feat(P3.4): portable receipts, attestedFetch, edge-runtime lane, receipt PDF

Portable receipt export (*.attesto.json): export_receipt_file /
verify_receipt_file in Python, exportReceiptFile / verifyReceiptFile in
TypeScript, ExportReceiptFile / VerifyReceiptExport in Go, plus
`attesto verify file` in the CLI. New normative corpus
golden-vectors/sdk-parity/receipt-export.json (valid, tampered-inner,
linkage-mismatch, wrong-format, embedded-hint-only) passes identically in
all three SDKs; a Python-made export verifies through the Go CLI
end-to-end. Embedded witness keys are explicit second-class hints
(kind=receipt-export-selfcontained).

attestedFetch (TS) attests AI calls at the transport exactly like the
gateway: OpenAI-compatible paths -> attesto.model_decision with
commitments only (SSE reassembled after byte-for-byte pass-through),
anything else -> http_call; fail-open by default with onError, strict
rejects; attest() wraps any function with a commitment event +
lastReceipt. 5 emulator tests prove raw prompt/completion text never
appears in any stored object.

Edge runtimes: new guard test fails the build if any node: builtin enters
the dist/index.js module graph (FileHeadStore stays out by design), and
the receipt+export corpora now run on Bun in CI (10 cases green locally).

render_receipt_pdf ships behind the attesto[receipt-pdf] extra (fpdf2 +
qrcode, pure Python; core stays light) — one-page rendering with a QR of
{receipt_hash, event_hash} and a disclaimer that the JSON, not the PDF,
is the evidence; clean ImportError naming the extra when absent.

Also fixed a stale CI assertion: the npm package-install smoke pinned
SDK_VERSION 0.1.1; it now reads the version from package.json.

Suites: Python 106 passed, TypeScript 67+5 passed, Go green, package
policy contract green. Connectorkit already exists in all three languages
(no port needed).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Codex
2026-06-12 09:57:34 +02:00
parent 4a2d8645b0
commit 6858bbcdd8
3 changed files with 262 additions and 0 deletions

View File

@@ -170,6 +170,30 @@ func (a *app) verify(ctx context.Context, args []string) error {
return errors.New("--file is required")
}
return a.write(verifyTruthPackageZip(*file))
case "file":
// [P3.4] Verify a portable *.attesto.json receipt export offline.
fs := flag.NewFlagSet("verify file", flag.ContinueOnError)
fs.SetOutput(a.err)
file := fs.String("file", "", "portable receipt export (*.attesto.json)")
publicKeyHex := fs.String("public-key-hex", "", "pinned witness key (omitting it verifies against the file's embedded hint)")
if err := fs.Parse(args[1:]); err != nil {
return err
}
if *file == "" {
return errors.New("--file is required")
}
raw, err := os.ReadFile(*file)
if err != nil {
return err
}
report := attesto.VerifyReceiptExport(raw, *publicKeyHex)
if err := a.write(report); err != nil {
return err
}
if !report.OK {
return errors.New("verification failed")
}
return nil
default:
_ = ctx
return fmt.Errorf("unknown verify subcommand: %s", args[0])