veriker 0.1.0__tar.gz

veriker-0.1.0/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

veriker-0.1.0/PKG-INFO

@@ -0,0 +1,335 @@
+Metadata-Version: 2.4
+Name: veriker
+Version: 0.1.0
+Summary: Veriker — re-derivable verification of attested artifacts: recompute the answer, don't trust the claim (open tier).
+License: Apache-2.0
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=42
+Requires-Dist: rfc8785>=0.1.4
+Requires-Dist: tuf<8,>=6.0
+Requires-Dist: py_ecc>=7
+Requires-Dist: cbor2>=5.6
+Provides-Extra: dev
+Requires-Dist: pytest>=8; extra == "dev"
+Requires-Dist: hypothesis>=6; extra == "dev"
+Requires-Dist: pycose>=1.1; extra == "dev"
+Requires-Dist: z3-solver>=4.12; extra == "dev"
+Dynamic: license-file
+
+<div align="center">
+
+# Veriker
+
+**Recompute the answer — don't trust the claim.**
+
+[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)
+[![Python](https://img.shields.io/badge/python-3.11%2B-blue.svg)](https://www.python.org/downloads/)
+[![Verify](https://img.shields.io/badge/verify-offline_·_stdlib--only-success.svg)](#-how-it-works)
+[![Verdict](https://img.shields.io/badge/verdict-OK_·_REJECT_·_ERROR-informational.svg)](#-the-verdict-ok--reject--error)
+
+**[Quick start](#-quick-start)** · **[How it works](#-how-it-works)** · **[The verdict](#-the-verdict-ok--reject--error)** · **[Producing bundles](#-producing-bundles--the-emitter-sdk)** · **[Scope and honesty](#-scope-and-honesty)**
+
+A composable, domain-agnostic verifier for **re-derivable, attested artifacts**.
+You hand it a self-contained *audit bundle* — a manifest, the input snapshots, and
+a re-derivation rule — and it **independently recomputes the declared output and
+checks it against what was committed**, returning a structured verdict made of many
+small checks instead of one opaque pass/fail.
+
+</div>
+
+---
+
+```console
+$ python examples/citation_integrity_minimal/build_bundle.py --out-dir /tmp/citation_bundle
+$ python -m veriker.cli.verify --bundle-dir /tmp/citation_bundle
+PASS  file_integrity
+PASS  spec_sha_pinning
+PASS  cross_refs
+PASS  plugin:spec_sha_pin
+PASS  plugin:file_integrity_many_small
+PASS  plugin:fragment_attestation
+PASS  plugin:coverage_sum_invariant
+PASS  plugin:source_attributes_consistency
+PASS  plugin:three_set_sum_invariant
+PASS  plugin:dispatch_record_wellformed
+PASS  plugin:stamp_lattice
+PASS  plugin:refinement_discharge
+
+PASS  (12 check(s) passed)
+$ echo $?
+0
+
+$ echo ' (tampered)' >> /tmp/citation_bundle/snapshots/src-welfare-001.txt   # one byte moves
+
+$ python -m veriker.cli.verify --bundle-dir /tmp/citation_bundle
+FAIL  file_integrity                    [bad_file_sha] 'snapshots/src-welfare-001.txt':
+      manifest_sha='89b92b23…' computed_sha='48fa2a73…'
+…
+FAIL  (3 failures across 12 check(s))
+$ echo $?
+1
+```
+
+> Real output from the **citation-integrity** pilot (long digests elided for width).
+> The source a citation claims to quote changed by one byte — two independent
+> integrity checks catch it, the verdict is `REJECT`, exit `1`. A verdict is
+> **recomputed, never asserted**: each line is a property the verifier re-derived
+> itself, and a cited source can never silently drift from the answer that stands
+> on it.
+
+---
+
+## 💡 Concept
+
+> [!NOTE]
+> **A hash proves bytes didn't change. It does not prove the answer.** An output is
+> only trustworthy if it is the correct result of running a *declared* computation
+> over *declared* inputs — and a checksum tells you nothing when something drifts.
+> An audit bundle commits *the inputs, the rule, and the claimed output*; this
+> verifier **re-derives the output and compares**, offline, with nothing but the
+> bundle directory.
+
+Tampering with an input, swapping the rule, or shipping a weaker specification all
+**fail closed** — and the verifier distinguishes "the artifact is bad" from "I
+couldn't conclude," so a green result can never be faked by crashing the checker.
+
+This is the **open tier** (Apache-2.0): the verifier, the bundle format, the
+substrate, the producer SDK, and a set of generic domain pilots. It stands
+alone — it imports no closed-tier code, and the core verify path needs **no
+network and no third-party packages** at audit time (stdlib only).
+
+---
+
+## ✨ Features
+
+| | |
+|---|---|
+| 🔁 **Recompute, don't attest** | When a bundle declares outputs, the verifier re-derives the representative output with a **verifier-side primitive** and compares it to the committed value under a pinned comparator (`exact`, `scalar_epsilon`, `set`, `text_normalized`, `structured`). |
+| 🧾 **Self-contained bundles** | A bundle is a directory — manifest + SHA-pinned specs + input snapshots + claimed outputs. The verifier reads **no outside state**. |
+| 🚦 **Tri-state verdict** | `OK` (0) / `REJECT` (1) / `ERROR` (2). "The artifact is bad" is never conflated with "the verifier couldn't conclude" — and neither is ever silently an `OK`. |
+| 🔬 **Localized failures** | Every property is its own check with its own reason — a failure points at exactly what broke, not at one opaque boolean. |
+| 🐍 **Offline, stdlib-only verify** | The core verify path makes no network calls and imports no third-party packages at audit time. |
+| 🔒 **Untrusted-bundle posture** | The core path **never executes bundle-supplied code**. Running a bundle's own re-derivation pack is an explicit, flagged opt-in for trusted hosts only. |
+| 🧰 **Producer SDK** | `audit_bundle.emitter` assembles verifier-conformant bundles (canonical, sorted, digest-matched manifests) with pluggable timestamp / causal-chain / attestation seams. |
+| 🧪 **Pilot gallery** | Self-contained example domains — text extraction, sensor fusion, lockfile resolution, graph traversal, deterministic builds, tabular SQL aggregates, ML inference, streaming windows, and more — each with its own tests. |
+
+---
+
+## 🚀 Quick start
+
+```bash
+python -m venv .venv && . .venv/bin/activate
+pip install -e ".[dev]"          # Python ≥ 3.11
+```
+
+Build a pilot — here, a **citation-integrity** bundle that proves an AI/RAG
+answer actually quotes its cited sources (no LLM in the loop: the verifier
+re-derives every cited span from the frozen source snapshots and checks each
+quote against its source under a deterministic, versioned text normalization —
+case-, whitespace-, and punctuation-insensitive, not byte-exact) — and verify
+it:
+
+```bash
+python examples/citation_integrity_minimal/build_bundle.py --out-dir /tmp/citation_bundle
+python -m veriker.cli.verify --bundle-dir /tmp/citation_bundle    # exit 0, 12 checks PASS
+```
+
+Then tamper with any committed snapshot and re-run `verify` — it fails closed
+with exit `1`, as in the demo above.
+
+<details>
+<summary><b>More pilots, more shapes</b> — every <code>examples/</code> entry is one computation shape</summary>
+
+Each pilot under `examples/` is a self-contained bundle builder plus its own
+`tests/`, demonstrating one computation shape end-to-end: text extraction,
+sensor fusion, lockfile resolution, graph traversal, seed-pinned release,
+deterministic build & compilation, raster aggregation, tabular SQL aggregates,
+integer- and float-ML inference, audio segmentation, event-time streaming
+windows, and more. Each pilot's README states the exact property it
+demonstrates — and the explicit limits of that claim.
+
+```bash
+ls examples/
+python examples/<name>/build_bundle.py --help
+```
+
+</details>
+
+---
+
+## 🔍 How it works
+
+A **bundle** is a directory the verifier can read with no outside state:
+
+```
+bundle/
+├── manifest.json     # files + SHA-256 digests, spec pins, declared outputs, typed checks
+├── spec/             # the SHA-pinned specification(s) the manifest commits to
+├── <inputs>/         # the committed input snapshots (corpus, lockfile, traces, …)
+└── outputs/          # the claimed output value(s) the verifier will re-derive and compare
+```
+
+The verifier runs **built-in steps** (file integrity, spec-SHA pinning,
+cross-references) plus a set of **typed-check plugins**, and — when the bundle
+declares outputs — **re-derivation dispatch**: it recomputes the representative
+output with a verifier-side primitive and compares it to the committed value under
+a pinned comparator (`exact`, `scalar_epsilon`, `set`, `text_normalized`,
+`structured`). Every check is reported on its own line so a failure points at
+exactly which property broke.
+
+**How is this different from a checksum?** A checksum answers "are these the same
+bytes?" This answers "is this output the deterministic result of *this* rule over
+*these* inputs, and does every committed invariant still hold?" — and it localizes
+the answer to individual checks.
+
+---
+
+## 🚦 The verdict: OK / REJECT / ERROR
+
+The verifier is **tri-state**, and the distinction is load-bearing:
+
+| Verdict  | Exit | Meaning |
+|----------|:----:|---------|
+| `OK`     | `0`  | every gating check passed. |
+| `REJECT` | `1`  | the *artifact* failed a check — tampering, drift, a forged field. |
+| `ERROR`  | `2`  | the *verifier* could not conclude — e.g. a bundle **claims** a re-derivation but the pack was not executed, or an external dependency is absent. **Never silently an `OK`.** |
+
+There is no `ERROR → retry → accept` path: both `REJECT` and `ERROR` are non-zero
+(not certified). New automation can split "artifact is bad" (`1`) from "verifier
+couldn't conclude / file a bug" (`2`); old scripts keying on `exit != 0` stay
+correct. `REJECT` is about the input; `ERROR` is about the verifier — so a
+crafted verifier-crashing input can't be laundered into a fake `REJECT`.
+
+Automation that wants more than the exit code can pass
+`--verdict-out verdict.json`: the verifier writes the full verdict face as JSON
+on **every** exit path — state and exit code, machine-stable reason codes, which
+validation layers ran, honest disclosures a green verdict still carries, and the
+SHA-256 of the manifest it judged. It is an **unsigned operational artifact**
+(the file says so in its `note` field): trust comes from deterministically
+re-running the verifier on the bundle, never from the file itself.
+
+> [!WARNING]
+> **Untrusted bundles:** the core path never executes bundle-supplied code.
+> Running a bundle's own `re_derive/*_pack.py` is arbitrary local code execution
+> and is gated behind `--unsafe-run-bundle-pack` (trusted/disposable hosts only).
+> The safe alternative — spec-pinned dispatch — runs re-derivation with
+> verifier-side primitives and is described below.
+
+---
+
+## 🧰 Producing bundles — the emitter SDK
+
+The producer side is the open SDK at **`audit_bundle.emitter`**. It assembles a
+verifier-conformant bundle (canonical, sorted, newline-terminated manifest with
+matching digests) and exposes pluggable hook seams:
+
+```python
+from audit_bundle.emitter import (
+    BundleContent, write_bundle, assemble_manifest,
+    TimestampProvider, CausalChainEmitter, AttestationProvider,
+    StaticTimestampProvider, NullCausalChainEmitter, NullAttestationProvider,
+)
+```
+
+The open defaults (`Static*` / `Null*`) emit a clean baseline bundle with no
+network calls. The `*Provider` interfaces are the extension points where richer
+timestamp / causal-chain / attestation implementations plug in. Every pilot under
+`examples/` builds its bundle this way — see any pilot's `build_bundle.py` (some
+are named `_build_bundle.py`) for a worked example, and
+`tests/test_emitter_sdk.py` for the conformance contract.
+
+### Spec-pinned dispatch (how pilots self-verify)
+
+Each pilot proves its published output is the deterministic recompute of its
+committed input under an *auditor-pinned* comparator. The auditor binding is the
+pilot's committed `spec_pinned/<domain>.spec.json` — which primitive recomputes
+the representative output, and the comparator kind. The auditor's anchor is
+derived from the committed spec **bytes**, not from the bundle's own copy, so a
+bundle that ships a weaker spec yields a digest the anchor does not list and
+verification fails closed.
+
+<details>
+<summary><b>Two equivalent wiring styles</b> in <code>examples/</code></summary>
+
+You will see two styles, distinguished by whether a `spec_pinned_check.py` is
+present:
+
+- **Current** — the spec is consumed directly in the pilot's own `verify.py` and
+  exercised by its `tests/`; there is no standalone driver. E.g.
+  `caselaw_citation_gate_minimal`, `iso42001_vnv_minimal`.
+- **Legacy** — a standalone `spec_pinned_check.py` build→verify driver alongside
+  the pilot's test. E.g. `tabular_minimal`, `raster_minimal`. Functionally
+  identical; the older pilots use it.
+
+New pilots should follow the **Current** style.
+
+</details>
+
+---
+
+## 📁 Repository layout
+
+| Path | What |
+|------|------|
+| `cli/` | Command-line tools: `verify` (the **bundle** verifier — answers "is this bundle internally valid?") and `host_digest_verify` (the **verifier-identity** check, wrapping `cosign` / `crane` to bind a running container's image digest to the TUF-fetched release digest). For ordinary local bundle verification `host_digest_verify` is optional; for a **public-release ceremony it is the required verifier-identity trust mechanism** and its result must be run and retained — `verify()` cannot answer the identity question itself. **Pre-ceremony:** the C18 TUF roots are still synthetic and no hardware-signed release has been cut, so the full TUF-gated identity flow is **not yet live** (it becomes runnable at the C18 key ceremony + first signed release). See [SECURITY.md](SECURITY.md) → "Verifier-identity trust boundary (C18)". |
+| `audit_bundle/` | The substrate — bundle format and manifest, the verifier, the producer `emitter` SDK, typed-check plugins, extensions, discharge, fragments, and coverage. |
+| `coverage/` | Closed-world coverage plugin (sum-invariant grading). |
+| `examples/` | Generic domain pilots — each a self-contained bundle plus its own `tests/`. |
+| `tests/` | The open verifier + substrate test suite. |
+| [`MANIFEST_SCHEMA.md`](MANIFEST_SCHEMA.md) | The bundle manifest schema. |
+| [`VERIFIER_CONTRACT.md`](VERIFIER_CONTRACT.md) | The normative offline-verifier contract — every clause indexed to the test that enforces it. |
+
+## 🧪 Run the tests
+
+```bash
+pip install -e ".[dev]"
+pytest                          # the open verifier + substrate suite
+pytest examples/<name>/tests/   # a single pilot's suite (run per-example)
+```
+
+Each pilot under `examples/` ships its own `tests/` package and is invoked
+separately — the suites are isolated by design.
+
+---
+
+## 🧭 Scope and honesty
+
+Every pilot's data is **synthetic**. A pilot demonstrates that the substrate can
+*re-derive* a declared output and detect tampering or drift against committed
+inputs — it is **evidence for a verification property, never a claim that a real
+deployment is "compliant"** with any named standard. The check proves the value is
+the deterministic output of the *committed* computation over the *committed* input
+under the auditor's comparator; it is **not** a claim that the computation or the
+input are themselves correct, and a pilot's self-check re-runs the producer's own
+re-derivation pack (a round-trip), not an independent re-implementation. Read each
+pilot's README for the exact property it demonstrates and the explicit limits of
+that claim.
+
+The verifier's own guarantees are held to the same standard:
+[`VERIFIER_CONTRACT.md`](VERIFIER_CONTRACT.md) states them as a normative
+contract — offline, stdlib-only import boundary, structural-only scope,
+tri-state verdict, no silent upgrade of unevaluated evidence — and indexes
+every clause to the test that enforces it. The stdlib-only claim itself is
+ratcheted: the test suite imports the verifier and re-verifies bundles under
+an import hook that blocks every third-party package.
+
+---
+
+## 🔒 Security · Contributing · License
+
+- **Security** — see [SECURITY.md](SECURITY.md) to report a vulnerability.
+- **Contributing** — issues and pull requests are welcome. New pilots should
+  follow the *Current* spec-pinned wiring above; run `pytest` before submitting.
+- **License** — Apache License 2.0, see [LICENSE](LICENSE).
+
+---
+
+<div align="center">
+
+**Recompute the answer — don't trust the claim.**
+
+Apache-2.0 · offline verify · stdlib-only at audit time
+
+</div>