attesto/attesto-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sdk(P1.3): inclusion, checkpoint-chain, and completeness verification

Browse Source 
Completes the offline verification stack (P1.2 -> P1.1 -> P1.3) in all three
SDKs, each a faithful port of the backend windows.py / checkpoints.py math on
top of the frozen canonical/domain-hash primitives:

- verify_inclusion_proof: fold a window inclusion proof to the window root
  (domain attesto.v2.window; left sibling -> node(sibling,current), right ->
  node(current,sibling)).
- verify_checkpoint_root: recompute a checkpoint root from window hashes
  (domain attesto.v2.checkpoint), with an odd node at any level **promoted
  unchanged** rather than duplicated/hashed with itself (the place a naive
  Merkle port silently diverges).
- verify_checkpoint_extension: current.from_seq_no == previous.to_seq_no + 1
  and current.previous_checkpoint_hash == previous.checkpoint_hash.
- verify_completeness: proves no events were omitted in a range -- gap-free
  seq_no coverage plus prev_event_hash chaining to the previous event_hash.

New corpus golden-vectors/sdk-parity/inclusion.json (5-leaf window exercising
the promoted odd node, 3-window checkpoint root, extension + completeness
negatives), exported from the backend functions. Proven: Python = TypeScript =
Go = backend agree on every case. READMEs updated per SDK.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Codex
2026-06-11 14:29:48 +02:00
parent a46be8085f
commit a6a14e5fbb
3 changed files with 226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -99,6 +99,19 @@ if !report.OK {
}
```
The offline trust model extends across the whole proof chain — all client-side:
```go
ok, _ := attesto.VerifyInclusionProof(leafHash, proof, windowRoot) // event in a window root
ok, _ = attesto.VerifyCheckpointRoot(windowHashes, checkpointRoot) // windows fold to checkpoint root
ext := attesto.VerifyCheckpointExtension(previous, current) // one checkpoint continues the previous
comp := attesto.VerifyCompleteness(events, 5, 8) // no events omitted in [5, 8]
```
`VerifyCompleteness` proves **no events were omitted** in a range: the sequence
numbers must be gap-free and each event's `prev_event_hash` must chain to the
previous event's `event_hash`.
## Operator and Admin Endpoints
System-key clients are created with `attesto.NewClient`. Tenant/operator