Initialize repository snapshot
This commit is contained in:
Vault Sovereign
26
.gitignore
vendored
Normal file
26
.gitignore
vendored
Normal file
@@ -0,0 +1,26 @@
|
||||
target/
|
||||
__pycache__/
|
||||
*.pyc
|
||||
.venv/
|
||||
.DS_Store
|
||||
*.egg-info/
|
||||
|
||||
# Local-first SQLite ledger and seal bundles
|
||||
.state/
|
||||
*.sqlite
|
||||
*.sqlite-wal
|
||||
*.sqlite-shm
|
||||
|
||||
# Runtime logs and receipts
|
||||
logs/
|
||||
receipts/
|
||||
|
||||
# Guardian/automation/offsec/treasury ROOT state files
|
||||
ROOT.*.txt
|
||||
|
||||
# Generic logs
|
||||
*.log
|
||||
|
||||
# Generated verifier reports
|
||||
verification_report.json
|
||||
verification_report_*.json
|
||||
130
.gitlab-ci.yml
Normal file
130
.gitlab-ci.yml
Normal file
@@ -0,0 +1,130 @@
|
||||
stages:
|
||||
- build
|
||||
- test
|
||||
- lint
|
||||
|
||||
variables:
|
||||
CARGO_HOME: $CI_PROJECT_DIR/.cargo
|
||||
|
||||
# Ensure receipts directories exist (tests may write into them)
|
||||
before_script:
|
||||
- mkdir -p receipts/guardian receipts/treasury receipts/offsec receipts/automation receipts/mcp receipts/mesh
|
||||
|
||||
# Rust build job
|
||||
rust-build:
|
||||
stage: build
|
||||
image: rust:1.75
|
||||
script:
|
||||
- cargo build --workspace --locked
|
||||
cache:
|
||||
key: cargo-$CI_COMMIT_REF_SLUG
|
||||
paths:
|
||||
- target/
|
||||
- .cargo/registry/
|
||||
|
||||
# Sentinel contract parity + testvectors (required gate)
|
||||
sentinel-contracts:
|
||||
stage: test
|
||||
image: python:3.11
|
||||
before_script:
|
||||
- pip install -q blake3
|
||||
script:
|
||||
- python3 tools/check_sentinel_contract_parity.py
|
||||
- bash tools/run_sentinel_testvectors.sh
|
||||
|
||||
# MERIDIAN v1 conformance suite (offline, deterministic, build-blocking)
|
||||
meridian-v1-conformance:
|
||||
stage: test
|
||||
image: python:3.11
|
||||
before_script:
|
||||
- pip install -q blake3
|
||||
script:
|
||||
- bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh
|
||||
|
||||
# OpenCode plugin smoke (one PASS + one FAIL)
|
||||
sentinel-opencode-smoke:
|
||||
stage: test
|
||||
image: node:20-bullseye
|
||||
before_script:
|
||||
- apt-get update && apt-get install -y python3 python3-pip >/dev/null
|
||||
- pip3 install -q blake3
|
||||
- npm install -g opencode-ai@1.0.166
|
||||
- npm install --prefix .opencode
|
||||
- export VAULTMESH_WORKSPACE_ROOT="$CI_PROJECT_DIR"
|
||||
- export VAULTMESH_SENTINEL_VERIFIER="$CI_PROJECT_DIR/tools/vm_verify_sentinel_bundle.py"
|
||||
script:
|
||||
- opencode run --format json --command sentinelVerifyBundle --worktree "$CI_PROJECT_DIR" --directory "$CI_PROJECT_DIR" --tool-args '{"bundlePath":"testvectors/sentinel/black-box-that-refused","strict":true}'
|
||||
- opencode run --format json --command sentinelVerifyBundle --worktree "$CI_PROJECT_DIR" --directory "$CI_PROJECT_DIR" --tool-args '{"bundlePath":"testvectors/sentinel/integrity-size-mismatch","strict":true}'
|
||||
|
||||
# Rust test job
|
||||
rust-test:
|
||||
stage: test
|
||||
image: rust:1.75
|
||||
script:
|
||||
- cargo test --workspace --locked
|
||||
cache:
|
||||
key: cargo-$CI_COMMIT_REF_SLUG
|
||||
paths:
|
||||
- target/
|
||||
- .cargo/registry/
|
||||
|
||||
# Rust lint job (format + clippy)
|
||||
rust-lint:
|
||||
stage: lint
|
||||
image: rust:1.75
|
||||
script:
|
||||
- rustup component add clippy rustfmt
|
||||
- cargo fmt --check
|
||||
- cargo clippy --workspace -- -D warnings
|
||||
allow_failure: true
|
||||
cache:
|
||||
key: cargo-$CI_COMMIT_REF_SLUG
|
||||
paths:
|
||||
- target/
|
||||
- .cargo/registry/
|
||||
|
||||
# Python CLI tests (when pytest available)
|
||||
python-test:
|
||||
stage: test
|
||||
image: python:3.11
|
||||
before_script:
|
||||
- pip install -q blake3 click pynacl pytest
|
||||
script:
|
||||
- python -m pytest -q cli/ tests/ 2>/dev/null || echo "No Python tests yet"
|
||||
allow_failure: true
|
||||
|
||||
# Observability exporter smoke test
|
||||
observability-smoke:
|
||||
stage: test
|
||||
image: rust:1.75
|
||||
script:
|
||||
- cargo test -p vaultmesh-observability --tests -- --nocapture
|
||||
cache:
|
||||
key: cargo-$CI_COMMIT_REF_SLUG
|
||||
paths:
|
||||
- target/
|
||||
- .cargo/registry/
|
||||
|
||||
# Guardian metrics integration test (requires --features metrics)
|
||||
guardian-metrics-integration:
|
||||
stage: test
|
||||
image: rust:1.75
|
||||
script:
|
||||
- cargo test -p vaultmesh-guardian --features metrics --test metrics_integration -- --nocapture
|
||||
cache:
|
||||
key: cargo-$CI_COMMIT_REF_SLUG
|
||||
paths:
|
||||
- target/
|
||||
- .cargo/registry/
|
||||
|
||||
# Mesh metrics integration test (requires --features metrics)
|
||||
mesh-metrics-integration:
|
||||
stage: test
|
||||
image: rust:1.75
|
||||
script:
|
||||
- cargo test -p vaultmesh-mesh --features metrics --test metrics_integration -- --nocapture
|
||||
cache:
|
||||
key: cargo-$CI_COMMIT_REF_SLUG
|
||||
paths:
|
||||
- target/
|
||||
- .cargo/registry/
|
||||
5
.opencode/package.json
Normal file
5
.opencode/package.json
Normal file
@@ -0,0 +1,5 @@
|
||||
{
|
||||
"dependencies": {
|
||||
"@opencode-ai/plugin": "1.0.166"
|
||||
}
|
||||
}
|
||||
300
.opencode/plugin/vaultmesh-sentinel.ts
Normal file
300
.opencode/plugin/vaultmesh-sentinel.ts
Normal file
@@ -0,0 +1,300 @@
|
||||
import { tool, type Plugin } from "@opencode-ai/plugin";
|
||||
import { spawn } from "node:child_process";
|
||||
import { createHash, randomUUID } from "node:crypto";
|
||||
import { promises as fs, statSync } from "node:fs";
|
||||
import os from "node:os";
|
||||
import path from "node:path";
|
||||
|
||||
const TOOL_VERSION = "0.2.0";
|
||||
|
||||
type RunResult = {
|
||||
exitCode: number;
|
||||
stdout: string;
|
||||
stderr: string;
|
||||
};
|
||||
|
||||
function normalizeForStableJson(value: unknown): unknown {
|
||||
if (value === null || value === undefined) return value;
|
||||
if (Array.isArray(value)) return value.map((v) => normalizeForStableJson(v));
|
||||
if (typeof value === "object") {
|
||||
const entries = Object.entries(value as Record<string, unknown>).sort(
|
||||
([a], [b]) => a.localeCompare(b),
|
||||
);
|
||||
return entries.reduce<Record<string, unknown>>((acc, [k, v]) => {
|
||||
acc[k] = normalizeForStableJson(v);
|
||||
return acc;
|
||||
}, {});
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
function stableStringify(value: unknown): string {
|
||||
return JSON.stringify(normalizeForStableJson(value));
|
||||
}
|
||||
|
||||
function run(
|
||||
cmd: string,
|
||||
args: string[],
|
||||
opts: { env?: Record<string, string | undefined> } = {},
|
||||
): Promise<RunResult> {
|
||||
return new Promise((resolve) => {
|
||||
const child = spawn(cmd, args, {
|
||||
env: { ...process.env, ...(opts.env ?? {}) },
|
||||
stdio: ["ignore", "pipe", "pipe"],
|
||||
});
|
||||
|
||||
let stdout = "";
|
||||
let stderr = "";
|
||||
|
||||
child.stdout.on("data", (d) => {
|
||||
stdout += d.toString("utf8");
|
||||
});
|
||||
|
||||
child.stderr.on("data", (d) => {
|
||||
stderr += d.toString("utf8");
|
||||
});
|
||||
|
||||
child.on("close", (code) => {
|
||||
resolve({ exitCode: code ?? 1, stdout, stderr });
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
async function computeBundleHash(bundlePath: string): Promise<string> {
|
||||
const root = path.resolve(bundlePath);
|
||||
const hasher = createHash("sha256");
|
||||
|
||||
async function walk(dir: string): Promise<void> {
|
||||
const entries = await fs.readdir(dir, { withFileTypes: true });
|
||||
const sorted = entries.sort((a, b) => a.name.localeCompare(b.name));
|
||||
|
||||
for (const entry of sorted) {
|
||||
const abs = path.join(dir, entry.name);
|
||||
const rel = path.relative(root, abs).split(path.sep).join("/");
|
||||
|
||||
if (entry.isDirectory()) {
|
||||
hasher.update(`dir:${rel}\n`);
|
||||
await walk(abs);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (entry.isFile()) {
|
||||
const data = await fs.readFile(abs);
|
||||
const digest = createHash("sha256").update(data).digest("hex");
|
||||
hasher.update(`file:${rel}:${data.length}:${digest}\n`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
await walk(root);
|
||||
return `sha256:${hasher.digest("hex")}`;
|
||||
}
|
||||
|
||||
async function readJsonIfExists(filePath: string): Promise<unknown | null> {
|
||||
try {
|
||||
const raw = await fs.readFile(filePath, "utf8");
|
||||
return JSON.parse(raw);
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
function resolveWorkspaceRoot(
|
||||
worktree: string | undefined,
|
||||
directory: string,
|
||||
): string {
|
||||
const envRoot = process.env.VAULTMESH_WORKSPACE_ROOT;
|
||||
if (envRoot) return envRoot;
|
||||
|
||||
if (worktree) return path.resolve(worktree, "..");
|
||||
return path.resolve(directory, "..");
|
||||
}
|
||||
|
||||
function resolveVerifierPath(
|
||||
worktree: string | undefined,
|
||||
directory: string,
|
||||
): string {
|
||||
const envVerifier = process.env.VAULTMESH_SENTINEL_VERIFIER;
|
||||
if (envVerifier) return envVerifier;
|
||||
|
||||
const workspaceRoot = resolveWorkspaceRoot(worktree, directory);
|
||||
const candidates = [
|
||||
path.join(
|
||||
workspaceRoot,
|
||||
"vaultmesh-orgine-mobile/tools/vm_verify_sentinel_bundle.py",
|
||||
),
|
||||
path.join(workspaceRoot, "tools/vm_verify_sentinel_bundle.py"),
|
||||
];
|
||||
|
||||
for (const candidate of candidates) {
|
||||
try {
|
||||
if (statSync(candidate).isFile()) {
|
||||
return candidate;
|
||||
}
|
||||
} catch {
|
||||
// continue searching
|
||||
}
|
||||
}
|
||||
|
||||
// Fallback: first candidate, even if it does not exist (caller will error deterministically)
|
||||
return candidates[0];
|
||||
}
|
||||
|
||||
export const VaultMeshSentinelPlugin: Plugin = async (ctx) => {
|
||||
const baseDir = ctx.directory ?? process.cwd();
|
||||
const verifierPath = resolveVerifierPath(ctx.worktree, baseDir);
|
||||
|
||||
return {
|
||||
tool: {
|
||||
sentinelVerifyBundle: tool({
|
||||
description:
|
||||
"Verify a VaultMesh Sentinel v1 seal bundle offline (deterministic; no network).",
|
||||
args: {
|
||||
bundlePath: tool.schema
|
||||
.string()
|
||||
.describe("Path to seal bundle directory (contains seal.json)"),
|
||||
strict: tool.schema
|
||||
.boolean()
|
||||
.optional()
|
||||
.default(false)
|
||||
.describe("Enable strict verification (recommended for audits)"),
|
||||
maxFileBytes: tool.schema
|
||||
.number()
|
||||
.int()
|
||||
.optional()
|
||||
.describe(
|
||||
"Reject any single input file larger than this many bytes",
|
||||
),
|
||||
},
|
||||
async execute(args) {
|
||||
const respond = (value: unknown) => stableStringify(value);
|
||||
|
||||
const bundle = path.resolve(baseDir, args.bundlePath);
|
||||
|
||||
const baseResult = {
|
||||
tool: "sentinelVerifyBundle",
|
||||
tool_version: TOOL_VERSION,
|
||||
verifier_path: verifierPath,
|
||||
bundle_path: bundle,
|
||||
bundle_hash: null as string | null,
|
||||
canonicalization_version: null as string | null,
|
||||
schema_version: null as string | null,
|
||||
verifier_version: null as string | null,
|
||||
strict: !!args.strict,
|
||||
exit_code: null as number | null,
|
||||
ok: false,
|
||||
stdout: "",
|
||||
stderr: "",
|
||||
report: null as unknown,
|
||||
};
|
||||
|
||||
try {
|
||||
const st = await fs.stat(bundle);
|
||||
if (!st.isDirectory()) {
|
||||
return respond({
|
||||
...baseResult,
|
||||
error: "BUNDLE_NOT_DIRECTORY",
|
||||
});
|
||||
}
|
||||
} catch {
|
||||
return respond({
|
||||
...baseResult,
|
||||
error: "BUNDLE_NOT_FOUND",
|
||||
});
|
||||
}
|
||||
|
||||
try {
|
||||
const st = await fs.stat(verifierPath);
|
||||
if (!st.isFile()) {
|
||||
return respond({
|
||||
...baseResult,
|
||||
error: "VERIFIER_NOT_FILE",
|
||||
});
|
||||
}
|
||||
} catch {
|
||||
return respond({
|
||||
...baseResult,
|
||||
error: "VERIFIER_NOT_FOUND",
|
||||
});
|
||||
}
|
||||
|
||||
baseResult.bundle_hash = await computeBundleHash(bundle);
|
||||
|
||||
const reportPath = path.join(
|
||||
os.tmpdir(),
|
||||
`vm_sentinel_verification_report_${randomUUID()}.json`,
|
||||
);
|
||||
|
||||
const cmdArgs: string[] = [
|
||||
"-u",
|
||||
verifierPath,
|
||||
"--bundle",
|
||||
bundle,
|
||||
"--report",
|
||||
reportPath,
|
||||
];
|
||||
if (args.strict) cmdArgs.push("--strict");
|
||||
if (typeof args.maxFileBytes === "number") {
|
||||
cmdArgs.push("--max-file-bytes", String(args.maxFileBytes));
|
||||
}
|
||||
|
||||
const { exitCode, stdout, stderr } = await run("python3", cmdArgs);
|
||||
const report = await readJsonIfExists(reportPath);
|
||||
|
||||
// Best-effort cleanup: report is returned inline; avoid mutating evidence bundles.
|
||||
await fs.unlink(reportPath).catch(() => {});
|
||||
|
||||
const versions =
|
||||
report && typeof report === "object"
|
||||
? (report as Record<string, unknown>).versions
|
||||
: null;
|
||||
|
||||
const canonicalizationVersion =
|
||||
versions &&
|
||||
typeof versions === "object" &&
|
||||
(versions as Record<string, unknown>).canonicalization_version;
|
||||
const schemaVersion =
|
||||
versions &&
|
||||
typeof versions === "object" &&
|
||||
(versions as Record<string, unknown>).schema_version;
|
||||
|
||||
const declared =
|
||||
report && typeof report === "object"
|
||||
? (report as Record<string, unknown>).declared_verifier
|
||||
: null;
|
||||
const reportedVerifier =
|
||||
report && typeof report === "object"
|
||||
? (report as Record<string, unknown>).verifier
|
||||
: null;
|
||||
|
||||
const verifierVersion =
|
||||
(declared &&
|
||||
typeof declared === "object" &&
|
||||
(declared as Record<string, unknown>).version) ||
|
||||
(reportedVerifier &&
|
||||
typeof reportedVerifier === "object" &&
|
||||
(reportedVerifier as Record<string, unknown>).version) ||
|
||||
null;
|
||||
|
||||
return respond({
|
||||
...baseResult,
|
||||
exit_code: exitCode,
|
||||
ok: exitCode === 0,
|
||||
stdout,
|
||||
stderr,
|
||||
report,
|
||||
canonicalization_version:
|
||||
typeof canonicalizationVersion === "string"
|
||||
? canonicalizationVersion
|
||||
: null,
|
||||
schema_version:
|
||||
typeof schemaVersion === "string" ? schemaVersion : null,
|
||||
verifier_version:
|
||||
typeof verifierVersion === "string" ? verifierVersion : null,
|
||||
error: undefined,
|
||||
});
|
||||
},
|
||||
}),
|
||||
},
|
||||
};
|
||||
};
|
||||
18
ASSURANCE.md
Normal file
18
ASSURANCE.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# Assurance Run — 2025-12-18
|
||||
|
||||
- Commit: 3cf647e3b6cc732d953f9c4389387c7481e0ed9e
|
||||
- Toolchain: `rustc 1.92.0 (ded5c06cf 2025-12-08)`, `cargo 1.92.0 (344c4567c 2025-10-21)`, `python3 3.14.2`
|
||||
|
||||
| Check | Status | Notes |
|
||||
| --- | --- | --- |
|
||||
| `cargo fmt --check` | ❌ | rustfmt reported dozens of wrapping changes (see `vaultmesh-core/src/did.rs`, `vaultmesh-mesh/src/lib.rs`, etc.). No edits were applied—run `cargo fmt` to adopt the default style. |
|
||||
| `cargo clippy --all -- -D warnings` | ❌ | Blocks on `vaultmesh-core::DidType::from_str` (Clippy wants an actual `FromStr` impl) before analyzing other crates. |
|
||||
| `cargo test` | ✅ | Full workspace test suite passes (Guardian/Mesh/Treasury/Observability metrics + doc tests). |
|
||||
| `python3 -m py_compile cli/vm_cli.py tools/*.py` | ✅ | Bytecode generation succeeded. |
|
||||
| `python3 tools/check_sentinel_contract_parity.py` | ✅ | Script prints `[OK] Sentinel contract parity verified`. |
|
||||
| `bash tools/run_sentinel_testvectors.sh` | ✅ | All Sentinel vectors reported `[OK]`, transcript stored under `tools/out/`. |
|
||||
| `bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh` | ✅ | Suite reports 19/19 passing; outputs kept under `MERIDIAN_V1_CONFORMANCE_TEST_SUITE/out/`. |
|
||||
|
||||
Notes:
|
||||
- `target/` was cleaned (space pressure) before running the suite and rebuilt by `cargo test`.
|
||||
- No source files were modified during this pass.
|
||||
68
CHANGELOG.md
Normal file
68
CHANGELOG.md
Normal file
@@ -0,0 +1,68 @@
|
||||
# Changelog
|
||||
|
||||
All notable changes to VaultMesh are documented in this file.
|
||||
|
||||
## [Unreleased] - 2025-12-07
|
||||
|
||||
### Added
|
||||
|
||||
#### Observability Engine
|
||||
- Prometheus exporter at `:9108/metrics` with 4 metrics:
|
||||
- `vaultmesh_receipts_total` (counter by module)
|
||||
- `vaultmesh_receipts_failed_total` (counter by module, reason)
|
||||
- `vaultmesh_anchor_age_seconds` (gauge)
|
||||
- `vaultmesh_emit_seconds` (histogram by module)
|
||||
- Docker Compose stack (Prometheus + Grafana + Exporter)
|
||||
- Grafana dashboard JSON at `docs/observability/dashboards/receipts.json`
|
||||
- 8 unit + integration tests for observability
|
||||
|
||||
#### Guardian Engine
|
||||
- Full implementation replacing stub (~200 LoC)
|
||||
- `compute_scroll_root()` and `anchor()` methods
|
||||
- Optional `metrics` feature for observability integration
|
||||
- `set_anchor_age(0.0)` after each anchor (fresh anchor indicator)
|
||||
- Metrics integration test (`--features metrics`)
|
||||
- 5 unit tests
|
||||
|
||||
#### Treasury Engine
|
||||
- Full implementation replacing stub (~300 LoC)
|
||||
- Budget management: `create_budget`, `debit`, `credit`
|
||||
- Receipt emission for all financial operations
|
||||
- Optional `metrics` feature for observability integration
|
||||
- 5 unit tests
|
||||
|
||||
#### Mesh Engine
|
||||
- Full implementation replacing stub (~400 LoC)
|
||||
- Node management: `node_join`, `node_leave`
|
||||
- Route management: `route_add`, `route_remove`
|
||||
- Capability management: `capability_grant`, `capability_revoke`
|
||||
- Topology snapshots with `topology_snapshot()`
|
||||
- 6 receipt types: `mesh_node_join`, `mesh_node_leave`, `mesh_route_change`, `mesh_capability_grant`, `mesh_capability_revoke`, `mesh_topology_snapshot`
|
||||
- Optional `metrics` feature for observability integration
|
||||
- Metrics integration test (`--features metrics`)
|
||||
- 5 unit tests + 1 integration test
|
||||
|
||||
#### Core
|
||||
- 13 unit tests for hash.rs and did.rs
|
||||
|
||||
#### MCP Server
|
||||
- 7 Claude tools in `packages/vaultmesh_mcp/`:
|
||||
- `guardian_anchor_now`
|
||||
- `guardian_verify_receipt`
|
||||
- `guardian_status`
|
||||
- `treasury_create_budget`
|
||||
- `treasury_balance`
|
||||
- `treasury_debit`
|
||||
- `treasury_credit`
|
||||
- Receipt emission for all tool calls
|
||||
|
||||
#### CI/CD
|
||||
- GitLab CI pipeline with build/test/lint stages
|
||||
- `observability-smoke` job for exporter tests
|
||||
- `guardian-metrics-integration` job for guardian metrics integration test
|
||||
- `mesh-metrics-integration` job for mesh metrics integration test
|
||||
- `before_script` to ensure receipts directories exist (including `receipts/mesh`)
|
||||
|
||||
### Notes
|
||||
- Total tests in workspace: 40 (38 workspace + 2 metrics integration)
|
||||
- Level-of-Done score: 2.5 → 4.0
|
||||
1832
Cargo.lock
generated
Normal file
1832
Cargo.lock
generated
Normal file
File diff suppressed because it is too large
Load Diff
31
Cargo.toml
Normal file
31
Cargo.toml
Normal file
@@ -0,0 +1,31 @@
|
||||
[workspace]
|
||||
members = [
|
||||
"vaultmesh-core",
|
||||
"vaultmesh-treasury",
|
||||
"vaultmesh-identity",
|
||||
"vaultmesh-mesh",
|
||||
"vaultmesh-offsec",
|
||||
"vaultmesh-observability",
|
||||
"vaultmesh-automation",
|
||||
"vaultmesh-psi",
|
||||
"vaultmesh-guardian",
|
||||
]
|
||||
resolver = "2"
|
||||
|
||||
# Release profile optimizations
|
||||
[profile.release]
|
||||
opt-level = 3
|
||||
lto = "thin"
|
||||
codegen-units = 1
|
||||
panic = "abort"
|
||||
strip = true
|
||||
|
||||
# Development profile with some optimizations for faster testing
|
||||
[profile.dev]
|
||||
opt-level = 1
|
||||
|
||||
# Profile for maximum performance (use with --profile release-max)
|
||||
[profile.release-max]
|
||||
inherits = "release"
|
||||
lto = "fat"
|
||||
codegen-units = 1
|
||||
40
Containerfile
Normal file
40
Containerfile
Normal file
@@ -0,0 +1,40 @@
|
||||
# VaultMesh Sentinel Verifier
|
||||
# Minimal image for deterministic verification tasks
|
||||
# No daemon, no ports, stateless
|
||||
|
||||
FROM python:3.12-slim
|
||||
|
||||
LABEL org.opencontainers.image.title="VaultMesh Sentinel"
|
||||
LABEL org.opencontainers.image.description="Deterministic seal bundle verifier"
|
||||
LABEL org.opencontainers.image.source="https://gitlab.com/vaultsovereign/ops"
|
||||
|
||||
# Avoid interactive prompts
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ENV PYTHONDONTWRITEBYTECODE=1
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
|
||||
# Install minimal dependencies
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
git \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create non-root user
|
||||
RUN useradd --create-home --shell /bin/bash sentinel
|
||||
USER sentinel
|
||||
WORKDIR /home/sentinel
|
||||
|
||||
# Install Python dependencies
|
||||
COPY --chown=sentinel:sentinel pyproject.toml requirements.txt* ./
|
||||
RUN pip install --user --no-cache-dir click blake3
|
||||
|
||||
# Copy application code
|
||||
COPY --chown=sentinel:sentinel cli/ ./cli/
|
||||
COPY --chown=sentinel:sentinel tools/ ./tools/
|
||||
COPY --chown=sentinel:sentinel ledger/ ./ledger/
|
||||
|
||||
# Set PATH for user-installed packages
|
||||
ENV PATH="/home/sentinel/.local/bin:${PATH}"
|
||||
|
||||
# Default entrypoint - verifier help
|
||||
ENTRYPOINT ["python3"]
|
||||
CMD ["tools/vm_verify_sentinel_bundle.py", "--help"]
|
||||
1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/.gitignore
vendored
Normal file
1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
out/
|
||||
58
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/README.md
Normal file
58
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/README.md
Normal file
@@ -0,0 +1,58 @@
|
||||
# MERIDIAN v1 Conformance Test Suite (Offline / Deterministic / Build‑Blocking)
|
||||
|
||||
This suite turns MERIDIAN v1 into an **executable compliance gate**.
|
||||
|
||||
What it tests (normative):
|
||||
- MERIDIAN v1 is **Sentinel‑governed**; verification is defined by the Sentinel offline verifier in `--strict` mode.
|
||||
- No proprietary verifier codes: expected failures are **Sentinel v1 failure codes** only.
|
||||
|
||||
Normative references:
|
||||
- `2025-12-18-07h58m04s-attachments/MERIDIAN_V1_SPEC.md`
|
||||
- `2025-12-18-07h58m04s-attachments/MERIDIAN_V1_EVENT_CONTRACT_MATRIX.md`
|
||||
- `vaultmesh-orgine-mobile/spec/SENTINEL_FAILURE_CODE_SEMANTICS.md`
|
||||
- `vaultmesh-orgine-mobile/tools/vm_verify_sentinel_bundle.py`
|
||||
|
||||
---
|
||||
|
||||
## Run (one command)
|
||||
|
||||
From `vaultmesh-orgine-mobile/`:
|
||||
|
||||
```bash
|
||||
bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh
|
||||
```
|
||||
|
||||
What `run.sh` does:
|
||||
1. Verifies Sentinel contract parity (code ↔ docs) via `tools/check_sentinel_contract_parity.py`.
|
||||
2. Runs each testvector in `manifest.yaml` through `tools/vm_verify_sentinel_bundle.py --strict`.
|
||||
3. Produces an auditor‑readable report (JSON + text) under `out/`.
|
||||
|
||||
---
|
||||
|
||||
## Output
|
||||
|
||||
`out/` contains:
|
||||
- `out/meridian_v1_conformance_report.json` (suite summary + per-test results)
|
||||
- `out/meridian_v1_conformance_report.txt` (human summary)
|
||||
- `out/sentinel_reports/<TEST_ID>.verification_report.json` (verifier output per test)
|
||||
- `out/sentinel_stdio/<TEST_ID>.stderr.txt` (verifier stderr per test)
|
||||
|
||||
---
|
||||
|
||||
## Interpreting results
|
||||
|
||||
- Suite PASS means the fixtures and verifier behave as the MERIDIAN v1 spec requires.
|
||||
- A deployment MAY claim “MERIDIAN v1 compliant” for a specific bundle **iff**:
|
||||
|
||||
`python3 tools/vm_verify_sentinel_bundle.py --bundle <BUNDLE_DIR> --strict` returns `PASS`
|
||||
|
||||
---
|
||||
|
||||
## Notes on “killer tests” terminology
|
||||
|
||||
MERIDIAN v1 does not introduce new verifier failure codes.
|
||||
|
||||
Examples:
|
||||
- “silent denial” ⇒ Sentinel strict-mode failure `E_CHAIN_DISCONTINUITY`
|
||||
- “unbounded automation” (v1 boundary) ⇒ modeled as “execution without intent” ⇒ `E_CHAIN_DISCONTINUITY`
|
||||
|
||||
15
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/README.md
Normal file
15
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/README.md
Normal file
@@ -0,0 +1,15 @@
|
||||
# fixtures/
|
||||
|
||||
Fixtures are **Sentinel v1 seal bundles** used as deterministic testvectors for MERIDIAN v1 invariants.
|
||||
|
||||
Layout:
|
||||
- `pass/` bundles must verify with `--strict` and produce `PASS`.
|
||||
- `fail/` bundles must fail with a specific Sentinel v1 `failure_code` (see `manifest.yaml`).
|
||||
|
||||
Each fixture directory is a bundle containing at minimum:
|
||||
- `seal.json`
|
||||
- `integrity.json`
|
||||
- `verifier_manifest.json`
|
||||
- receipts/events file(s) (typically `receipts.jsonl`)
|
||||
- `roots.txt`
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: event_hash_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:1d37e53b7dbd608ab9418a1d9cc872d51100ec35020c6853aa1a2ff1c13d430b",
|
||||
"path": "README.md",
|
||||
"size_bytes": 53
|
||||
},
|
||||
{
|
||||
"digest": "sha256:6555ba75e9c12063b8ea45aa7f2b8d42c0640bd7c34d5dec094d432347ea67fe",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:18c4ad7ddbb198e6fc8efe5e4769450a2856a7eb1d9e587937b306832c864030",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 707
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:0000000000000000000000000000000000000000000000000000000000000000","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_event_hash_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: canon_version_unsupported
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:11bddf1e93d24997bd7d7a94f6395666edda587284e5ee4d2022d566f04f1957",
|
||||
"path": "README.md",
|
||||
"size_bytes": 59
|
||||
},
|
||||
{
|
||||
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:80f5f348140ab695b27edd60b4edcb8bffaaa9a148ea546c4a467a0185feac8c",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 715
|
||||
},
|
||||
{
|
||||
"digest": "sha256:69f602c85f266f780deeb99085531e43ca8ecf0062f7d68a727de0dd05a4d824",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 240
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v999","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_canon_version_unsupported","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v999","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: double_outcome
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:f6c5fff056a8fab6b5df6a8ddd085c6f0ac33bc659fc653434233127bca1c130",
|
||||
"path": "README.md",
|
||||
"size_bytes": 48
|
||||
},
|
||||
{
|
||||
"digest": "sha256:4a4284db18107347fd0c7645b08c614777b5c88375f797561e197c1fec5103f7",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 2698
|
||||
},
|
||||
{
|
||||
"digest": "sha256:a782d2beebe78664aca0dbe2b42beed275042afdcc8643d5fd6a2ff960dea739",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 377
|
||||
},
|
||||
{
|
||||
"digest": "sha256:1fc193716891d3cde4486d09c8705041cab1654ba9583a4987299aa5b097650c",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 702
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:f8e7607b7d45d306b9da8361593a115e45c91c4efce19790aaee4308ee836d4a","event_id":"00000000-0000-4000-8000-000000000221","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:operator:demo","cap_hash":"sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd","event_hash":"sha256:226a880a1f30a1fd24be533deecca73af5b9badece02cbb770cff8089e1d78c2","event_id":"00000000-0000-4000-8000-000000000222","event_type":"action_intent","op":"meridian.v1.plc.write","op_digest":"sha256:8ce9de554fc5a237b1f8a7d0b4711058c0c2ad933c70165c4d900337afc6cf84","payload":{"kind":"command_requested","params":{"plc":"plc:demo","register":"R3","value":"1"}},"prev_event_hash":"sha256:f8e7607b7d45d306b9da8361593a115e45c91c4efce19790aaee4308ee836d4a","result":"ok","seq":1,"trace_id":"22222222-2222-4222-8222-222222222224","ts":"2025-03-17T03:17:41Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd","event_hash":"sha256:ce6bfb75f3792c08b0237d7d051c6af8ec0193c2d14c81845f835e53f621c251","event_id":"00000000-0000-4000-8000-000000000223","event_type":"action_executed","op":"meridian.v1.plc.write","op_digest":"sha256:8ce9de554fc5a237b1f8a7d0b4711058c0c2ad933c70165c4d900337afc6cf84","payload":{"kind":"command_executed","params":{"plc":"plc:demo","register":"R3","value":"1"}},"prev_event_hash":"sha256:226a880a1f30a1fd24be533deecca73af5b9badece02cbb770cff8089e1d78c2","result":"ok","seq":2,"trace_id":"22222222-2222-4222-8222-222222222224","ts":"2025-03-17T03:17:42Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd","event_hash":"sha256:faecc8feaf604e012cddd574260937d35c5b72ab2639e6c5f0a39e294a06dff8","event_id":"00000000-0000-4000-8000-000000000224","event_type":"shadow_receipt","op":"meridian.v1.plc.write","op_digest":"sha256:8ce9de554fc5a237b1f8a7d0b4711058c0c2ad933c70165c4d900337afc6cf84","payload":{"kind":"command_refused","params":{"plc":"plc:demo","register":"R3","value":"1"},"reason_code":"policy_denied"},"prev_event_hash":"sha256:ce6bfb75f3792c08b0237d7d051c6af8ec0193c2d14c81845f835e53f621c251","result":"deny","seq":3,"trace_id":"22222222-2222-4222-8222-222222222224","ts":"2025-03-17T03:17:43Z"}
|
||||
@@ -0,0 +1,5 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:f8e7607b7d45d306b9da8361593a115e45c91c4efce19790aaee4308ee836d4a
|
||||
seq=1 root=sha256:a1e813b1a70383dfc2ede487c125d606936ecad92a68ebe3d37d37d7c98f78df
|
||||
seq=2 root=sha256:01393640058eca7ac43a6aae2112966c234f0bbfc58c1c67ffd88192bf6858da
|
||||
seq=3 root=sha256:ca845f9f1caf91eb2beb556ed6feb2e9ce9fd6cf7ec6bdd6100c343700ec9b2f
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:44Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":3,"until_ts":"2025-03-17T03:17:43Z"},"root":{"end":"sha256:ca845f9f1caf91eb2beb556ed6feb2e9ce9fd6cf7ec6bdd6100c343700ec9b2f","seq":3,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_double_outcome","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: event_hash_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:1d37e53b7dbd608ab9418a1d9cc872d51100ec35020c6853aa1a2ff1c13d430b",
|
||||
"path": "README.md",
|
||||
"size_bytes": 53
|
||||
},
|
||||
{
|
||||
"digest": "sha256:6555ba75e9c12063b8ea45aa7f2b8d42c0640bd7c34d5dec094d432347ea67fe",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:18c4ad7ddbb198e6fc8efe5e4769450a2856a7eb1d9e587937b306832c864030",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 707
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:0000000000000000000000000000000000000000000000000000000000000000","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_event_hash_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: execution_without_intent
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:cc5a97bbce56fd6bbf0fcc1491a9ca68aa45afd99d5d39b0499a7c1db665135f",
|
||||
"path": "README.md",
|
||||
"size_bytes": 58
|
||||
},
|
||||
{
|
||||
"digest": "sha256:216c9d68e68651c04819ea7d8e9a274fccbe26963728e2a4b472d62cf9c07429",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1292
|
||||
},
|
||||
{
|
||||
"digest": "sha256:0396a0afb4802666620d63682da492bf219867fc7099aa0628df71aed60a2b42",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:2b21d2200ae30ce18e9803ce18dc338b0429636d0a3f6abf6eaf2715340344ed",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 712
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:c66fee7334d8077b76e96500eef6fded3d4df6c43adabed19f63e8a8439e476a","event_id":"00000000-0000-4000-8000-000000000211","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc","event_hash":"sha256:0cf93dc668ae23232678731e8d5286322e5524fdb03e6779efac8933c33e1e1f","event_id":"00000000-0000-4000-8000-000000000212","event_type":"action_executed","op":"meridian.v1.plc.write","op_digest":"sha256:a68906cc6970cc15a611fff2b81a07a31dc93bd7dd5506bf4406cb16d447252b","payload":{"kind":"command_executed","params":{"plc":"plc:demo","register":"R9","value":"1"}},"prev_event_hash":"sha256:c66fee7334d8077b76e96500eef6fded3d4df6c43adabed19f63e8a8439e476a","result":"ok","seq":1,"trace_id":"99999999-9999-4999-8999-999999999999","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:c66fee7334d8077b76e96500eef6fded3d4df6c43adabed19f63e8a8439e476a
|
||||
seq=1 root=sha256:0ebb872451cb6669ae997e558631fdaa38df560b53c6e09ca51621f2e84c9145
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:0ebb872451cb6669ae997e558631fdaa38df560b53c6e09ca51621f2e84c9145","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_execution_without_intent","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: invalid_jsonl_truncated
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:076f6c0260405dd67ac641d9ad61a86c2e15e5b77140d41f297bd52c1047de8b",
|
||||
"path": "README.md",
|
||||
"size_bytes": 57
|
||||
},
|
||||
{
|
||||
"digest": "sha256:5ae4c468ed53f5c8a7518ffd24cac29837f20e7377db06aa995fed4b5e88e654",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 14
|
||||
},
|
||||
{
|
||||
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:7be2019d7bca77e2b9e44da0710ae43fc8625ec448938a6aaa69efe533b7a00f",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 711
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{"truncated":
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_invalid_jsonl_truncated","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: manifest_hash_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:51fb89251d833c3229d284ce080135f1d53c7a22a5b5c715fe43a7257e61d98c",
|
||||
"path": "README.md",
|
||||
"size_bytes": 56
|
||||
},
|
||||
{
|
||||
"digest": "sha256:2222222222222222222222222222222222222222222222222222222222222222",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:2579685d2b55aa625b00cc62833ce139277ba82d856873d62d78f62a7380c6ca",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 710
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_manifest_hash_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: missing_required_file_roots
|
||||
@@ -0,0 +1,26 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:f55737e620d70f3a0d13c56bae90556ad012375786d5d1a3e7e3c6360c97ad21",
|
||||
"path": "README.md",
|
||||
"size_bytes": 61
|
||||
},
|
||||
{
|
||||
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:2117ebec196781f6b1526ea2786eacda4661790000f8ca0ac4d965f4a3dcd04b",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 701
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_missing_roots","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: op_digest_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:6d84872131ebbbea2cfe51f4fc78b637cf8d3fbd07536efad7842494824ebff5",
|
||||
"path": "README.md",
|
||||
"size_bytes": 52
|
||||
},
|
||||
{
|
||||
"digest": "sha256:cc8c8a8a826aa2af56c973d0acf5d2cb3c15ec27774b32d379fdbcd773ea89fc",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:0f409ba6f0b3a5f725c27ea4f694d3233ba525c0e8b45346db78677a28a1bb27",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:d9927f312b368cc93c5f658129520be2e410a53cc430ee17d1994a56a587fa7b",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 706
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:0dc6ce7f089a5a984b539949cd115c3c82bdf042d8c258629c2435f52ff0931c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:bd92627c9be6c20d5fa39a43af20b71399df67515c57c4f3747021135ce6c1a0
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:bd92627c9be6c20d5fa39a43af20b71399df67515c57c4f3747021135ce6c1a0","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_op_digest_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: prev_event_hash_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:b2c04f16a262c9c0dbf5cd97453f39a2d1784cd4cf8bc33c2db18699ebee85b7",
|
||||
"path": "README.md",
|
||||
"size_bytes": 58
|
||||
},
|
||||
{
|
||||
"digest": "sha256:d0926fb0271ef172b3a266acba1ef72e4874b4c6a10fd4728c4a5c0637f23b1e",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:151c573c6450d7e11ac7714e5f46f3ed4dd8236095cd4dd4abcece4aa0d6cfe0",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:9ce9202c3070d5c10873cc060c40657a582d1d0ba610afb158bdc064dd089150",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 706
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:66097f23685fbf3559480b7cb89f2bef233321702f94ab0878074fa023b459e5","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:1111111111111111111111111111111111111111111111111111111111111111","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:018be4d5f99ee40aa0d2fa0ef572a029b10b3626462bec9f0046d32358e04122
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:018be4d5f99ee40aa0d2fa0ef572a029b10b3626462bec9f0046d32358e04122","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_prev_hash_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: range_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:487b6fe99e45ba428c81ccbf8412fd8cdfe653631e686bc9e3d84337e5968ec6",
|
||||
"path": "README.md",
|
||||
"size_bytes": 48
|
||||
},
|
||||
{
|
||||
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:eeea9ab98df5540b0493f948e3fbb2f982f6a950cd6d690edcb8edc7818780c6",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 702
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":0,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":0,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_range_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: revoked_capability_used
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:e2ac0e69c825925179a37cc3c7f302db809c0882529b09b24fa19170c76a9722",
|
||||
"path": "README.md",
|
||||
"size_bytes": 57
|
||||
},
|
||||
{
|
||||
"digest": "sha256:102e1ba3c758a3387ee658a552a682339cb0ff4c0dac46b8fee2ab1298d661ac",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 2616
|
||||
},
|
||||
{
|
||||
"digest": "sha256:800646f71e8dfa68f5ff59e037aefe1f4c343ec8fe50259f7c70b53559c14ec6",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 377
|
||||
},
|
||||
{
|
||||
"digest": "sha256:7572439a56d51a887204b0ad45af3b9d1be561b19b83d6563686ff2c70a22d4f",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 711
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:255f64c373130f8c525b25a75a4f39509fe9d5749cc0a0998b8ec4770c2bdb5e","event_id":"00000000-0000-4000-8000-000000000401","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:guardian:demo","cap_hash":"none","event_hash":"sha256:01dee033c0551df6d97f1bf1a42901eff46fe74c924e7ffd6b826294770e4746","event_id":"00000000-0000-4000-8000-000000000402","event_type":"cap_revoke","op":"meridian.v1.cap.revoke","op_digest":"sha256:3ec26a65972bb3d5cdbb73e8b5cb21493eb4d93cfa4a5458624b344fb2c71205","payload":{"params":{"revoked_cap_hash":"sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"}},"prev_event_hash":"sha256:255f64c373130f8c525b25a75a4f39509fe9d5749cc0a0998b8ec4770c2bdb5e","result":"ok","seq":1,"trace_id":"55555555-5555-4555-8555-555555555555","ts":"2025-03-17T03:17:41Z"}
|
||||
{"actor":"did:vm:operator:demo","cap_hash":"sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee","event_hash":"sha256:362ef4b2dfb84d65740385a2408e5c2d2347f4b72c54719c71cc23ff3753583b","event_id":"00000000-0000-4000-8000-000000000403","event_type":"action_intent","op":"meridian.v1.plc.write","op_digest":"sha256:117d3ce1dbece95b6bf06b1d251946dedfd879a0cb38aa8b8ec4e34380f1d1c8","payload":{"kind":"command_requested","params":{"plc":"plc:demo","register":"R7","value":"1"}},"prev_event_hash":"sha256:01dee033c0551df6d97f1bf1a42901eff46fe74c924e7ffd6b826294770e4746","result":"ok","seq":2,"trace_id":"44444444-4444-4444-8444-444444444444","ts":"2025-03-17T03:17:42Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee","event_hash":"sha256:bd3b793f7cc567527df49b49c1282bbf43c67e7bac4e8ad54a45c4e76f06f035","event_id":"00000000-0000-4000-8000-000000000404","event_type":"action_executed","op":"meridian.v1.plc.write","op_digest":"sha256:117d3ce1dbece95b6bf06b1d251946dedfd879a0cb38aa8b8ec4e34380f1d1c8","payload":{"kind":"command_executed","params":{"plc":"plc:demo","register":"R7","value":"1"}},"prev_event_hash":"sha256:362ef4b2dfb84d65740385a2408e5c2d2347f4b72c54719c71cc23ff3753583b","result":"ok","seq":3,"trace_id":"44444444-4444-4444-8444-444444444444","ts":"2025-03-17T03:17:43Z"}
|
||||
@@ -0,0 +1,5 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:255f64c373130f8c525b25a75a4f39509fe9d5749cc0a0998b8ec4770c2bdb5e
|
||||
seq=1 root=sha256:d825463571271525aa2e65fb72574040538c71ee8ab8ebf88de72d08cc364038
|
||||
seq=2 root=sha256:f0b4f65c899b47afc42611b449fe4be1c092d2360e172af9cb31137660290bf0
|
||||
seq=3 root=sha256:22f52ba66114decc6702f2e711ddfd690b1567a5fc2586339feb658c44f593c3
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:44Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":3,"until_ts":"2025-03-17T03:17:43Z"},"root":{"end":"sha256:22f52ba66114decc6702f2e711ddfd690b1567a5fc2586339feb658c44f593c3","seq":3,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_revoked_capability_used","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: root_mismatch
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:cb5376f22e2f1d4b956f3a61cd85d2010d9ff160f9109f876eb6dff7e68eb483",
|
||||
"path": "README.md",
|
||||
"size_bytes": 47
|
||||
},
|
||||
{
|
||||
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1200
|
||||
},
|
||||
{
|
||||
"digest": "sha256:818502d58a7dea7ec78196f629a223b10ec2603a762fc76500b2bc59592d9e66",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:9cb2077be17e3f77f4151830b309e6ff79169fa9a188b0707fd3662b6b4354f2",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 701
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
|
||||
seq=1 root=sha256:3333333333333333333333333333333333333333333333333333333333333333
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:3333333333333333333333333333333333333333333333333333333333333333","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_root_mismatch","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: seq_non_monotonic_duplicate
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:d22dcdada9f37d6f6860d160ea994f7db1b75844b3ff6d301e33d47a69010e9c",
|
||||
"path": "README.md",
|
||||
"size_bytes": 61
|
||||
},
|
||||
{
|
||||
"digest": "sha256:0e4056952676edaf73e2841421a7c7597a4ccee5c6c1cf29576eb9cb8926a8c0",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1800
|
||||
},
|
||||
{
|
||||
"digest": "sha256:dda5f37f4d5bb9bda4b00c7042b2249fb8ec6ae68008b86d6e60774cca728458",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:a6cbbbfe4a59dfdff145d4ca8a7b631d71b599f35ae53dbfdbea90bc9b103d98",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 705
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:8400306ca8ae4c0a051d25b5315ce07654281ea49d58698fa7a3d30f17a9c3a0","event_id":"00000000-0000-4000-8000-000000000301","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:8433e0eb0867866fa7ba7fba0bff09302b6ac9bc03d04608cf3d7e4f892c7648","event_id":"00000000-0000-4000-8000-000000000302","event_type":"health_event","op":"meridian.v1.health","op_digest":"sha256:86a43eb2d983d91d8cf106edf3d55e9590a72647fe00ca9a919819a4c853ec30","payload":{"kind":"health_event","params":{"ok":true}},"prev_event_hash":"sha256:8400306ca8ae4c0a051d25b5315ce07654281ea49d58698fa7a3d30f17a9c3a0","result":"ok","seq":1,"trace_id":"aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa","ts":"2025-03-17T03:17:41Z"}
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:5955a07c38ee54c89feef03eb7295483e2ad00059174b20ec8f24481e090f03a","event_id":"00000000-0000-4000-8000-000000000303","event_type":"corruption_detected","op":"meridian.v1.corruption_detected","op_digest":"sha256:3fb33f6ebd627285686d974ee770894dc91f1e77b90448ddda0d23012e48eccb","payload":{"kind":"corruption_detected","params":{"component":"storage"}},"prev_event_hash":"sha256:8433e0eb0867866fa7ba7fba0bff09302b6ac9bc03d04608cf3d7e4f892c7648","result":"error","seq":1,"trace_id":"bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:8400306ca8ae4c0a051d25b5315ce07654281ea49d58698fa7a3d30f17a9c3a0
|
||||
seq=1 root=sha256:ed0d9e93d9feed61c3c3baa9a99866d88909275efb1d6490a7760363aa41d0ce
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:ed0d9e93d9feed61c3c3baa9a99866d88909275efb1d6490a7760363aa41d0ce","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_seq_non_monotonic","sentinel_version":"0.1.0"}
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
|
||||
@@ -0,0 +1 @@
|
||||
MERIDIAN v1 conformance fixture: silent_denial_intent_without_outcome
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"files": [
|
||||
{
|
||||
"digest": "sha256:b38038066e2b0824a4d2e23ae90964452c073c328934bd1a64a395a07b84738f",
|
||||
"path": "README.md",
|
||||
"size_bytes": 70
|
||||
},
|
||||
{
|
||||
"digest": "sha256:8403298da38e131bfb9533ab3f483b7e6a5800e3ec0769f8890656cc026c54c9",
|
||||
"path": "receipts.jsonl",
|
||||
"size_bytes": 1288
|
||||
},
|
||||
{
|
||||
"digest": "sha256:a3aff64880a37f16b8e1e83cc2f8e16d40d4126676abce6a071c4ed090f7280c",
|
||||
"path": "roots.txt",
|
||||
"size_bytes": 211
|
||||
},
|
||||
{
|
||||
"digest": "sha256:1630336168944b3fc601984ab346ed9bccb3fb0a63daa40437b276aa230dbebc",
|
||||
"path": "seal.json",
|
||||
"size_bytes": 701
|
||||
},
|
||||
{
|
||||
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
|
||||
"path": "verifier_manifest.json",
|
||||
"size_bytes": 238
|
||||
}
|
||||
],
|
||||
"format": "vm-sentinel-integrity-v1",
|
||||
"hash_algo": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:65454174bcfd71e018828a00aa1a54ef48bb68c901df0af4889979b572da252b","event_id":"00000000-0000-4000-8000-000000000201","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
|
||||
{"actor":"did:vm:operator:demo","cap_hash":"sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb","event_hash":"sha256:988d189147174703c406cced62a4d1e5c968ad676b2ddcfc99d0652f7c974c22","event_id":"00000000-0000-4000-8000-000000000202","event_type":"action_intent","op":"meridian.v1.plc.write","op_digest":"sha256:f0625adaa0316d2058fd9f2d9ccf497fda392b709306b74441e7236e2f29d39a","payload":{"kind":"command_requested","params":{"plc":"plc:demo","register":"R2","value":"1"}},"prev_event_hash":"sha256:65454174bcfd71e018828a00aa1a54ef48bb68c901df0af4889979b572da252b","result":"ok","seq":1,"trace_id":"22222222-2222-4222-8222-222222222223","ts":"2025-03-17T03:17:41Z"}
|
||||
@@ -0,0 +1,3 @@
|
||||
# Sentinel root history (seq -> merkle root)
|
||||
seq=0 root=sha256:65454174bcfd71e018828a00aa1a54ef48bb68c901df0af4889979b572da252b
|
||||
seq=1 root=sha256:9b669e18278c025b371af97d641406d36b3b2b770ded71cf4420d16e4fe336e1
|
||||
@@ -0,0 +1 @@
|
||||
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:9b669e18278c025b371af97d641406d36b3b2b770ded71cf4420d16e4fe336e1","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_silent_denial","sentinel_version":"0.1.0"}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user