anyone — an auditor, a
+customer, a skeptic — check such a receipt is genuine and well-formed:
+
+- **Schema conformance** to the ODR v0.1 content profile.
+- **Canonical digest** — recomputes `SHA-256(JCS(receipt − signatures))` per
+  RFC 8785, the value any detached signature covers.
+- **Ed25519 signature** — verifies detached signatures with only the public key.
+- **Quorum consistency** — every supporting/dissenting agent is a disclosed
+  participant (a mismatch is a tamper/malformed signal).
+- **Hash-chain linkage** — when a chain is supplied, the receipt is anchored in
+  it and the links are continuous.
+
+It depends only on the Python standard library plus `cryptography`.
+
+## Install
+
+```bash
+pip install aragora-verify
+```
+
+## Use
+
+```bash
+# Structural + canonical-digest check
+aragora-verify receipt.odr.json
+
+# Full authenticity check against the issuer's published public key
+aragora-verify receipt.odr.json --pubkey aragora-odr-signing-key.pem
+
+# Also confirm the receipt is anchored in a hash chain
+aragora-verify receipt.odr.json --pubkey key.pem --chain intent-chain.jsonl
+
+# Machine-readable result
+aragora-verify receipt.odr.json --pubkey key.pem --json
+```
+
+Exit code `0` means verified (no failed checks, and any present signatures were
+checked); `1` means a check failed; `2` is a usage/input error; `3` means the
+receipt is structurally OK but carries signatures that were **not** checked
+(no `--pubkey` supplied) — authenticity is unestablished, so it is deliberately
+not reported as `0`/VERIFIED.
+
+The public key for receipts emitted by an Aragora deployment is published at
+`GET /.well-known/aragora-odr-signing-key` and `GET /api/v2/receipts/signing-key`.
+
+### Weakening vs. failing
+
+Absent markers (`{"status": "absent", ...}`) and `"undisclosed"` model families
+are **honesty signals** — a receipt full of them is visibly weak, not a
+strong-looking fabrication. They are reported as *weakening signals* and do
+**not** fail verification; the policy thresholds (e.g. "require ≥2 model
+families", "require human attestation") are yours to apply on top.
+
+### Known limitations (v0.1)
+
+The verifier is deliberately conservative and these are documented, not silent:
+
+- **Hash-chain (`--chain`) is anchoring + self-consistency, not integrity.** It
+  confirms the receipt's content digest appears in the chain and that declared
+  `prev_hash`/`hash` links are internally consistent, but it does **not** recompute
+  entry hashes — so it reports `chain_link` as `WARN` when links are present. A
+  party who controls the chain file can fabricate consistent-looking linkage; the
+  chain is corroborating evidence, not a tamper proof on its own.
+- **Signature verification is single-key, Ed25519-only.** It verifies that at least
+  one `signatures[]` entry validates against the supplied `--pubkey` (and fails if
+  an entry targeting that key fails). Richer multi-signer / threshold policies are
+  out of scope for v0.1.
+- **I-JSON numeric range.** Canonicalization assumes IEEE-754-double-safe numbers
+  (per RFC 8785 / I-JSON). Integers at or beyond 1e21 are not expected in ODR
+  payloads and are not specially handled.
+
+## Library
+
+```python
+from aragora_verify import verify, load_public_key
+
+result = verify(receipt_dict, public_key=load_public_key(pem_bytes))
+print(result.ok, result.odr_digest)
+for check in result.checks:
+    print(check.name, check.status, check.detail)
+```
+
+## What this is part of
+
+ODR-3 of the [Open Decision Receipt epic](https://github.com/synaptent/aragora/issues/8223).
+The verifier is free and standalone by design — the *emitter* (adversarial
+debate + signed decision receipts) is the product. See the
+[content-profile spec](https://github.com/synaptent/aragora/blob/main/docs/specs/OPEN_DECISION_RECEIPT.md).
+
+## License
+
+MIT

aragora_verify-0.1.0/README.md

@@ -0,0 +1,102 @@
+# aragora-verify
+
+**Verify an [Open Decision Receipt](https://github.com/synaptent/aragora/blob/main/docs/specs/OPEN_DECISION_RECEIPT.md) offline — no Aragora install, no server, no account.**
+
+Action-level receipts (Microsoft AGT, SCITT, in-toto/SLSA) prove *what happened
+and whether policy allowed it*. An **Open Decision Receipt (ODR)** proves the
+layer above: *why it was decided, who adversarially examined it with what model
+diversity, who dissented, how calibrated the confidence was, and whether an
+accountable human accepted the risk.*
+
+`aragora-verify` is the free, standalone tool that lets anyone — an auditor, a
+customer, a skeptic — check such a receipt is genuine and well-formed:
+
+- **Schema conformance** to the ODR v0.1 content profile.
+- **Canonical digest** — recomputes `SHA-256(JCS(receipt − signatures))` per
+  RFC 8785, the value any detached signature covers.
+- **Ed25519 signature** — verifies detached signatures with only the public key.
+- **Quorum consistency** — every supporting/dissenting agent is a disclosed
+  participant (a mismatch is a tamper/malformed signal).
+- **Hash-chain linkage** — when a chain is supplied, the receipt is anchored in
+  it and the links are continuous.
+
+It depends only on the Python standard library plus `cryptography`.
+
+## Install
+
+```bash
+pip install aragora-verify
+```
+
+## Use
+
+```bash
+# Structural + canonical-digest check
+aragora-verify receipt.odr.json
+
+# Full authenticity check against the issuer's published public key
+aragora-verify receipt.odr.json --pubkey aragora-odr-signing-key.pem
+
+# Also confirm the receipt is anchored in a hash chain
+aragora-verify receipt.odr.json --pubkey key.pem --chain intent-chain.jsonl
+
+# Machine-readable result
+aragora-verify receipt.odr.json --pubkey key.pem --json
+```
+
+Exit code `0` means verified (no failed checks, and any present signatures were
+checked); `1` means a check failed; `2` is a usage/input error; `3` means the
+receipt is structurally OK but carries signatures that were **not** checked
+(no `--pubkey` supplied) — authenticity is unestablished, so it is deliberately
+not reported as `0`/VERIFIED.
+
+The public key for receipts emitted by an Aragora deployment is published at
+`GET /.well-known/aragora-odr-signing-key` and `GET /api/v2/receipts/signing-key`.
+
+### Weakening vs. failing
+
+Absent markers (`{"status": "absent", ...}`) and `"undisclosed"` model families
+are **honesty signals** — a receipt full of them is visibly weak, not a
+strong-looking fabrication. They are reported as *weakening signals* and do
+**not** fail verification; the policy thresholds (e.g. "require ≥2 model
+families", "require human attestation") are yours to apply on top.
+
+### Known limitations (v0.1)
+
+The verifier is deliberately conservative and these are documented, not silent:
+
+- **Hash-chain (`--chain`) is anchoring + self-consistency, not integrity.** It
+  confirms the receipt's content digest appears in the chain and that declared
+  `prev_hash`/`hash` links are internally consistent, but it does **not** recompute
+  entry hashes — so it reports `chain_link` as `WARN` when links are present. A
+  party who controls the chain file can fabricate consistent-looking linkage; the
+  chain is corroborating evidence, not a tamper proof on its own.
+- **Signature verification is single-key, Ed25519-only.** It verifies that at least
+  one `signatures[]` entry validates against the supplied `--pubkey` (and fails if
+  an entry targeting that key fails). Richer multi-signer / threshold policies are
+  out of scope for v0.1.
+- **I-JSON numeric range.** Canonicalization assumes IEEE-754-double-safe numbers
+  (per RFC 8785 / I-JSON). Integers at or beyond 1e21 are not expected in ODR
+  payloads and are not specially handled.
+
+## Library
+
+```python
+from aragora_verify import verify, load_public_key
+
+result = verify(receipt_dict, public_key=load_public_key(pem_bytes))
+print(result.ok, result.odr_digest)
+for check in result.checks:
+    print(check.name, check.status, check.detail)
+```
+
+## What this is part of
+
+ODR-3 of the [Open Decision Receipt epic](https://github.com/synaptent/aragora/issues/8223).
+The verifier is free and standalone by design — the *emitter* (adversarial
+debate + signed decision receipts) is the product. See the
+[content-profile spec](https://github.com/synaptent/aragora/blob/main/docs/specs/OPEN_DECISION_RECEIPT.md).
+
+## License
+
+MIT

aragora_verify-0.1.0/pyproject.toml

@@ -0,0 +1,71 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "aragora-verify"
+version = "0.1.0"
+description = "Standalone offline verifier for Open Decision Receipts (ODR) -- check schema, JCS canonical digest, Ed25519 signature, and hash-chain linkage with no Aragora install or account."
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.10"
+authors = [
+    { name = "Aragora", email = "team@aragora.dev" },
+]
+keywords = [
+    "decision-receipt",
+    "open-decision-receipt",
+    "odr",
+    "offline-verification",
+    "ed25519",
+    "jcs",
+    "rfc8785",
+    "audit-trail",
+    "ai-governance",
+    "eu-ai-act",
+    "decision-integrity",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Legal Industry",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security :: Cryptography",
+    "Topic :: Software Development :: Quality Assurance",
+    "Typing :: Typed",
+]
+dependencies = [
+    "cryptography>=41.0",
+]
+
+[project.optional-dependencies]
+schema = ["jsonschema>=4.0"]
+dev = ["pytest>=8.0"]
+
+[project.scripts]
+aragora-verify = "aragora_verify.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/synaptent/aragora"
+Documentation = "https://github.com/synaptent/aragora/blob/main/docs/specs/OPEN_DECISION_RECEIPT.md"
+Repository = "https://github.com/synaptent/aragora/tree/main/aragora-verify"
+Changelog = "https://github.com/synaptent/aragora/blob/main/aragora-verify/CHANGELOG.md"
+"Bug Tracker" = "https://github.com/synaptent/aragora/issues"
+
+[tool.hatch.build.targets.sdist]
+exclude = ["CLAUDE.md", "**/CLAUDE.md", ".nomic/", ".benchmarks/"]
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/aragora_verify"]
+
+[tool.hatch.build.targets.wheel.force-include]
+"src/aragora_verify/odr_schema.json" = "aragora_verify/odr_schema.json"
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]

aragora_verify-0.1.0/src/aragora_verify/__init__.py

@@ -0,0 +1,53 @@
+"""aragora-verify — standalone offline verifier for Open Decision Receipts.
+
+Validate an ODR v0.1 receipt with nothing but the receipt JSON (and optionally
+a public key and a hash chain): schema conformance, RFC 8785 (JCS) canonical
+digest, Ed25519 detached signature, quorum consistency, and hash-chain linkage.
+
+No Aragora install, no server, no account. The emitter is the product; the
+verifier is free.
+
+    from aragora_verify import verify, load_public_key
+    result = verify(receipt_dict, public_key=load_public_key(pem_bytes))
+    assert result.ok
+"""
+
+from __future__ import annotations
+
+from .jcs import jcs_canonicalize, odr_content_digest
+from .schema import ODR_PROFILE_URI, ODR_VERSION, validate_structure
+from .verifier import (
+    Check,
+    VerificationError,
+    VerifyResult,
+    compute_key_id,
+    load_public_key,
+    verify,
+)
+
+# Single-source the version from installed package metadata (pyproject.toml is
+# the only place the number lives). Falls back when running from a source tree
+# with no installed dist metadata.
+from importlib.metadata import PackageNotFoundError, version as _pkg_version
+
+try:
+    __version__ = _pkg_version("aragora-verify")
+except PackageNotFoundError:  # pragma: no cover - source tree without metadata
+    __version__ = "0.0.0+source"
+
+del PackageNotFoundError, _pkg_version
+
+__all__ = [
+    "__version__",
+    "verify",
+    "load_public_key",
+    "compute_key_id",
+    "validate_structure",
+    "jcs_canonicalize",
+    "odr_content_digest",
+    "Check",
+    "VerifyResult",
+    "VerificationError",
+    "ODR_VERSION",
+    "ODR_PROFILE_URI",
+]

aragora_verify-0.1.0/src/aragora_verify/__main__.py

@@ -0,0 +1,6 @@
+from __future__ import annotations
+
+from .cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

aragora_verify-0.1.0/src/aragora_verify/cli.py

@@ -0,0 +1,104 @@
+"""``aragora-verify`` command-line interface.
+
+    aragora-verify receipt.json [--pubkey key.pem] [--chain chain.jsonl] [--json]
+
+Exit status: ``0`` when the receipt verifies (no failed checks and any present
+signatures were checked), ``1`` when any check fails, ``2`` for usage/input
+errors, ``3`` when the receipt is structurally OK but carries signatures that
+were never checked (no ``--pubkey`` supplied). With ``--json`` the structured
+:class:`~aragora_verify.verifier.VerifyResult` is printed instead of the report.
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+import sys
+from typing import Sequence
+
+from . import __version__
+from .verifier import VerificationError, VerifyResult, verify_path
+
+_GLYPH = {"pass": "PASS", "fail": "FAIL", "warn": "WARN", "skip": "----"}
+
+
+def _render(result: VerifyResult) -> str:
+    lines: list[str] = []
+    if not result.ok:
+        verdict = "FAILED"
+    elif result.authenticity_unverified:
+        verdict = "UNVERIFIED"
+    else:
+        verdict = "VERIFIED"
+    lines.append(f"Open Decision Receipt — {verdict}")
+    lines.append(f"  receipt_id: {result.receipt_id or '<missing>'}")
+    if result.odr_digest:
+        lines.append(f"  odr_digest: sha-256:{result.odr_digest}")
+    if verdict == "UNVERIFIED":
+        lines.append(
+            "  note: signatures are present but were NOT checked (no --pubkey); "
+            "authenticity is NOT established"
+        )
+    lines.append("")
+    lines.append("  checks:")
+    for check in result.checks:
+        lines.append(f"    [{_GLYPH.get(check.status, check.status)}] {check.name}: {check.detail}")
+    if result.warnings:
+        lines.append("")
+        lines.append("  weakening signals (do not fail verification):")
+        for warning in result.warnings:
+            lines.append(f"    ! {warning}")
+    lines.append("")
+    lines.append(f"  => {verdict}")
+    return "\n".join(lines)
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="aragora-verify",
+        description=(
+            "Offline verifier for Open Decision Receipts (ODR v0.1): schema "
+            "conformance, JCS canonical digest, Ed25519 signature, hash-chain "
+            "link, and quorum consistency. No Aragora install or account required."
+        ),
+    )
+    parser.add_argument("receipt", help="path to the ODR receipt JSON")
+    parser.add_argument(
+        "--pubkey",
+        metavar="KEY",
+        help="Ed25519 public key (PEM/DER/raw/base64/hex) to verify signatures with",
+    )
+    parser.add_argument(
+        "--chain",
+        metavar="JSONL",
+        help="hash-chain file (JSONL); checks the receipt is anchored and the chain links",
+    )
+    parser.add_argument("--json", action="store_true", help="emit the structured result as JSON")
+    parser.add_argument("--version", action="version", version=f"aragora-verify {__version__}")
+    return parser
+
+
+def main(argv: Sequence[str] | None = None) -> int:
+    args = build_parser().parse_args(argv)
+    try:
+        result = verify_path(args.receipt, pubkey_path=args.pubkey, chain_path=args.chain)
+    except FileNotFoundError as exc:
+        print(f"error: file not found: {exc.filename}", file=sys.stderr)
+        return 2
+    except (json.JSONDecodeError, VerificationError) as exc:
+        print(f"error: {exc}", file=sys.stderr)
+        return 2
+
+    if args.json:
+        print(json.dumps(result.to_dict(), indent=2, sort_keys=True))
+    else:
+        print(_render(result))
+    if not result.ok:
+        return 1
+    if result.authenticity_unverified:
+        return 3  # structurally OK but present signatures were never checked
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

aragora_verify-0.1.0/src/aragora_verify/jcs.py

@@ -0,0 +1,136 @@
+"""RFC 8785 (JSON Canonicalization Scheme) for Open Decision Receipts.
+
+A dependency-free port of ``aragora.gauntlet.odr_export.jcs_canonicalize`` so
+that ``aragora-verify`` can recompute an ODR receipt's content digest without
+installing Aragora. Byte-for-byte identical output to the reference emitter is
+the whole point: the digest a verifier computes here must match the digest the
+signatures cover.
+
+Canonicalization rules (RFC 8785):
+
+- UTF-8 output, no insignificant whitespace;
+- object members sorted by UTF-16 code units;
+- strings minimally escaped per JSON with lowercase ``\\u00xx`` for controls;
+- numbers serialized with the ECMAScript ``Number::toString`` shortest
+  round-trip algorithm; ``NaN``/``Infinity`` are forbidden.
+
+ODR payloads are I-JSON-safe (no numbers needing more than IEEE-754 double
+precision), so any conforming JCS implementation produces identical bytes.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import json
+import math
+from typing import Any
+
+__all__ = ["jcs_canonicalize", "odr_content_digest"]
+
+_ES_INT_LIMIT = 10**21  # ECMAScript switches to exponent notation at 1e21.
+
+
+def _es_number_to_string(value: float) -> str:
+    """Serialize a float per ECMAScript ``Number::toString`` (RFC 8785 3.2.2.3)."""
+    if math.isnan(value) or math.isinf(value):
+        raise ValueError("NaN and Infinity cannot be canonicalized per RFC 8785")
+    if value == 0:
+        # Covers -0.0 as well: JCS serializes negative zero as "0".
+        return "0"
+
+    sign = "-" if value < 0 else ""
+    # Python's repr() yields the shortest digit string that round-trips the
+    # IEEE-754 double, the same digit selection ECMAScript uses. Only the
+    # *formatting* rules differ; they are applied below.
+    text = repr(abs(value))
+    if "e" in text or "E" in text:
+        mantissa, _, exp_text = text.lower().partition("e")
+        exponent = int(exp_text)
+    else:
+        mantissa, exponent = text, 0
+
+    if "." in mantissa:
+        int_part, frac_part = mantissa.split(".", 1)
+    else:
+        int_part, frac_part = mantissa, ""
+
+    digits = int_part + frac_part
+    point = len(int_part) + exponent
+
+    stripped = digits.lstrip("0")
+    point -= len(digits) - len(stripped)
+    digits = stripped.rstrip("0")
+
+    k = len(digits)
+    n = point
+    if k <= n <= 21:
+        out = digits + "0" * (n - k)
+    elif 0 < n <= 21:
+        out = digits[:n] + "." + digits[n:]
+    elif -6 < n <= 0:
+        out = "0." + "0" * (-n) + digits
+    else:
+        e = n - 1
+        head = digits[0] + ("." + digits[1:] if k > 1 else "")
+        out = f"{head}e{'+' if e >= 0 else '-'}{abs(e)}"
+    return sign + out
+
+
+def _jcs_serialize(value: Any, out: list[str]) -> None:
+    """Append the JCS serialization of ``value`` to ``out``."""
+    if value is None:
+        out.append("null")
+    elif value is True:
+        out.append("true")
+    elif value is False:
+        out.append("false")
+    elif isinstance(value, str):
+        out.append(json.dumps(value, ensure_ascii=False))
+    elif isinstance(value, int):
+        if abs(value) < _ES_INT_LIMIT:
+            out.append(str(value))
+        else:
+            out.append(_es_number_to_string(float(value)))
+    elif isinstance(value, float):
+        out.append(_es_number_to_string(value))
+    elif isinstance(value, (list, tuple)):
+        out.append("[")
+        for i, item in enumerate(value):
+            if i:
+                out.append(",")
+            _jcs_serialize(item, out)
+        out.append("]")
+    elif isinstance(value, dict):
+        out.append("{")
+        # RFC 8785 sorts member names by UTF-16 code units; comparing the
+        # UTF-16BE encodings byte-wise is equivalent.
+        keys = sorted(value.keys(), key=lambda k: str(k).encode("utf-16-be"))
+        for i, key in enumerate(keys):
+            if i:
+                out.append(",")
+            if not isinstance(key, str):
+                raise TypeError(f"JCS object member names must be strings, got {type(key)!r}")
+            out.append(json.dumps(key, ensure_ascii=False))
+            out.append(":")
+            _jcs_serialize(value[key], out)
+        out.append("}")
+    else:
+        raise TypeError(f"Type {type(value)!r} is not JCS-serializable")
+
+
+def jcs_canonicalize(value: Any) -> bytes:
+    """Canonicalize ``value`` to RFC 8785 (JCS) UTF-8 bytes."""
+    out: list[str] = []
+    _jcs_serialize(value, out)
+    return "".join(out).encode("utf-8")
+
+
+def odr_content_digest(odr: dict[str, Any]) -> str:
+    """SHA-256 hex digest over the JCS bytes of the ODR payload.
+
+    The ``signatures`` array is excluded so that attaching detached signatures
+    never changes the digest they cover. This mirrors
+    ``aragora.gauntlet.odr_export.odr_content_digest`` exactly.
+    """
+    payload = {k: v for k, v in odr.items() if k != "signatures"}
+    return hashlib.sha256(jcs_canonicalize(payload)).hexdigest()