Verify it yourself¶
The claims on this site are only worth anything if you can check them without us. You can. Verification reads only the agent's public key (published in the repository) and the files on disk — no network, no CA, no server.
Re-verify the whole bundle¶
After a run, re-check every signature and proof from scratch:
It re-runs, offline, against the files on disk:
verifying against agent did:keri:EGzTx1qYsWORqHvioyFjXLNMEfByq_ox8xEaJTfwHGG2
[ok ] verdict verdict-9f9933de0283.json
[ok ] dsse dsse-verdict-9f9933de0283.json
[ok ] witness every verdict independently cosigned
[ok ] fresh 16/16 cycles each used a distinct fresh agent
↳ bound to OTEL trace 4bf92f3577b3… span 00f067aa0ba9…
[ok ] include inclusion-9f9933de0283.json
[ok ] release auths-curve-0.1.0.tar.gz
ALL VERIFIED (offline)
Each line is a real re-computation:
| Check | Confirms |
|---|---|
verdict / dsse |
the agent's signature over the exact verdict bytes |
witness |
an independent second key cosigned every verdict |
fresh |
each cycle used a distinct, freshly-minted agent |
include |
the receipt is provably in the append-only transparency log |
release |
the release signature binds the bytes on disk |
Don't take verification's word for it either — break something¶
The fastest way to trust a verifier is to watch it reject a forgery. Change one byte of any attestation and re-run:
# tamper with a signed verdict, then re-verify
sed -i '' 's/"gate": "OK"/"gate": "NO"/' attestations/dsse-verdict-*.json
python3 tools/verify_all.py # → VERIFICATION FAILED
A mutated verdict, a swapped signature, a forged inclusion proof, or a witness that is really the signer — each fails, loudly. That is the design: the repository, and nothing else, is the root of trust.
Re-run the gate¶
The verdicts themselves are re-checkable. Run the gate the way CI does:
Sixteen claims GREEN, and every one of their counterexamples still RED — proof each check is able to fail, so a GREEN is meaningful.
Re-run the enforcement¶
And the merge-gate that turns proof into policy:
The trust model, in one line¶
You trust a public key you pin and the math — standard signatures and a Merkle log. You do not trust any server to be up, any platform to be honest, or the agent's own word that it passed. Anyone with the repository can confirm every claim on this site, offline, in the commands above.