Documentation
¶
Overview ¶
Package verify — RFC 8949 § 4.2 deterministic-CBOR canonicality validator (Round-1 B3 fix).
The fxamacker/cbor v2 library exposes options for duplicate-key rejection, indefinite-length rejection, and tag rejection, but does NOT enforce the two remaining "core deterministic" rules from RFC 8949 § 4.2.1:
integers, lengths, and simple values MUST use the shortest form encoding (no leading-zero promotion such as 0x18 0x17 for the value 23, which fits in the major-type+5-bit head).
map keys MUST be sorted by length-first then lexicographic byte order of their canonical CBOR encoding (RFC 8949 § 4.2.1, bullet 3 — the deterministic-encoding rule used by the konareef Bundle v2 wire contract: shorter encoded keys MUST sort before longer ones, and equal-length keys are compared bytewise).
validateCanonicalCBOR walks the raw CBOR byte stream once and rejects any non-canonical input with ErrMalformedCBOR (the wire-stable code for malformed/non-canonical bundles per PRD 3 § 12.3; the taxonomy does not carve out a separate ErrBundleNonCanonical so we wrap the closest stable code with a divergence message naming the rule).
Package verify — P1.2 deterministic CBOR decoder + BundleV2 typed shape per PRD 3 §§ 4-9.
The decoder enforces RFC 8949 § 4.2 + PRD 3 § 3.1 rules where the fxamacker/cbor library supports them: shortest-form encoding, definite-length only, duplicate-key rejection (DupMapKeyEnforcedAPF), indefinite-length forbidden, and tags forbidden. Trailing-bytes rejection runs as an explicit guard in decodeBundleV2.
PRD 3 § 14.1 forward-compat: unknown OPTIONAL keys MUST be silently ignored on decode. fxamacker/cbor's default behaviour is to drop unknown keys when decoding into a typed struct, so we deliberately do NOT set ExtraReturnErrors=ExtraDecErrorUnknownField. A negative test in cbor_test.go locks the behaviour in.
disclosure_assertion.go — P1.3 verify-side disclosure-policy assertion for `konareef verify --disclosure-policy` per PRD 4 § 4.3.3 verify-side semantics.
Package verify — P1.2 error taxonomy and structured-verdict types.
This file defines the 14-code wire-stable error taxonomy from PRD 3 § 12.3 plus the structured verdict types from PRD 3 § 11.1.
Package verify — P1.2 SNARK verification phase + first-byte dispatch ladder per PRD 3 §§ 5-12 + § 10.1.
The v2 path lands on `verifySnarkPhase`, which runs the disclosure matrix, commitments, memory-tree authentication, T_log root check, attestation cross-checks, vkey resolution, chain-policy evaluation, and finally the SNARK verify itself. All checks fire (no short-circuit) so the divergence list is exhaustive; the all-or-none invariant is enforced by the final OK = AND of every structured- verdict bool.
The default `SpartanVerifier` (when not wired in `VerifyOptions`) is `failClosedVerifier{}` — it returns `(false, ErrSnarkVerifierNotConfigured)` so production paths cannot accept a v2 bundle without an explicit verifier injection. Tests opt in via `WithAcceptingVerifierForTests()`.
Package verify — Task 5 production SpartanVerifier: a subprocess shim to the Rust arecibo `verify` binary.
Why a subprocess ¶
There is no Go-native arecibo implementation. The `CompressedSNARK` is serialized with bincode from Rust types that only deserialize in Rust, and `CompressedSNARK::verify` needs `PublicParams` (regenerated deterministically from the circuit shape) — not just the vkey. So the only real verifier is a cross-process shim to the Task 2 Step 6 Rust `verify` binary (paygate-zk `crates/konareef-circuit/src/bin/verify.rs`).
Framing ¶
This wiring produces a *verifiable proof artifact with out-of-circuit commitment checks* — the Go side re-hashes the disclosed bytes (fields_root, h_p/h_r, t_root) and the Rust subprocess verifies the CompressedSNARK over the carried z0. It is NOT a claim that the proof alone binds the pod execution; trustless in-circuit public-X binding is v1.5/CL-7.
Data transported ¶
Per Finding A the Rust binary regenerates pp/vk itself, so Go transports NO proving/verifying key — only `spartan_snark`, `vkey_hash`, the two 298-byte offset buffers, and the full 23-lane `z0` (736 bytes, read from the bundle's SpartanCompressResult.Z0 — Finding B). Bytes are passed through verbatim; the Rust side owns all interpretation. The Go shim never re-encodes or flips z0 lanes or digests.
Fail-closed contract ¶
- exit 0 → (true, nil) accept
- exit 1 → (false, nil) reject (proof or vkey_hash parity)
- spawn/other exit → (false, err) fail-closed (missing binary, exit 2 usage/parse, signal, etc.)
Index ¶
- Constants
- Variables
- func AssertDisclosurePolicy(b *Bundle, want string) error
- func BuildMerkleRoot(leaves [][]byte) [32]byte
- func ComputeAccessLogHash(hashes [][]byte) [32]byte
- func ComputeChainHash(prevHashHex, data, timestamp string) [32]byte
- func ReadSource(pathOrURL string) ([]byte, error)
- type Access
- type Bundle
- type BundleV2
- type ChainLink
- type ChainLinkV2
- type Divergence
- type PublisherIdentityStatus
- type Result
- type ResultV2
- type Snapshot
- type SnapshotLeaf
- type SpartanCompressResult
- type SpartanVerifier
- type TouchedLeaf
- type TouchedMemory
- type Verdict
- type VerifyOptions
- type WitnessDisclosure
Constants ¶
const BundleVersion = "konareef-bundle/v1"
BundleVersion is the only version tag this verifier accepts. A v2 bundle would ship alongside v1 with its own verifier; for now any other header is a fatal mismatch.
const VerifyBinEnv = "KONAREEF_VERIFY_BIN"
VerifyBinEnv is the environment variable naming the Rust `verify` binary on disk. When unset (and no explicit path supplied to the constructor), the production path stays fail-closed.
Variables ¶
var ( ErrMalformedCBOR = errors.New("ERR_MALFORMED_CBOR") ErrUnknownVersion = errors.New("ERR_UNKNOWN_VERSION") ErrProofFieldRenamed = errors.New("ERR_PROOF_FIELD_RENAMED") ErrCircuitIDMismatch = errors.New("ERR_CIRCUIT_ID_MISMATCH") ErrUnsupportedCircuit = errors.New("ERR_UNSUPPORTED_CIRCUIT") ErrVkeyMismatch = errors.New("ERR_VKEY_MISMATCH") ErrCommitmentMismatch = errors.New("ERR_COMMITMENT_MISMATCH") ErrProofRejected = errors.New("ERR_PROOF_REJECTED") ErrDisclosureInconsistent = errors.New("ERR_DISCLOSURE_INCONSISTENT") ErrProjectionLossy = errors.New("ERR_PROJECTION_LOSSY") ErrAttestationMismatch = errors.New("ERR_ATTESTATION_MISMATCH") ErrSignatureInvalid = errors.New("ERR_SIGNATURE_INVALID") ErrChainBroken = errors.New("ERR_CHAIN_BROKEN") )
The 14 stable, final error codes from konareef-bundle-v2-wire-format-v1 § 12.3. No code in this list may be renamed, merged, or removed in a v2-compatible revision.
var ErrDisclosurePolicyViolation = errors.New("ERR_DISCLOSURE_POLICY_VIOLATION")
ErrDisclosurePolicyViolation reports a mismatch between the --disclosure-policy assertion and the bundle's embedded `disclosure` field. PRD 4 § 6 stable code.
var ErrFieldsRootMismatch = errors.New("ERR_FIELDS_ROOT_MISMATCH")
ErrFieldsRootMismatch is the CL-5(a) soundness-gate divergence: the manifest's [_commit].fields_root does not bind to the proof's carried genesis lane (genesis_fields_root). It is a verifier-internal divergence code; it is NOT part of the PRD § 12.3 wire-stable taxonomy. Every path that surfaces it MUST also keep CommitmentsValid=false so the all-or-none gate fails the bundle.
var ( // ErrSnarkVerifierNotConfigured fires when verifyWith is invoked on // a v2 bundle and no SpartanVerifier was wired into VerifyOptions. // Production paths must inject a real Spartan verifier. ErrSnarkVerifierNotConfigured = errors.New("ERR_SNARK_VERIFIER_NOT_CONFIGURED") )
Implementation-side fail-closed sentinels. These are NOT part of the PRD § 12.3 wire-stable taxonomy; they only surface in operator-facing divergence strings when the verifier is mis-configured at runtime.
Functions ¶
func AssertDisclosurePolicy ¶
AssertDisclosurePolicy compares the bundle's disclosure field against want. An empty want is a no-op (caller did not supply the flag). On mismatch returns ErrDisclosurePolicyViolation.
This is a pure function; the caller invokes it AFTER verify.Load and BEFORE verify.Verify so an assertion failure short-circuits the structural verification.
func BuildMerkleRoot ¶
BuildMerkleRoot rebuilds the deterministic binary Merkle root from a list of 32-byte leaves, exactly as ReefCore.Proofs.MerkleTree.build/1 does:
- Empty input → all-zero root.
- Single leaf → root = leaf.
- Otherwise: dedupe, sort bytewise, then SHA-256(left || right) pair-up reductions. Odd-count levels duplicate the trailing node (Bitcoin-style).
The caller passes raw byte slices, not hex strings; the bundle's snapshot_leaves[].content_hash field is hex and must be decoded before being fed here.
func ComputeAccessLogHash ¶
ComputeAccessLogHash returns SHA-256(sorted_unique_concatenation), matching ReefCore.Proofs.compute_access_log_hash/1:
- Take the access content-hash bytes (raw, not hex).
- Sort ascending by raw byte order.
- Dedupe.
- Concatenate (no separator).
- SHA-256.
An empty input yields SHA-256(""), the well-known e3b0c442 98fc1c14 9afbf4c8 996fb924 27ae41e4 649b934c a495991b 7852b855.
func ComputeChainHash ¶
ComputeChainHash returns SHA-256(prev_hash_bytes || data || timestamp), mirroring ReefCore.Proofs.Hash.compute/3. prevHashHex is an empty string for the genesis commitment (prev_hash omitted from the hash input) or a 64-char hex string of the 32-byte previous hash. Mixed-case hex is accepted (case-insensitive decode).
data and timestamp are appended as their raw UTF-8 bytes — no length prefix, no separator, no encoding transformation. This is the byte-exact wire contract; do not "improve" it.
func ReadSource ¶
ReadSource fetches pathOrURL as raw bytes, dispatching on whether the argument looks like an HTTP(S) URL or a local filesystem path. It performs NO format parsing or version gating — it is the shared byte-source used by the CLI to peek the first byte and route between the v2 CBOR verifier and the legacy v1 JSON loader BEFORE committing to a format. v1 callers should continue to use Load (which re-fetches and parses); v2 callers feed the returned bytes to VerifyV2Production.
Inputs:
- pathOrURL: an http(s) URL or a local path.
Returns the raw body bytes, or an I/O / HTTP-status error.
Types ¶
type Access ¶
type Access struct {
TaskID string `json:"task_id"`
ThoughtID int `json:"thought_id"`
ContentHash string `json:"content_hash"`
Source string `json:"source"` // "snapshot" | "capture"
AccessedAt string `json:"accessed_at"`
}
Access is one MemoryAccess record for the task — what the pod read from memory while running.
type Bundle ¶
type Bundle struct {
Version string `json:"version"`
Verifiable *bool `json:"verifiable"`
Chain []ChainLink `json:"chain"`
Snapshot *Snapshot `json:"snapshot"`
SnapshotLeaves []SnapshotLeaf `json:"snapshot_leaves"`
Accesses []Access `json:"accesses"`
BsvTxids map[string]string `json:"bsv_txids"`
// Publisher attestation envelope (WI-P0-002). All nullable; a
// legacy unsigned bundle leaves every field unset.
PodHash *string `json:"pod_hash"`
PodVersion *string `json:"pod_version"`
PublisherID *string `json:"publisher_id"`
PublisherSignature *string `json:"publisher_signature"`
PublisherPubkey *string `json:"publisher_pubkey"`
Manifest *string `json:"manifest"`
// P1.3 — disclosure policy ("C" or "D") asserted by
// `konareef verify --disclosure-policy`. Sourced from v2 bundles
// (PRD 3 § 9); empty on v1 bundles. AssertDisclosurePolicy uses
// this field for the optional verify-side equality check.
Disclosure string `json:"disclosure,omitempty"`
}
Bundle is the parsed konareef-bundle/v1 JSON document.
The shape mirrors ReefCore.Proofs.Bundle.pack/2's output exactly: binary fields ride as hex strings, datetimes as ISO-8601 strings, `prev_hash` is nullable for the genesis commitment.
WI-P0-002: the publisher-attestation envelope fields below are all nullable. A legacy unsigned (v0) bundle has every one nil; a fully signed bundle has all six populated and the verifier re-checks SHA-256(manifest) == pod_hash AND that publisher_signature is a valid secp256k1-DER ECDSA signature of pod_hash under publisher_pubkey.
- Verifiable: explicit flag mirroring the envelope's verifiable bool. nil → assume true (legacy). false → the bundle is the sanitized display variant and chain-hash check will fail by design; callers shouldn't treat that as a tamper signal.
func Load ¶
Load reads pathOrURL — either an http(s) URL or a filesystem path — and returns the parsed Bundle. Failure modes:
- I/O error reading the file or making the HTTP request.
- Non-2xx HTTP status.
- Malformed JSON.
- Bundle version != BundleVersion.
Load does NOT verify the bundle cryptographically. Call Verify on the returned *Bundle to do that.
func LoadFromBytes ¶
LoadFromBytes parses already-fetched raw bytes as a konareef-bundle/v1 JSON document and applies the same version gate as Load. It performs NO I/O — the caller is responsible for fetching the bytes (exactly once).
This is the bytes-based core shared with Load so a caller that has already read the source (e.g. the CLI peeking the first byte to route between the v2 CBOR verifier and the v1 JSON loader) can parse the SAME bytes WITHOUT re-fetching the URL. Re-fetching a single-use / expiring / mutable URL can fail or return different bytes than were format-peeked.
Failure modes: malformed JSON; bundle version != BundleVersion. The output, error wording, and version gating match Load exactly.
type BundleV2 ¶
type BundleV2 struct {
Version string `cbor:"version"`
CircuitID string `cbor:"circuit_id"`
Disclosure string `cbor:"disclosure"`
SpartanCompressResult SpartanCompressResult `cbor:"spartan_compress_result"`
Chain []ChainLinkV2 `cbor:"chain"`
Vkey []byte `cbor:"vkey,omitempty"`
VkeyAnchor map[string]any `cbor:"vkey_anchor,omitempty"`
PodHash []byte `cbor:"pod_hash,omitempty"`
PodVersion string `cbor:"pod_version,omitempty"`
PublisherID string `cbor:"publisher_id,omitempty"`
PublisherSignature []byte `cbor:"publisher_signature,omitempty"`
PublisherPubkey []byte `cbor:"publisher_pubkey,omitempty"`
Manifest []byte `cbor:"manifest,omitempty"`
// ChainPolicyMode selects the chain-continuity check (PRD 3 § 8).
// "" → defaults to "full_hash_chain" in checkChainPolicy.
ChainPolicyMode string `cbor:"chain_policy_mode,omitempty"`
WitnessDisclosure *WitnessDisclosure `cbor:"witness_disclosure,omitempty"`
}
BundleV2 is the decoded top-level shape of konareef-bundle/v2. Only the fields P1.2 actively cross-checks are typed. Unknown optional keys are silently ignored on decode (PRD 3 § 14.1 forward-compat).
func DecodeBundleV2 ¶ added in v0.1.2
DecodeBundleV2 decodes konareef-bundle/v2 CBOR bytes into a *BundleV2 for out-of-band inspection of the disclosed fields (e.g. the verdict demo server rendering the pod / publisher / tool-log evidence alongside the verdict). It performs the identical decode as the verify path but exposes the struct to other packages. It does NOT verify — callers must run VerifyV2Production for the trust verdict; this only reads what the bundle discloses.
type ChainLink ¶
type ChainLink struct {
ProofType string `json:"proof_type"`
Hash string `json:"hash"`
PrevHash *string `json:"prev_hash"`
Data string `json:"data"`
Timestamp string `json:"timestamp"`
Txid *string `json:"txid"`
AgentID string `json:"agent_id"`
TaskID *string `json:"task_id"`
TaskHash *string `json:"task_hash"`
ResultHash *string `json:"result_hash"`
StructuredBundleHash *string `json:"structured_bundle_hash"`
OpenbrainSnapshotRoot *string `json:"openbrain_snapshot_root"`
OpenbrainCaptureRoot *string `json:"openbrain_capture_root"`
OpenbrainAccessLogHash *string `json:"openbrain_access_log_hash"`
AccessedCount *int `json:"accessed_count"`
Iterations *int `json:"iterations"`
DurationSecs *int `json:"duration_secs"`
ToolsUsed []string `json:"tools_used"`
TotalSats *int `json:"total_sats"`
}
ChainLink is one commitment in the per-task proof chain. Binary fields are hex-encoded; nullable fields use Go's pointer-to-string so the verifier can distinguish "missing" from "empty string".
type ChainLinkV2 ¶
type ChainLinkV2 struct {
ProofType string `cbor:"proof_type"`
Hash []byte `cbor:"hash"`
PrevHash []byte `cbor:"prev_hash,omitempty"`
// Data is present in Type-C, ABSENT in Type-D.
Data []byte `cbor:"data,omitempty"`
Scrubbed bool `cbor:"scrubbed"`
Timestamp string `cbor:"timestamp"`
Txid string `cbor:"txid,omitempty"`
}
ChainLinkV2 is one commitment in the per-task proof chain (CBOR).
type Divergence ¶
Divergence is a single failure with both the canonical error code and a human-readable message.
Err holds the canonical sentinel error (e.g. ErrFieldsRootMismatch) so errors.Is() works uniformly on the stable taxonomy. The full wrapped TOML/decode detail (the chain that includes the underlying error text) lives only in Msg — it is NOT preserved in Err. This is intentional: callers should match on the sentinel via errors.Is; human-readable context is in Msg.
type PublisherIdentityStatus ¶
type PublisherIdentityStatus string
PublisherIdentityStatus is the § 11.3 enum.
const ( PISUnbound PublisherIdentityStatus = "unbound" PISSelfSigned PublisherIdentityStatus = "self_signed" PISMismatch PublisherIdentityStatus = "mismatch" PISSignatureInvalid PublisherIdentityStatus = "signature_invalid" PISBound PublisherIdentityStatus = "bound" )
type Result ¶
Result is the verifier's structured output. OK is true iff every applicable check passed; ChainLength is the number of commitments walked; Divergences enumerates the specific failures (one human- readable line per check that diverged). The set of divergences is always exhaustive — the verifier never short-circuits on the first failure.
AttestationStatus classifies how the bundle's publisher attestation envelope was treated (WI-P0-007). A green OK from `legacy_unsigned` is fundamentally different from a green OK from `attested`; a CLI can surface the distinction so users don't read every pass as cryptographic proof:
- "legacy_unsigned" — no attestation fields were present; this is a pre-P0.3 bundle and the publisher signature was not checked. Default mode passes; strict mode rejects.
- "attested" — all six attestation fields were present and the signature + hash checks ran successfully.
- "incomplete" — some attestation fields were present but not all. Both default and strict mode reject this; it is neither legacy nor fully verifiable.
func Verify ¶
Verify runs the full re-check pipeline on b and returns the aggregated result. The bundle is read but not mutated. Verify performs no network I/O and depends on no DB.
Pipeline ordering matters: structural checks run first so the cryptographic checks below them never have to ask "is the field I want even here?" — a malformed or topologically broken bundle is rejected at the structure phase. This is the WI-P0-001 fail-closed guarantee: a verifier that returns OK because the crypto checks had no target is a verifier that lies, so the crypto phase only runs once structure is sound.
Default mode is back-compat with legacy v0 (unsigned) bundles — when the publisher-attestation envelope is absent, that check is skipped. Use VerifyStrict for the strict mode that requires attestation.
func VerifyStrict ¶
VerifyStrict is Verify with `--strict` semantics (WI-P0-002): the publisher attestation envelope MUST be present and every signed field MUST be populated. A legacy unsigned bundle is rejected.
type ResultV2 ¶
type ResultV2 struct {
OK bool
ChainLength int
Divergences []Divergence
V2Verdict *Verdict
}
ResultV2 is the v2 verifier's structured output. ResultV2 carries typed Divergences (PRD 3 § 11.1) so test code can match against the stable taxonomy.
func VerifyV2 ¶
func VerifyV2(input []byte, opts VerifyOptions) *ResultV2
VerifyV2 is the public entry point for verifying konareef-bundle/v2 bytes. It dispatches on the first byte:
- 0x7B ('{') → legacy v1 JSON; caller should use Verify
- 0xA0..0xBB → konareef-bundle/v2 CBOR
- anything else → ErrMalformedCBOR
func VerifyV2Production ¶
VerifyV2Production decodes konareef-bundle/v2 bytes and verifies them on the LIVE path with a real Spartan verifier when KONAREEF_VERIFY_BIN is set (fail-closed otherwise). It is the production analogue of VerifyV2: VerifyV2 takes pre-built opts (so the verifier must be known before the bundle is decoded), but the subprocess verifier needs the decoded bundle's z0 — so this entry decodes first, then constructs the verifier around the decoded bundle.
First-byte dispatch and divergence semantics match VerifyV2 exactly; only the konareef-bundle/v2 CBOR branch differs in that it injects the subprocess verifier.
type Snapshot ¶
type Snapshot struct {
ID string `json:"id"`
Root string `json:"root"`
EntryCount int `json:"entry_count"`
TakenAt string `json:"taken_at"`
PodID string `json:"pod_id"`
AgentID string `json:"agent_id"`
}
Snapshot is the MemorySnapshot row the chain references.
type SnapshotLeaf ¶
type SnapshotLeaf struct {
LeafIndex int `json:"leaf_index"`
ContentHash string `json:"content_hash"`
ThoughtID int `json:"thought_id"`
}
SnapshotLeaf is one leaf in the Merkle tree the verifier rebuilds.
type SpartanCompressResult ¶
type SpartanCompressResult struct {
SpartanSnark []byte `cbor:"spartan_snark"`
FirstStepPublicInputs []byte `cbor:"first_step_public_inputs"`
LastStepPublicInputs []byte `cbor:"last_step_public_inputs"`
VkeyHash []byte `cbor:"vkey_hash"`
CircuitID string `cbor:"circuit_id"`
// PkPub is the publisher's 33-byte compressed secp256k1 public key,
// carried out-of-circuit so Check 4 (§11.2) can run without an
// attestation envelope. Optional/additive (CL-5a genesis_fields_root
// precedent). Empty when a legacy/envelope-only producer omits it.
PkPub []byte `cbor:"pk_pub,omitempty"`
// Z0 carries the full 23-lane genesis fold-IO vector (Z_ARITY = 23 post-CL-6,
// 23 × 32 B LE Fq = 736 bytes) required by the Rust SNARK verify subprocess.
// Consumed by the verify binary; the Go verifier passes it through without
// inspecting its contents.
Z0 []byte `cbor:"z0,omitempty"`
// GenesisFieldsRoot carries z0[Z_FIELDS_ROOT] — the genesis fold-IO
// lane value (fq_to_le_bytes(witness.fields_root), 32-byte LE Fq). It
// is the one datum the 298-byte X-assembly does NOT expose (PRD 1
// §5.1: fields_root is a fold-IO lane, not a Spartan X slot), so the
// out-of-circuit fields_root binding (CL-5(a)) needs it carried here.
// Additive + forward-compatible: old artifacts without it decode fine
// (the field stays nil and the v2-gated binding diverges fail-closed).
GenesisFieldsRoot []byte `cbor:"genesis_fields_root,omitempty"`
}
SpartanCompressResult is the PRD 2 § 3.3 floor-field carrier.
Z0 carries the full 23-lane genesis fold-IO vector (Z_ARITY = 23 post-CL-6, 23 × 32 B LE Fq = 736 bytes) required by the Rust SNARK verify subprocess. It is present in C0 bundles and consumed by Task 5's verify binary; the Go verifier does not inspect its contents beyond passing it through.
type SpartanVerifier ¶
type SpartanVerifier interface {
Verify(snark, firstStepPublicInputs, lastStepPublicInputs, vkey []byte) (bool, error)
}
SpartanVerifier abstracts the actual Spartan SNARK verification call. P1.2 ships with two impls:
- failClosedVerifier (production default) returns (false, ErrSnarkVerifierNotConfigured).
- acceptingVerifier returns (true, nil). Test-only; gated behind WithAcceptingVerifierForTests().
type TouchedLeaf ¶
type TouchedLeaf struct {
Index uint32 `cbor:"index"`
ValueHash []byte `cbor:"value_hash"`
Value []byte `cbor:"value,omitempty"`
Siblings [][]byte `cbor:"siblings"`
}
TouchedLeaf is one leaf in a touched-memory tree.
type TouchedMemory ¶
type TouchedMemory struct {
Leaves []TouchedLeaf `cbor:"leaves"`
}
TouchedMemory carries M_in/M_out leaves (PRD 3 § 9.2).
type Verdict ¶
type Verdict struct {
ProofValid bool `json:"proof_valid"`
DisclosureValid bool `json:"disclosure_valid"`
ChainPolicyMode string `json:"chain_policy_mode"`
ChainPolicyValid bool `json:"chain_policy_valid"`
CommitmentsValid bool `json:"commitments_valid"`
SignatureValid bool `json:"signature_valid"`
PublisherIdentityStatus PublisherIdentityStatus `json:"publisher_identity_status"`
}
Verdict is the v2 structured-verdict shape (PRD 3 § 11.1).
type VerifyOptions ¶
type VerifyOptions struct {
Spartan SpartanVerifier
Durable bool
}
VerifyOptions carries the dispatcher's runtime knobs. Zero-value is the production default: fail-closed (no SpartanVerifier wired) + non-durable mode.
func ProductionVerifyOptions ¶
func ProductionVerifyOptions(b *BundleV2, durable bool) VerifyOptions
ProductionVerifyOptions builds the live-path VerifyOptions for a decoded bundle. When KONAREEF_VERIFY_BIN is set, it wires the subprocess Spartan verifier; when unset, Spartan stays nil so VerifyV2 falls back to the failClosedVerifier (production default) — the verdict cannot be PASS without a real verifier. This is the NON-TEST constructor referenced by the live TUI/CLI path; it never returns the accepting stub.
durable threads the existing --durable knob through unchanged.
func WithAcceptingVerifierForTests ¶
func WithAcceptingVerifierForTests() VerifyOptions
WithAcceptingVerifierForTests returns a VerifyOptions populated with the accepting Spartan stub. THIS IS A TEST-ONLY ENTRY POINT. Production code MUST NOT call this helper.
type WitnessDisclosure ¶
type WitnessDisclosure struct {
P []byte `cbor:"P"`
R []byte `cbor:"R"`
MIn TouchedMemory `cbor:"M_in"`
MOut TouchedMemory `cbor:"M_out"`
TLogRecords [][]byte `cbor:"T_log_records"`
}
WitnessDisclosure is the Type-C only payload per PRD 3 § 9.