vaultsovereign/vm-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initialize repository snapshot

Browse Source
This commit is contained in:
Vault Sovereign
2025-12-27 00:10:32 +00:00
commit 110d644e10
281 changed files with 40331 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
testvectors/sentinel/black-box-that-refused/README.md Normal file
View File

@@ -0,0 +1,12 @@
# Black Box That Refused (Sentinel v1 testvector)
This directory is a deterministic, offline-verifiable Sentinel v1 seal bundle.
Scenario: A high-risk operation is attempted at 03:17 UTC and is denied with a ShadowReceipt (proof of restraint).
Verify:
python3 ../../tools/vm_verify_sentinel_bundle.py --bundle .
Notes:
- hash_algo: sha256 (no external dependencies)
- canonicalization_version: sentinel-event-jcs-v1

31
testvectors/sentinel/black-box-that-refused/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:254b0df96e3ef1dd0639124eed3cebaa3947016e9f5b248bb2d959340f84ce88",
"path": "README.md",
"size_bytes": 422
},
{
"digest": "sha256:d35ad9da08534fe90840055668967f1892d69bfed7e2de7a5e37b0ae39229602",
"path": "receipts.jsonl",
"size_bytes": 3944
},
{
"digest": "sha256:8cbcf3b70d46dd3d79302489a0522d1468ac23ebdd1fcae5ea12643b6b909d92",
"path": "roots.txt",
"size_bytes": 460
},
{
"digest": "sha256:a95af94b8b0a5e3f507e423183ca2dcc2460423a847a437fe4da56126ea901a2",
"path": "seal.json",
"size_bytes": 736
},
{
"digest": "sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd",
"path": "verifier_manifest.json",
"size_bytes": 239
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

5
testvectors/sentinel/black-box-that-refused/receipts.jsonl Normal file
View File

@@ -0,0 +1,5 @@
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:1e90417fd3c5c703deb4c6a33f89b32cb17d579116b872ba4873b05080fdb6bc","event_id":"00000000-0000-4000-8000-000000000001","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:actor:cloudflare:ops","cap_hash":"none","event_hash":"sha256:28f1aa938399720d18a561be7aa376a5f08577bc700bf5348a8c3ce5a18e73a2","event_id":"00000000-0000-4000-8000-000000000002","event_type":"action_intent","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2054406539fc9904fd1f04ffe4c257174496f4c035a1a06b5156f888a9a84b3f","payload":{"params":{"action":"block","notes":"03:17 drift candidate","rule_id":"vm-demo-317","target":"api.example.com"},"policy":{"classification":"ambiguous","confidence_bp":7100,"note":"Ambiguous -> trending forbidden (03:17 incident)","reason_code":"invariant_drift"}},"prev_event_hash":"sha256:1e90417fd3c5c703deb4c6a33f89b32cb17d579116b872ba4873b05080fdb6bc","result":"ok","seq":1,"trace_id":"22222222-2222-4222-8222-222222222222","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:63035ec50c6f983e1803358384e49a6d3e7ab5bf54f8ef1f19aeec874dd90e63","event_id":"00000000-0000-4000-8000-000000000003","event_type":"shadow_receipt","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2054406539fc9904fd1f04ffe4c257174496f4c035a1a06b5156f888a9a84b3f","payload":{"constraints_applied":{"mode":"DEGRADED","scopes_narrowed":["cloudflare.waf.read"]},"context_snapshot_hash":"sha256:e1d3e26c9b2c38c77d44d9fe7ee1d24e955ad0f07c457373edd545265d54d757","energy":{"benefit_bp":700,"debit_units":1000},"params":{"action":"block","notes":"03:17 drift candidate","rule_id":"vm-demo-317","target":"api.example.com"},"reason_code":"unsafe_context","reason_text":"Cost exceeded probabilistic benefit; invariant drift containment","side_effects":"none","would_have_done":{"op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2054406539fc9904fd1f04ffe4c257174496f4c035a1a06b5156f888a9a84b3f"}},"prev_event_hash":"sha256:28f1aa938399720d18a561be7aa376a5f08577bc700bf5348a8c3ce5a18e73a2","result":"deny","seq":2,"trace_id":"22222222-2222-4222-8222-222222222222","ts":"2025-03-17T03:17:43Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:3ee6d2408d85c911ce3ea1af0bd8427a43910e10a6ffa22e1623b20b897fe487","event_id":"00000000-0000-4000-8000-000000000004","event_type":"root_published","op":"sentinel.root_published.v1","op_digest":"sha256:188abbdb94b993cf8e542d6dca2e760abe421698ebeda6bbac0c655cd6e21dda","payload":{"params":{"coverage_seq":2},"root_hex":"sha256:81841fe0288d58b04dcb9f1d3c11e84a246665befc67f93871f31b9ef2c8c9e3"},"prev_event_hash":"sha256:63035ec50c6f983e1803358384e49a6d3e7ab5bf54f8ef1f19aeec874dd90e63","result":"ok","seq":3,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:44Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:1034ffe70214290d7e0c7fd5ec85a0f44872bf0d6d2bd87e0d5b04ad2c2a1f4b","event_id":"00000000-0000-4000-8000-000000000005","event_type":"seal_created","op":"sentinel.seal_created.v1","op_digest":"sha256:1e2e86210bc67f26758ce3101c860672b743566cbad53dc4c3a61b319b58e4f3","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","seal_id":"ouroboros_seal_20250317_031742Z_black_box_that_refused","since_seq":0,"until_seq":4}},"prev_event_hash":"sha256:3ee6d2408d85c911ce3ea1af0bd8427a43910e10a6ffa22e1623b20b897fe487","result":"ok","seq":4,"trace_id":"44444444-4444-4444-8444-444444444444","ts":"2025-03-17T03:17:45Z"}

6
testvectors/sentinel/black-box-that-refused/roots.txt Normal file
View File

@@ -0,0 +1,6 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:1e90417fd3c5c703deb4c6a33f89b32cb17d579116b872ba4873b05080fdb6bc
seq=1 root=sha256:701a1ae4b6c56b0508746a0f425947fa5ce3ed0554b9632d2ba993862d09553b
seq=2 root=sha256:81841fe0288d58b04dcb9f1d3c11e84a246665befc67f93871f31b9ef2c8c9e3
seq=3 root=sha256:2ef9222e3c9fceae815837584c2eda262e64df3fa5c1960e42914fa1fdd1f9be
seq=4 root=sha256:b68479558afa41325a0a18f7087bca9549be90e61134bf5f584c598a956a6385

1
testvectors/sentinel/black-box-that-refused/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:45Z"},"root":{"end":"sha256:b68479558afa41325a0a18f7087bca9549be90e61134bf5f584c598a956a6385","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_black_box_that_refused","sentinel_version":"0.1.0"}

1
testvectors/sentinel/black-box-that-refused/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

6
testvectors/sentinel/corruption-truncated-jsonl/README.md Normal file
View File

@@ -0,0 +1,6 @@
# Corruption Drill: Truncated receipts.jsonl (Sentinel v1 testvector)
Expected result: FAIL with E_SCHEMA_INVALID (malformed JSONL).
Verify:
python3 ../../tools/vm_verify_sentinel_bundle.py --bundle . --strict

1
testvectors/sentinel/corruption-truncated-jsonl/integrity.json Normal file
View File

@@ -0,0 +1 @@
{"files":[{"digest":"sha256:9ba07babfb5c19611b323c89a456b8968a1572f868b881b93f43da1dfb7deaaa","path":"README.md","size_bytes":214},{"digest":"sha256:964bfec3a37f7b0616a8eb919e3c34daeba665f68222743a075f24f90ec59764","path":"receipts.jsonl","size_bytes":3700},{"digest":"sha256:9683545f7c23da977fc54f7901c41459d012217aecb60c5544a35caf71238436","path":"roots.txt","size_bytes":460},{"digest":"sha256:2f29bb00c6da0ad7e967ea6ab0c7632fbe148ab222744647bf01dea5a94fc9f4","path":"seal.json","size_bytes":740},{"digest":"sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd","path":"verifier_manifest.json","size_bytes":239}],"format":"vm-sentinel-integrity-v1","hash_algo":"sha256"}

5
testvectors/sentinel/corruption-truncated-jsonl/receipts.jsonl Normal file
View File

@@ -0,0 +1,5 @@
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:521abeea9c029b319e4753fe28aa3900e2be0bad6609548bb33c742f3d1aeb76","event_id":"00000000-0000-4000-8000-000000000201","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"eeeeeeee-eeee-4eee-8eee-eeeeeeeeeeee","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:actor:cloudflare:ops","cap_hash":"none","event_hash":"sha256:99beb8c6cf0d90550f9bfbc63b49b497d906a4ba967a6c214feaa2abaa36f22e","event_id":"00000000-0000-4000-8000-000000000202","event_type":"action_intent","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2e6864e10c30e74398dd04b48322d13a21e535b9a1f1ab93425fa7cd4b04e000","payload":{"params":{"action":"block","notes":"corruption truncated jsonl vector","rule_id":"vm-demo-corruption","target":"api.example.com"}},"prev_event_hash":"sha256:521abeea9c029b319e4753fe28aa3900e2be0bad6609548bb33c742f3d1aeb76","result":"ok","seq":1,"trace_id":"ffffffff-ffff-4fff-8fff-ffffffffffff","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:97545c07d685e6c41c52a11ca3b4ba4cba38f137c943f145e23678c1bdaac5a2","event_id":"00000000-0000-4000-8000-000000000203","event_type":"shadow_receipt","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2e6864e10c30e74398dd04b48322d13a21e535b9a1f1ab93425fa7cd4b04e000","payload":{"constraints_applied":{"mode":"DEGRADED"},"context_snapshot_hash":"sha256:5b1bb1b57322632ca395d30566fc58c31d96ff9a8ca5b353eee66921f3dafcd1","params":{"action":"block","notes":"corruption truncated jsonl vector","rule_id":"vm-demo-corruption","target":"api.example.com"},"reason_code":"integrity_degraded","reason_text":"corruption drill (expected truncation)","side_effects":"none","would_have_done":{"op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2e6864e10c30e74398dd04b48322d13a21e535b9a1f1ab93425fa7cd4b04e000"}},"prev_event_hash":"sha256:99beb8c6cf0d90550f9bfbc63b49b497d906a4ba967a6c214feaa2abaa36f22e","result":"deny","seq":2,"trace_id":"ffffffff-ffff-4fff-8fff-ffffffffffff","ts":"2025-03-17T03:17:43Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:35195a1c29a356e4284d8b112d1751b68d7cf284486d570cd0f8154b31971155","event_id":"00000000-0000-4000-8000-000000000204","event_type":"root_published","op":"sentinel.root_published.v1","op_digest":"sha256:188abbdb94b993cf8e542d6dca2e760abe421698ebeda6bbac0c655cd6e21dda","payload":{"params":{"coverage_seq":2},"root_hex":"sha256:95d9228665adf0eec74481ef926a477ac163324cbbd374fd579aeb69b1222264"},"prev_event_hash":"sha256:97545c07d685e6c41c52a11ca3b4ba4cba38f137c943f145e23678c1bdaac5a2","result":"ok","seq":3,"trace_id":"99999999-9999-4999-8999-999999999999","ts":"2025-03-17T03:17:44Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:65d7cc94c55941060e631ab53afe9d9b41239f4b069c88d1276f8436100816f8","event_id":"00000000-0000-4000-8000-000000000205","event_type":"seal_created","op":"sentinel.seal_created.v1","op_digest":"sha256:4a48d5d29aa855839b0d1ff9747f7602d03b01ebdaa1fbcf491be59cbeaf1548","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","seal_id":"ouroboros_seal_20250317_031742Z_corruption_truncated_jsonl","since_seq":0,"until_seq":4}},"prev_event_hash":"sha256:35195a1c29a356e4284d8b112d1751b68d7cf284486d570cd0f8154b31971155","result":"ok","seq":4,"trace_id":"88888888-8888-4888-8888-888888888888","ts"

6
testvectors/sentinel/corruption-truncated-jsonl/roots.txt Normal file
View File

@@ -0,0 +1,6 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:521abeea9c029b319e4753fe28aa3900e2be0bad6609548bb33c742f3d1aeb76
seq=1 root=sha256:6da5f7f245313afb796712809339e325f2c8b91512fdce9b9f8e80c4b597cbd6
seq=2 root=sha256:95d9228665adf0eec74481ef926a477ac163324cbbd374fd579aeb69b1222264
seq=3 root=sha256:6485a940d63970bd1bba392d3260c7e6a46d67a5d8299e36f0d4691fdfdcde29
seq=4 root=sha256:2859d129262ea2417678da4c21dde5c564ca2c0ae8124b55912a71eb45320a23

1
testvectors/sentinel/corruption-truncated-jsonl/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:45Z"},"root":{"end":"sha256:2859d129262ea2417678da4c21dde5c564ca2c0ae8124b55912a71eb45320a23","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_corruption_truncated_jsonl","sentinel_version":"0.1.0"}

1
testvectors/sentinel/corruption-truncated-jsonl/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

16
testvectors/sentinel/integrity-size-mismatch/README.md Normal file
View File

@@ -0,0 +1,16 @@
# Black Box That Refused (Sentinel v1 testvector)
This directory is a deterministic, offline-verifiable Sentinel v1 seal bundle.
Scenario: A high-risk operation is attempted at 03:17 UTC and is denied with a ShadowReceipt (proof of restraint).
Verify:
python3 ../../tools/vm_verify_sentinel_bundle.py --bundle . --strict
Expected outcome:
- FAIL with `E_SCHEMA_INVALID`
- Violated contract_id: `I-4` (size_bytes mismatch)
Notes:
- hash_algo: sha256 (no external dependencies)
- canonicalization_version: sentinel-event-jcs-v1

31
testvectors/sentinel/integrity-size-mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:254b0df96e3ef1dd0639124eed3cebaa3947016e9f5b248bb2d959340f84ce88",
"path": "README.md",
"size_bytes": 999
},
{
"digest": "sha256:d35ad9da08534fe90840055668967f1892d69bfed7e2de7a5e37b0ae39229602",
"path": "receipts.jsonl",
"size_bytes": 3944
},
{
"digest": "sha256:8cbcf3b70d46dd3d79302489a0522d1468ac23ebdd1fcae5ea12643b6b909d92",
"path": "roots.txt",
"size_bytes": 460
},
{
"digest": "sha256:a95af94b8b0a5e3f507e423183ca2dcc2460423a847a437fe4da56126ea901a2",
"path": "seal.json",
"size_bytes": 736
},
{
"digest": "sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd",
"path": "verifier_manifest.json",
"size_bytes": 239
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

5
testvectors/sentinel/integrity-size-mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,5 @@
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:1e90417fd3c5c703deb4c6a33f89b32cb17d579116b872ba4873b05080fdb6bc","event_id":"00000000-0000-4000-8000-000000000001","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:actor:cloudflare:ops","cap_hash":"none","event_hash":"sha256:28f1aa938399720d18a561be7aa376a5f08577bc700bf5348a8c3ce5a18e73a2","event_id":"00000000-0000-4000-8000-000000000002","event_type":"action_intent","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2054406539fc9904fd1f04ffe4c257174496f4c035a1a06b5156f888a9a84b3f","payload":{"params":{"action":"block","notes":"03:17 drift candidate","rule_id":"vm-demo-317","target":"api.example.com"},"policy":{"classification":"ambiguous","confidence_bp":7100,"note":"Ambiguous -> trending forbidden (03:17 incident)","reason_code":"invariant_drift"}},"prev_event_hash":"sha256:1e90417fd3c5c703deb4c6a33f89b32cb17d579116b872ba4873b05080fdb6bc","result":"ok","seq":1,"trace_id":"22222222-2222-4222-8222-222222222222","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:63035ec50c6f983e1803358384e49a6d3e7ab5bf54f8ef1f19aeec874dd90e63","event_id":"00000000-0000-4000-8000-000000000003","event_type":"shadow_receipt","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2054406539fc9904fd1f04ffe4c257174496f4c035a1a06b5156f888a9a84b3f","payload":{"constraints_applied":{"mode":"DEGRADED","scopes_narrowed":["cloudflare.waf.read"]},"context_snapshot_hash":"sha256:e1d3e26c9b2c38c77d44d9fe7ee1d24e955ad0f07c457373edd545265d54d757","energy":{"benefit_bp":700,"debit_units":1000},"params":{"action":"block","notes":"03:17 drift candidate","rule_id":"vm-demo-317","target":"api.example.com"},"reason_code":"unsafe_context","reason_text":"Cost exceeded probabilistic benefit; invariant drift containment","side_effects":"none","would_have_done":{"op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:2054406539fc9904fd1f04ffe4c257174496f4c035a1a06b5156f888a9a84b3f"}},"prev_event_hash":"sha256:28f1aa938399720d18a561be7aa376a5f08577bc700bf5348a8c3ce5a18e73a2","result":"deny","seq":2,"trace_id":"22222222-2222-4222-8222-222222222222","ts":"2025-03-17T03:17:43Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:3ee6d2408d85c911ce3ea1af0bd8427a43910e10a6ffa22e1623b20b897fe487","event_id":"00000000-0000-4000-8000-000000000004","event_type":"root_published","op":"sentinel.root_published.v1","op_digest":"sha256:188abbdb94b993cf8e542d6dca2e760abe421698ebeda6bbac0c655cd6e21dda","payload":{"params":{"coverage_seq":2},"root_hex":"sha256:81841fe0288d58b04dcb9f1d3c11e84a246665befc67f93871f31b9ef2c8c9e3"},"prev_event_hash":"sha256:63035ec50c6f983e1803358384e49a6d3e7ab5bf54f8ef1f19aeec874dd90e63","result":"ok","seq":3,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:44Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:1034ffe70214290d7e0c7fd5ec85a0f44872bf0d6d2bd87e0d5b04ad2c2a1f4b","event_id":"00000000-0000-4000-8000-000000000005","event_type":"seal_created","op":"sentinel.seal_created.v1","op_digest":"sha256:1e2e86210bc67f26758ce3101c860672b743566cbad53dc4c3a61b319b58e4f3","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","seal_id":"ouroboros_seal_20250317_031742Z_black_box_that_refused","since_seq":0,"until_seq":4}},"prev_event_hash":"sha256:3ee6d2408d85c911ce3ea1af0bd8427a43910e10a6ffa22e1623b20b897fe487","result":"ok","seq":4,"trace_id":"44444444-4444-4444-8444-444444444444","ts":"2025-03-17T03:17:45Z"}

6
testvectors/sentinel/integrity-size-mismatch/roots.txt Normal file
View File

@@ -0,0 +1,6 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:1e90417fd3c5c703deb4c6a33f89b32cb17d579116b872ba4873b05080fdb6bc
seq=1 root=sha256:701a1ae4b6c56b0508746a0f425947fa5ce3ed0554b9632d2ba993862d09553b
seq=2 root=sha256:81841fe0288d58b04dcb9f1d3c11e84a246665befc67f93871f31b9ef2c8c9e3
seq=3 root=sha256:2ef9222e3c9fceae815837584c2eda262e64df3fa5c1960e42914fa1fdd1f9be
seq=4 root=sha256:b68479558afa41325a0a18f7087bca9549be90e61134bf5f584c598a956a6385

1
testvectors/sentinel/integrity-size-mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:45Z"},"root":{"end":"sha256:b68479558afa41325a0a18f7087bca9549be90e61134bf5f584c598a956a6385","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_black_box_that_refused","sentinel_version":"0.1.0"}

1
testvectors/sentinel/integrity-size-mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

6
testvectors/sentinel/revocation-used-after-revoke/README.md Normal file
View File

@@ -0,0 +1,6 @@
# Revocation Drill: Used after revoke (Sentinel v1 testvector)
Expected result: FAIL with E_REVOKED_CAPABILITY_USED.
Verify:
python3 ../../tools/vm_verify_sentinel_bundle.py --bundle . --strict

1
testvectors/sentinel/revocation-used-after-revoke/integrity.json Normal file
View File

@@ -0,0 +1 @@
{"files":[{"digest":"sha256:3dcb8554c22c6342667f50455b173fca610a202b8c7cacbaa1d9454464f72c49","path":"README.md","size_bytes":198},{"digest":"sha256:1b27f570e1386d5c2001fdaa26ed8b39c69c8c5020e2fffa6f64b32d073f6ea8","path":"receipts.jsonl","size_bytes":3480},{"digest":"sha256:af9a834c78e5fb8b00cd155218bd7c07d877741ceb0460164b913fa0f7e41b62","path":"roots.txt","size_bytes":460},{"digest":"sha256:2f0c087927bf0cdda31c8308559809aafea5c55ffb87bad5100ebbaf7f63f4b9","path":"seal.json","size_bytes":742},{"digest":"sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd","path":"verifier_manifest.json","size_bytes":239}],"format":"vm-sentinel-integrity-v1","hash_algo":"sha256"}

5
testvectors/sentinel/revocation-used-after-revoke/receipts.jsonl Normal file
View File

@@ -0,0 +1,5 @@
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:488ff4a060d14db4e268930b232c201692989d47cbdad33a80fb6a4ae721c771","event_id":"00000000-0000-4000-8000-000000000301","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"12121212-1212-4121-8121-121212121212","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:authority:demo","cap_hash":"sha256:edae118e5b7d242976f087fe7d6c6ec95b85cc9da5dead4164083daeff9e7857","event_hash":"sha256:9ae139e5a8adcdc31bcaf1eea87ce98dd49628b24ed1b67818a326e9f97cc71c","event_id":"00000000-0000-4000-8000-000000000302","event_type":"cap_grant","op":"sentinel.cap_grant.v1","op_digest":"sha256:cf238b606b127aa0ac8809aa45218a9a23ae9842964d42638153ad98136ecc78","payload":{"params":{"cap_hash":"sha256:edae118e5b7d242976f087fe7d6c6ec95b85cc9da5dead4164083daeff9e7857","capability":{"aud":"did:vm:sentinel:demo","exp":"2026-01-01T00:00:00Z","jti":"cap-demo-1","nbf":"2025-01-01T00:00:00Z","scopes":["sentinel.demo.dangerous_op"],"sub":"did:vm:actor:demo"}}},"prev_event_hash":"sha256:488ff4a060d14db4e268930b232c201692989d47cbdad33a80fb6a4ae721c771","result":"ok","seq":1,"trace_id":"34343434-3434-4343-8343-343434343434","ts":"2025-03-17T03:17:41Z"}
{"actor":"did:vm:authority:demo","cap_hash":"none","event_hash":"sha256:9fbb5cb1f63c8b7a8459f4bc9b785857f11c937902732c4f46366b22f1c19e76","event_id":"00000000-0000-4000-8000-000000000303","event_type":"cap_revoke","op":"sentinel.cap_revoke.v1","op_digest":"sha256:9796668016c7a22c0fee3648769a09b97a02af9cda234c1e3cf7cb007ce3fcf5","payload":{"params":{"reason_code":"operator_revoked","revoked_cap_hash":"sha256:edae118e5b7d242976f087fe7d6c6ec95b85cc9da5dead4164083daeff9e7857"}},"prev_event_hash":"sha256:9ae139e5a8adcdc31bcaf1eea87ce98dd49628b24ed1b67818a326e9f97cc71c","result":"ok","seq":2,"trace_id":"34343434-3434-4343-8343-343434343434","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:actor:demo","cap_hash":"sha256:edae118e5b7d242976f087fe7d6c6ec95b85cc9da5dead4164083daeff9e7857","event_hash":"sha256:e1dfc490106b6ae2f8316c16b9c655c7e899fe96a9a78f86dae30ca2efb54152","event_id":"00000000-0000-4000-8000-000000000304","event_type":"action_intent","op":"sentinel.demo.dangerous_op.v1","op_digest":"sha256:0091cfd21b0717922d234b13278067aec65828e7dd0090b189e7ef72dec88f95","payload":{"params":{"action":"override","target":"demo-device"}},"prev_event_hash":"sha256:9fbb5cb1f63c8b7a8459f4bc9b785857f11c937902732c4f46366b22f1c19e76","result":"ok","seq":3,"trace_id":"56565656-5656-4565-8565-565656565656","ts":"2025-03-17T03:17:43Z"}
{"actor":"did:vm:actor:demo","cap_hash":"sha256:edae118e5b7d242976f087fe7d6c6ec95b85cc9da5dead4164083daeff9e7857","event_hash":"sha256:987ff91a4cbec21b112950efb645fd62ff9021121ab8d91e25a932c5d706e58e","event_id":"00000000-0000-4000-8000-000000000305","event_type":"action_executed","op":"sentinel.demo.dangerous_op.v1","op_digest":"sha256:0091cfd21b0717922d234b13278067aec65828e7dd0090b189e7ef72dec88f95","payload":{"params":{"action":"override","target":"demo-device"}},"prev_event_hash":"sha256:e1dfc490106b6ae2f8316c16b9c655c7e899fe96a9a78f86dae30ca2efb54152","result":"ok","seq":4,"trace_id":"56565656-5656-4565-8565-565656565656","ts":"2025-03-17T03:17:44Z"}

6
testvectors/sentinel/revocation-used-after-revoke/roots.txt Normal file
View File

@@ -0,0 +1,6 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:488ff4a060d14db4e268930b232c201692989d47cbdad33a80fb6a4ae721c771
seq=1 root=sha256:dd1d833faf0dc4551432aa9ed62038f8d438fc580dbbad848cca4decd40fdaa1
seq=2 root=sha256:93af676f38d884cf894244d379b46a7bd840df1364b0badac33649f9c2f77143
seq=3 root=sha256:686f07fd9a782cee48adbef5b39ec2665c014624581bc00f78eddfae719074fd
seq=4 root=sha256:98a5bee2349e9cb97733697dfb008df2b9324a12812e323a3158dbdf8d3d95d6

1
testvectors/sentinel/revocation-used-after-revoke/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:44Z"},"root":{"end":"sha256:98a5bee2349e9cb97733697dfb008df2b9324a12812e323a3158dbdf8d3d95d6","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_revocation_used_after_revoke","sentinel_version":"0.1.0"}

1
testvectors/sentinel/revocation-used-after-revoke/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

6
testvectors/sentinel/rollback-duplicate-seq/README.md Normal file
View File

@@ -0,0 +1,6 @@
# Rollback Attempt: Duplicate seq (Sentinel v1 testvector)
Expected result: FAIL with E_SEQ_NON_MONOTONIC.
Verify:
python3 ../../tools/vm_verify_sentinel_bundle.py --bundle . --strict

1
testvectors/sentinel/rollback-duplicate-seq/integrity.json Normal file
View File

@@ -0,0 +1 @@
{"files":[{"digest":"sha256:1c94f9b6b1f23bd13cf311c65961449ee6bdf50dbb735759429b6e41df58435b","path":"README.md","size_bytes":188},{"digest":"sha256:c7bb7f7c52f7e5e3b033cca6313c821119a5dd9cdb77670c0e92016e5517fbb7","path":"receipts.jsonl","size_bytes":3828},{"digest":"sha256:0d5f7123eccf92c926057c496cd6c47f8848c3fd257c04f16bb68449341c12ae","path":"roots.txt","size_bytes":460},{"digest":"sha256:c1d7376fc8901beafed447395686dd707afa4e1687eba141d9217f2bb40b9834","path":"seal.json","size_bytes":736},{"digest":"sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd","path":"verifier_manifest.json","size_bytes":239}],"format":"vm-sentinel-integrity-v1","hash_algo":"sha256"}

5
testvectors/sentinel/rollback-duplicate-seq/receipts.jsonl Normal file
View File

@@ -0,0 +1,5 @@
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:4b86de283ae784282990c57acd5aeb49b6695206a5c66d555342e1770d0fc1c3","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:actor:cloudflare:ops","cap_hash":"none","event_hash":"sha256:2550e78926b563d3f717cae0bca598ca8454837ce0759ba082321d867930c24d","event_id":"00000000-0000-4000-8000-000000000102","event_type":"action_intent","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:830189862cfdd06230cd4d5d9f94d1b2bcbdddf451915d3be781b1e7aa5eaa55","payload":{"params":{"action":"block","notes":"rollback duplicate seq vector","rule_id":"vm-demo-rollback","target":"api.example.com"},"policy":{"classification":"ambiguous","confidence_bp":7100,"note":"duplicate seq rollback vector","reason_code":"invariant_drift"}},"prev_event_hash":"sha256:4b86de283ae784282990c57acd5aeb49b6695206a5c66d555342e1770d0fc1c3","result":"ok","seq":1,"trace_id":"bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:d080048781ef2f067775cf93db816add1c2f7b88e7a52feea790b3a483c1ec6c","event_id":"00000000-0000-4000-8000-000000000103","event_type":"shadow_receipt","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:830189862cfdd06230cd4d5d9f94d1b2bcbdddf451915d3be781b1e7aa5eaa55","payload":{"constraints_applied":{"mode":"DEGRADED"},"context_snapshot_hash":"sha256:23ad3979556e46fe6dfcbeda7099b8d9f020d96780bbce2fdab9072863a73b6d","params":{"action":"block","notes":"rollback duplicate seq vector","rule_id":"vm-demo-rollback","target":"api.example.com"},"reason_code":"unsafe_context","reason_text":"duplicate seq rollback attempt","side_effects":"none","would_have_done":{"op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:830189862cfdd06230cd4d5d9f94d1b2bcbdddf451915d3be781b1e7aa5eaa55"}},"prev_event_hash":"sha256:2550e78926b563d3f717cae0bca598ca8454837ce0759ba082321d867930c24d","result":"deny","seq":2,"trace_id":"bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb","ts":"2025-03-17T03:17:43Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:606160c5e082497e35ce0de57dd0b1b34ab37397ab91f3bbbf0269e002fd821f","event_id":"00000000-0000-4000-8000-000000000104","event_type":"root_published","op":"sentinel.root_published.v1","op_digest":"sha256:188abbdb94b993cf8e542d6dca2e760abe421698ebeda6bbac0c655cd6e21dda","payload":{"params":{"coverage_seq":2},"root_hex":"sha256:6f7088c38a3a599d173c4d4c5aff095fd149c489b29f8a54c230582826128bff"},"prev_event_hash":"sha256:d080048781ef2f067775cf93db816add1c2f7b88e7a52feea790b3a483c1ec6c","result":"ok","seq":2,"trace_id":"cccccccc-cccc-4ccc-8ccc-cccccccccccc","ts":"2025-03-17T03:17:44Z"}
{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:9a423be7b6eded215e3c3ca1aabed3d5b4091530fe965b0934fe4231f136bc89","event_id":"00000000-0000-4000-8000-000000000105","event_type":"seal_created","op":"sentinel.seal_created.v1","op_digest":"sha256:eca1b25ebda9ce43a0c87d2dc7028d36ab8d21323a9189e4003b91e078f064ba","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","seal_id":"ouroboros_seal_20250317_031742Z_rollback_duplicate_seq","since_seq":0,"until_seq":4}},"prev_event_hash":"sha256:606160c5e082497e35ce0de57dd0b1b34ab37397ab91f3bbbf0269e002fd821f","result":"ok","seq":4,"trace_id":"dddddddd-dddd-4ddd-8ddd-dddddddddddd","ts":"2025-03-17T03:17:45Z"}

6
testvectors/sentinel/rollback-duplicate-seq/roots.txt Normal file
View File

@@ -0,0 +1,6 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:4b86de283ae784282990c57acd5aeb49b6695206a5c66d555342e1770d0fc1c3
seq=1 root=sha256:79c749b3f5667aa3005ad8e92f065d09f17645771b2f4732c0c5f56a52ee50ea
seq=2 root=sha256:6f7088c38a3a599d173c4d4c5aff095fd149c489b29f8a54c230582826128bff
seq=2 root=sha256:b518588137a128e2298fdb0ec044def5ce4164b94dc18065753912090f91c400
seq=4 root=sha256:ede022904832f7ebfbd8a9e0b14391158f9d9502e1c04532560ed2e4a5661ad3

1
testvectors/sentinel/rollback-duplicate-seq/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:45Z"},"root":{"end":"sha256:ede022904832f7ebfbd8a9e0b14391158f9d9502e1c04532560ed2e4a5661ad3","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_rollback_duplicate_seq","sentinel_version":"0.1.0"}

1
testvectors/sentinel/rollback-duplicate-seq/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}