vaultsovereign/vm-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initialize repository snapshot

Browse Source
This commit is contained in:
Vault Sovereign
2025-12-27 00:10:32 +00:00
commit 110d644e10
281 changed files with 40331 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
.gitignore vendored Normal file
View File

@@ -0,0 +1,26 @@
target/
__pycache__/
*.pyc
.venv/
.DS_Store
*.egg-info/
# Local-first SQLite ledger and seal bundles
.state/
*.sqlite
*.sqlite-wal
*.sqlite-shm
# Runtime logs and receipts
logs/
receipts/
# Guardian/automation/offsec/treasury ROOT state files
ROOT.*.txt
# Generic logs
*.log
# Generated verifier reports
verification_report.json
verification_report_*.json

130
.gitlab-ci.yml Normal file
View File

@@ -0,0 +1,130 @@
stages:
- build
- test
- lint
variables:
CARGO_HOME: $CI_PROJECT_DIR/.cargo
# Ensure receipts directories exist (tests may write into them)
before_script:
- mkdir -p receipts/guardian receipts/treasury receipts/offsec receipts/automation receipts/mcp receipts/mesh
# Rust build job
rust-build:
stage: build
image: rust:1.75
script:
- cargo build --workspace --locked
cache:
key: cargo-$CI_COMMIT_REF_SLUG
paths:
- target/
- .cargo/registry/
# Sentinel contract parity + testvectors (required gate)
sentinel-contracts:
stage: test
image: python:3.11
before_script:
- pip install -q blake3
script:
- python3 tools/check_sentinel_contract_parity.py
- bash tools/run_sentinel_testvectors.sh
# MERIDIAN v1 conformance suite (offline, deterministic, build-blocking)
meridian-v1-conformance:
stage: test
image: python:3.11
before_script:
- pip install -q blake3
script:
- bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh
# OpenCode plugin smoke (one PASS + one FAIL)
sentinel-opencode-smoke:
stage: test
image: node:20-bullseye
before_script:
- apt-get update && apt-get install -y python3 python3-pip >/dev/null
- pip3 install -q blake3
- npm install -g opencode-ai@1.0.166
- npm install --prefix .opencode
- export VAULTMESH_WORKSPACE_ROOT="$CI_PROJECT_DIR"
- export VAULTMESH_SENTINEL_VERIFIER="$CI_PROJECT_DIR/tools/vm_verify_sentinel_bundle.py"
script:
- opencode run --format json --command sentinelVerifyBundle --worktree "$CI_PROJECT_DIR" --directory "$CI_PROJECT_DIR" --tool-args '{"bundlePath":"testvectors/sentinel/black-box-that-refused","strict":true}'
- opencode run --format json --command sentinelVerifyBundle --worktree "$CI_PROJECT_DIR" --directory "$CI_PROJECT_DIR" --tool-args '{"bundlePath":"testvectors/sentinel/integrity-size-mismatch","strict":true}'
# Rust test job
rust-test:
stage: test
image: rust:1.75
script:
- cargo test --workspace --locked
cache:
key: cargo-$CI_COMMIT_REF_SLUG
paths:
- target/
- .cargo/registry/
# Rust lint job (format + clippy)
rust-lint:
stage: lint
image: rust:1.75
script:
- rustup component add clippy rustfmt
- cargo fmt --check
- cargo clippy --workspace -- -D warnings
allow_failure: true
cache:
key: cargo-$CI_COMMIT_REF_SLUG
paths:
- target/
- .cargo/registry/
# Python CLI tests (when pytest available)
python-test:
stage: test
image: python:3.11
before_script:
- pip install -q blake3 click pynacl pytest
script:
- python -m pytest -q cli/ tests/ 2>/dev/null || echo "No Python tests yet"
allow_failure: true
# Observability exporter smoke test
observability-smoke:
stage: test
image: rust:1.75
script:
- cargo test -p vaultmesh-observability --tests -- --nocapture
cache:
key: cargo-$CI_COMMIT_REF_SLUG
paths:
- target/
- .cargo/registry/
# Guardian metrics integration test (requires --features metrics)
guardian-metrics-integration:
stage: test
image: rust:1.75
script:
- cargo test -p vaultmesh-guardian --features metrics --test metrics_integration -- --nocapture
cache:
key: cargo-$CI_COMMIT_REF_SLUG
paths:
- target/
- .cargo/registry/
# Mesh metrics integration test (requires --features metrics)
mesh-metrics-integration:
stage: test
image: rust:1.75
script:
- cargo test -p vaultmesh-mesh --features metrics --test metrics_integration -- --nocapture
cache:
key: cargo-$CI_COMMIT_REF_SLUG
paths:
- target/
- .cargo/registry/

5
.opencode/package.json Normal file
View File

@@ -0,0 +1,5 @@
{
"dependencies": {
"@opencode-ai/plugin": "1.0.166"
}
}

300
.opencode/plugin/vaultmesh-sentinel.ts Normal file
View File

@@ -0,0 +1,300 @@
import { tool, type Plugin } from "@opencode-ai/plugin";
import { spawn } from "node:child_process";
import { createHash, randomUUID } from "node:crypto";
import { promises as fs, statSync } from "node:fs";
import os from "node:os";
import path from "node:path";
const TOOL_VERSION = "0.2.0";
type RunResult = {
exitCode: number;
stdout: string;
stderr: string;
};
function normalizeForStableJson(value: unknown): unknown {
if (value === null || value === undefined) return value;
if (Array.isArray(value)) return value.map((v) => normalizeForStableJson(v));
if (typeof value === "object") {
const entries = Object.entries(value as Record<string, unknown>).sort(
([a], [b]) => a.localeCompare(b),
);
return entries.reduce<Record<string, unknown>>((acc, [k, v]) => {
acc[k] = normalizeForStableJson(v);
return acc;
}, {});
}
return value;
}
function stableStringify(value: unknown): string {
return JSON.stringify(normalizeForStableJson(value));
}
function run(
cmd: string,
args: string[],
opts: { env?: Record<string, string | undefined> } = {},
): Promise<RunResult> {
return new Promise((resolve) => {
const child = spawn(cmd, args, {
env: { ...process.env, ...(opts.env ?? {}) },
stdio: ["ignore", "pipe", "pipe"],
});
let stdout = "";
let stderr = "";
child.stdout.on("data", (d) => {
stdout += d.toString("utf8");
});
child.stderr.on("data", (d) => {
stderr += d.toString("utf8");
});
child.on("close", (code) => {
resolve({ exitCode: code ?? 1, stdout, stderr });
});
});
}
async function computeBundleHash(bundlePath: string): Promise<string> {
const root = path.resolve(bundlePath);
const hasher = createHash("sha256");
async function walk(dir: string): Promise<void> {
const entries = await fs.readdir(dir, { withFileTypes: true });
const sorted = entries.sort((a, b) => a.name.localeCompare(b.name));
for (const entry of sorted) {
const abs = path.join(dir, entry.name);
const rel = path.relative(root, abs).split(path.sep).join("/");
if (entry.isDirectory()) {
hasher.update(`dir:${rel}\n`);
await walk(abs);
continue;
}
if (entry.isFile()) {
const data = await fs.readFile(abs);
const digest = createHash("sha256").update(data).digest("hex");
hasher.update(`file:${rel}:${data.length}:${digest}\n`);
}
}
}
await walk(root);
return `sha256:${hasher.digest("hex")}`;
}
async function readJsonIfExists(filePath: string): Promise<unknown | null> {
try {
const raw = await fs.readFile(filePath, "utf8");
return JSON.parse(raw);
} catch {
return null;
}
}
function resolveWorkspaceRoot(
worktree: string | undefined,
directory: string,
): string {
const envRoot = process.env.VAULTMESH_WORKSPACE_ROOT;
if (envRoot) return envRoot;
if (worktree) return path.resolve(worktree, "..");
return path.resolve(directory, "..");
}
function resolveVerifierPath(
worktree: string | undefined,
directory: string,
): string {
const envVerifier = process.env.VAULTMESH_SENTINEL_VERIFIER;
if (envVerifier) return envVerifier;
const workspaceRoot = resolveWorkspaceRoot(worktree, directory);
const candidates = [
path.join(
workspaceRoot,
"vaultmesh-orgine-mobile/tools/vm_verify_sentinel_bundle.py",
),
path.join(workspaceRoot, "tools/vm_verify_sentinel_bundle.py"),
];
for (const candidate of candidates) {
try {
if (statSync(candidate).isFile()) {
return candidate;
}
} catch {
// continue searching
}
}
// Fallback: first candidate, even if it does not exist (caller will error deterministically)
return candidates[0];
}
export const VaultMeshSentinelPlugin: Plugin = async (ctx) => {
const baseDir = ctx.directory ?? process.cwd();
const verifierPath = resolveVerifierPath(ctx.worktree, baseDir);
return {
tool: {
sentinelVerifyBundle: tool({
description:
"Verify a VaultMesh Sentinel v1 seal bundle offline (deterministic; no network).",
args: {
bundlePath: tool.schema
.string()
.describe("Path to seal bundle directory (contains seal.json)"),
strict: tool.schema
.boolean()
.optional()
.default(false)
.describe("Enable strict verification (recommended for audits)"),
maxFileBytes: tool.schema
.number()
.int()
.optional()
.describe(
"Reject any single input file larger than this many bytes",
),
},
async execute(args) {
const respond = (value: unknown) => stableStringify(value);
const bundle = path.resolve(baseDir, args.bundlePath);
const baseResult = {
tool: "sentinelVerifyBundle",
tool_version: TOOL_VERSION,
verifier_path: verifierPath,
bundle_path: bundle,
bundle_hash: null as string | null,
canonicalization_version: null as string | null,
schema_version: null as string | null,
verifier_version: null as string | null,
strict: !!args.strict,
exit_code: null as number | null,
ok: false,
stdout: "",
stderr: "",
report: null as unknown,
};
try {
const st = await fs.stat(bundle);
if (!st.isDirectory()) {
return respond({
...baseResult,
error: "BUNDLE_NOT_DIRECTORY",
});
}
} catch {
return respond({
...baseResult,
error: "BUNDLE_NOT_FOUND",
});
}
try {
const st = await fs.stat(verifierPath);
if (!st.isFile()) {
return respond({
...baseResult,
error: "VERIFIER_NOT_FILE",
});
}
} catch {
return respond({
...baseResult,
error: "VERIFIER_NOT_FOUND",
});
}
baseResult.bundle_hash = await computeBundleHash(bundle);
const reportPath = path.join(
os.tmpdir(),
`vm_sentinel_verification_report_${randomUUID()}.json`,
);
const cmdArgs: string[] = [
"-u",
verifierPath,
"--bundle",
bundle,
"--report",
reportPath,
];
if (args.strict) cmdArgs.push("--strict");
if (typeof args.maxFileBytes === "number") {
cmdArgs.push("--max-file-bytes", String(args.maxFileBytes));
}
const { exitCode, stdout, stderr } = await run("python3", cmdArgs);
const report = await readJsonIfExists(reportPath);
// Best-effort cleanup: report is returned inline; avoid mutating evidence bundles.
await fs.unlink(reportPath).catch(() => {});
const versions =
report && typeof report === "object"
? (report as Record<string, unknown>).versions
: null;
const canonicalizationVersion =
versions &&
typeof versions === "object" &&
(versions as Record<string, unknown>).canonicalization_version;
const schemaVersion =
versions &&
typeof versions === "object" &&
(versions as Record<string, unknown>).schema_version;
const declared =
report && typeof report === "object"
? (report as Record<string, unknown>).declared_verifier
: null;
const reportedVerifier =
report && typeof report === "object"
? (report as Record<string, unknown>).verifier
: null;
const verifierVersion =
(declared &&
typeof declared === "object" &&
(declared as Record<string, unknown>).version) ||
(reportedVerifier &&
typeof reportedVerifier === "object" &&
(reportedVerifier as Record<string, unknown>).version) ||
null;
return respond({
...baseResult,
exit_code: exitCode,
ok: exitCode === 0,
stdout,
stderr,
report,
canonicalization_version:
typeof canonicalizationVersion === "string"
? canonicalizationVersion
: null,
schema_version:
typeof schemaVersion === "string" ? schemaVersion : null,
verifier_version:
typeof verifierVersion === "string" ? verifierVersion : null,
error: undefined,
});
},
}),
},
};
};

18
ASSURANCE.md Normal file
View File

@@ -0,0 +1,18 @@
# Assurance Run — 2025-12-18
- Commit: 3cf647e3b6cc732d953f9c4389387c7481e0ed9e
- Toolchain: `rustc 1.92.0 (ded5c06cf 2025-12-08)`, `cargo 1.92.0 (344c4567c 2025-10-21)`, `python3 3.14.2`
| Check | Status | Notes |
| --- | --- | --- |
| `cargo fmt --check` | ❌ | rustfmt reported dozens of wrapping changes (see `vaultmesh-core/src/did.rs`, `vaultmesh-mesh/src/lib.rs`, etc.). No edits were applied—run `cargo fmt` to adopt the default style. |
| `cargo clippy --all -- -D warnings` | ❌ | Blocks on `vaultmesh-core::DidType::from_str` (Clippy wants an actual `FromStr` impl) before analyzing other crates. |
| `cargo test` | ✅ | Full workspace test suite passes (Guardian/Mesh/Treasury/Observability metrics + doc tests). |
| `python3 -m py_compile cli/vm_cli.py tools/*.py` | ✅ | Bytecode generation succeeded. |
| `python3 tools/check_sentinel_contract_parity.py` | ✅ | Script prints `[OK] Sentinel contract parity verified`. |
| `bash tools/run_sentinel_testvectors.sh` | ✅ | All Sentinel vectors reported `[OK]`, transcript stored under `tools/out/`. |
| `bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh` | ✅ | Suite reports 19/19 passing; outputs kept under `MERIDIAN_V1_CONFORMANCE_TEST_SUITE/out/`. |
Notes:
- `target/` was cleaned (space pressure) before running the suite and rebuilt by `cargo test`.
- No source files were modified during this pass.

68
CHANGELOG.md Normal file
View File

@@ -0,0 +1,68 @@
# Changelog
All notable changes to VaultMesh are documented in this file.
## [Unreleased] - 2025-12-07
### Added
#### Observability Engine
- Prometheus exporter at `:9108/metrics` with 4 metrics:
- `vaultmesh_receipts_total` (counter by module)
- `vaultmesh_receipts_failed_total` (counter by module, reason)
- `vaultmesh_anchor_age_seconds` (gauge)
- `vaultmesh_emit_seconds` (histogram by module)
- Docker Compose stack (Prometheus + Grafana + Exporter)
- Grafana dashboard JSON at `docs/observability/dashboards/receipts.json`
- 8 unit + integration tests for observability
#### Guardian Engine
- Full implementation replacing stub (~200 LoC)
- `compute_scroll_root()` and `anchor()` methods
- Optional `metrics` feature for observability integration
- `set_anchor_age(0.0)` after each anchor (fresh anchor indicator)
- Metrics integration test (`--features metrics`)
- 5 unit tests
#### Treasury Engine
- Full implementation replacing stub (~300 LoC)
- Budget management: `create_budget`, `debit`, `credit`
- Receipt emission for all financial operations
- Optional `metrics` feature for observability integration
- 5 unit tests
#### Mesh Engine
- Full implementation replacing stub (~400 LoC)
- Node management: `node_join`, `node_leave`
- Route management: `route_add`, `route_remove`
- Capability management: `capability_grant`, `capability_revoke`
- Topology snapshots with `topology_snapshot()`
- 6 receipt types: `mesh_node_join`, `mesh_node_leave`, `mesh_route_change`, `mesh_capability_grant`, `mesh_capability_revoke`, `mesh_topology_snapshot`
- Optional `metrics` feature for observability integration
- Metrics integration test (`--features metrics`)
- 5 unit tests + 1 integration test
#### Core
- 13 unit tests for hash.rs and did.rs
#### MCP Server
- 7 Claude tools in `packages/vaultmesh_mcp/`:
- `guardian_anchor_now`
- `guardian_verify_receipt`
- `guardian_status`
- `treasury_create_budget`
- `treasury_balance`
- `treasury_debit`
- `treasury_credit`
- Receipt emission for all tool calls
#### CI/CD
- GitLab CI pipeline with build/test/lint stages
- `observability-smoke` job for exporter tests
- `guardian-metrics-integration` job for guardian metrics integration test
- `mesh-metrics-integration` job for mesh metrics integration test
- `before_script` to ensure receipts directories exist (including `receipts/mesh`)
### Notes
- Total tests in workspace: 40 (38 workspace + 2 metrics integration)
- Level-of-Done score: 2.5 → 4.0

1832
Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

31
Cargo.toml Normal file
View File

@@ -0,0 +1,31 @@
[workspace]
members = [
"vaultmesh-core",
"vaultmesh-treasury",
"vaultmesh-identity",
"vaultmesh-mesh",
"vaultmesh-offsec",
"vaultmesh-observability",
"vaultmesh-automation",
"vaultmesh-psi",
"vaultmesh-guardian",
]
resolver = "2"
# Release profile optimizations
[profile.release]
opt-level = 3
lto = "thin"
codegen-units = 1
panic = "abort"
strip = true
# Development profile with some optimizations for faster testing
[profile.dev]
opt-level = 1
# Profile for maximum performance (use with --profile release-max)
[profile.release-max]
inherits = "release"
lto = "fat"
codegen-units = 1

40
Containerfile Normal file
View File

@@ -0,0 +1,40 @@
# VaultMesh Sentinel Verifier
# Minimal image for deterministic verification tasks
# No daemon, no ports, stateless
FROM python:3.12-slim
LABEL org.opencontainers.image.title="VaultMesh Sentinel"
LABEL org.opencontainers.image.description="Deterministic seal bundle verifier"
LABEL org.opencontainers.image.source="https://gitlab.com/vaultsovereign/ops"
# Avoid interactive prompts
ENV DEBIAN_FRONTEND=noninteractive
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
# Install minimal dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd --create-home --shell /bin/bash sentinel
USER sentinel
WORKDIR /home/sentinel
# Install Python dependencies
COPY --chown=sentinel:sentinel pyproject.toml requirements.txt* ./
RUN pip install --user --no-cache-dir click blake3
# Copy application code
COPY --chown=sentinel:sentinel cli/ ./cli/
COPY --chown=sentinel:sentinel tools/ ./tools/
COPY --chown=sentinel:sentinel ledger/ ./ledger/
# Set PATH for user-installed packages
ENV PATH="/home/sentinel/.local/bin:${PATH}"
# Default entrypoint - verifier help
ENTRYPOINT ["python3"]
CMD ["tools/vm_verify_sentinel_bundle.py", "--help"]

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
out/

58
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/README.md Normal file
View File

@@ -0,0 +1,58 @@
# MERIDIAN v1 Conformance Test Suite (Offline / Deterministic / BuildBlocking)
This suite turns MERIDIAN v1 into an **executable compliance gate**.
What it tests (normative):
- MERIDIAN v1 is **Sentinelgoverned**; verification is defined by the Sentinel offline verifier in `--strict` mode.
- No proprietary verifier codes: expected failures are **Sentinel v1 failure codes** only.
Normative references:
- `2025-12-18-07h58m04s-attachments/MERIDIAN_V1_SPEC.md`
- `2025-12-18-07h58m04s-attachments/MERIDIAN_V1_EVENT_CONTRACT_MATRIX.md`
- `vaultmesh-orgine-mobile/spec/SENTINEL_FAILURE_CODE_SEMANTICS.md`
- `vaultmesh-orgine-mobile/tools/vm_verify_sentinel_bundle.py`
---
## Run (one command)
From `vaultmesh-orgine-mobile/`:
```bash
bash MERIDIAN_V1_CONFORMANCE_TEST_SUITE/run.sh
```
What `run.sh` does:
1. Verifies Sentinel contract parity (code ↔ docs) via `tools/check_sentinel_contract_parity.py`.
2. Runs each testvector in `manifest.yaml` through `tools/vm_verify_sentinel_bundle.py --strict`.
3. Produces an auditorreadable report (JSON + text) under `out/`.
---
## Output
`out/` contains:
- `out/meridian_v1_conformance_report.json` (suite summary + per-test results)
- `out/meridian_v1_conformance_report.txt` (human summary)
- `out/sentinel_reports/<TEST_ID>.verification_report.json` (verifier output per test)
- `out/sentinel_stdio/<TEST_ID>.stderr.txt` (verifier stderr per test)
---
## Interpreting results
- Suite PASS means the fixtures and verifier behave as the MERIDIAN v1 spec requires.
- A deployment MAY claim “MERIDIAN v1 compliant” for a specific bundle **iff**:
`python3 tools/vm_verify_sentinel_bundle.py --bundle <BUNDLE_DIR> --strict` returns `PASS`
---
## Notes on “killer tests” terminology
MERIDIAN v1 does not introduce new verifier failure codes.
Examples:
- “silent denial” ⇒ Sentinel strict-mode failure `E_CHAIN_DISCONTINUITY`
- “unbounded automation” (v1 boundary) ⇒ modeled as “execution without intent” ⇒ `E_CHAIN_DISCONTINUITY`

15
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/README.md Normal file
View File

@@ -0,0 +1,15 @@
# fixtures/
Fixtures are **Sentinel v1 seal bundles** used as deterministic testvectors for MERIDIAN v1 invariants.
Layout:
- `pass/` bundles must verify with `--strict` and produce `PASS`.
- `fail/` bundles must fail with a specific Sentinel v1 `failure_code` (see `manifest.yaml`).
Each fixture directory is a bundle containing at minimum:
- `seal.json`
- `integrity.json`
- `verifier_manifest.json`
- receipts/events file(s) (typically `receipts.jsonl`)
- `roots.txt`

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/E_EVENT_HASH_MISMATCH/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: event_hash_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/E_EVENT_HASH_MISMATCH/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:1d37e53b7dbd608ab9418a1d9cc872d51100ec35020c6853aa1a2ff1c13d430b",
"path": "README.md",
"size_bytes": 53
},
{
"digest": "sha256:6555ba75e9c12063b8ea45aa7f2b8d42c0640bd7c34d5dec094d432347ea67fe",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:18c4ad7ddbb198e6fc8efe5e4769450a2856a7eb1d9e587937b306832c864030",
"path": "seal.json",
"size_bytes": 707
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/E_EVENT_HASH_MISMATCH/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:0000000000000000000000000000000000000000000000000000000000000000","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/E_EVENT_HASH_MISMATCH/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/E_EVENT_HASH_MISMATCH/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_event_hash_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/E_EVENT_HASH_MISMATCH/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/canon_version_unsupported/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: canon_version_unsupported

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/canon_version_unsupported/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:11bddf1e93d24997bd7d7a94f6395666edda587284e5ee4d2022d566f04f1957",
"path": "README.md",
"size_bytes": 59
},
{
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:80f5f348140ab695b27edd60b4edcb8bffaaa9a148ea546c4a467a0185feac8c",
"path": "seal.json",
"size_bytes": 715
},
{
"digest": "sha256:69f602c85f266f780deeb99085531e43ca8ecf0062f7d68a727de0dd05a4d824",
"path": "verifier_manifest.json",
"size_bytes": 240
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/canon_version_unsupported/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/canon_version_unsupported/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/canon_version_unsupported/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v999","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_canon_version_unsupported","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/canon_version_unsupported/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v999","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/double_outcome/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: double_outcome

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/double_outcome/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:f6c5fff056a8fab6b5df6a8ddd085c6f0ac33bc659fc653434233127bca1c130",
"path": "README.md",
"size_bytes": 48
},
{
"digest": "sha256:4a4284db18107347fd0c7645b08c614777b5c88375f797561e197c1fec5103f7",
"path": "receipts.jsonl",
"size_bytes": 2698
},
{
"digest": "sha256:a782d2beebe78664aca0dbe2b42beed275042afdcc8643d5fd6a2ff960dea739",
"path": "roots.txt",
"size_bytes": 377
},
{
"digest": "sha256:1fc193716891d3cde4486d09c8705041cab1654ba9583a4987299aa5b097650c",
"path": "seal.json",
"size_bytes": 702
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

4
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/double_outcome/receipts.jsonl Normal file
View File

@@ -0,0 +1,4 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:f8e7607b7d45d306b9da8361593a115e45c91c4efce19790aaee4308ee836d4a","event_id":"00000000-0000-4000-8000-000000000221","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:operator:demo","cap_hash":"sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd","event_hash":"sha256:226a880a1f30a1fd24be533deecca73af5b9badece02cbb770cff8089e1d78c2","event_id":"00000000-0000-4000-8000-000000000222","event_type":"action_intent","op":"meridian.v1.plc.write","op_digest":"sha256:8ce9de554fc5a237b1f8a7d0b4711058c0c2ad933c70165c4d900337afc6cf84","payload":{"kind":"command_requested","params":{"plc":"plc:demo","register":"R3","value":"1"}},"prev_event_hash":"sha256:f8e7607b7d45d306b9da8361593a115e45c91c4efce19790aaee4308ee836d4a","result":"ok","seq":1,"trace_id":"22222222-2222-4222-8222-222222222224","ts":"2025-03-17T03:17:41Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd","event_hash":"sha256:ce6bfb75f3792c08b0237d7d051c6af8ec0193c2d14c81845f835e53f621c251","event_id":"00000000-0000-4000-8000-000000000223","event_type":"action_executed","op":"meridian.v1.plc.write","op_digest":"sha256:8ce9de554fc5a237b1f8a7d0b4711058c0c2ad933c70165c4d900337afc6cf84","payload":{"kind":"command_executed","params":{"plc":"plc:demo","register":"R3","value":"1"}},"prev_event_hash":"sha256:226a880a1f30a1fd24be533deecca73af5b9badece02cbb770cff8089e1d78c2","result":"ok","seq":2,"trace_id":"22222222-2222-4222-8222-222222222224","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd","event_hash":"sha256:faecc8feaf604e012cddd574260937d35c5b72ab2639e6c5f0a39e294a06dff8","event_id":"00000000-0000-4000-8000-000000000224","event_type":"shadow_receipt","op":"meridian.v1.plc.write","op_digest":"sha256:8ce9de554fc5a237b1f8a7d0b4711058c0c2ad933c70165c4d900337afc6cf84","payload":{"kind":"command_refused","params":{"plc":"plc:demo","register":"R3","value":"1"},"reason_code":"policy_denied"},"prev_event_hash":"sha256:ce6bfb75f3792c08b0237d7d051c6af8ec0193c2d14c81845f835e53f621c251","result":"deny","seq":3,"trace_id":"22222222-2222-4222-8222-222222222224","ts":"2025-03-17T03:17:43Z"}

5
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/double_outcome/roots.txt Normal file
View File

@@ -0,0 +1,5 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:f8e7607b7d45d306b9da8361593a115e45c91c4efce19790aaee4308ee836d4a
seq=1 root=sha256:a1e813b1a70383dfc2ede487c125d606936ecad92a68ebe3d37d37d7c98f78df
seq=2 root=sha256:01393640058eca7ac43a6aae2112966c234f0bbfc58c1c67ffd88192bf6858da
seq=3 root=sha256:ca845f9f1caf91eb2beb556ed6feb2e9ce9fd6cf7ec6bdd6100c343700ec9b2f

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/double_outcome/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:44Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":3,"until_ts":"2025-03-17T03:17:43Z"},"root":{"end":"sha256:ca845f9f1caf91eb2beb556ed6feb2e9ce9fd6cf7ec6bdd6100c343700ec9b2f","seq":3,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_double_outcome","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/double_outcome/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/event_hash_mismatch/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: event_hash_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/event_hash_mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:1d37e53b7dbd608ab9418a1d9cc872d51100ec35020c6853aa1a2ff1c13d430b",
"path": "README.md",
"size_bytes": 53
},
{
"digest": "sha256:6555ba75e9c12063b8ea45aa7f2b8d42c0640bd7c34d5dec094d432347ea67fe",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:18c4ad7ddbb198e6fc8efe5e4769450a2856a7eb1d9e587937b306832c864030",
"path": "seal.json",
"size_bytes": 707
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/event_hash_mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:0000000000000000000000000000000000000000000000000000000000000000","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/event_hash_mismatch/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/event_hash_mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_event_hash_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/event_hash_mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/execution_without_intent/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: execution_without_intent

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/execution_without_intent/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:cc5a97bbce56fd6bbf0fcc1491a9ca68aa45afd99d5d39b0499a7c1db665135f",
"path": "README.md",
"size_bytes": 58
},
{
"digest": "sha256:216c9d68e68651c04819ea7d8e9a274fccbe26963728e2a4b472d62cf9c07429",
"path": "receipts.jsonl",
"size_bytes": 1292
},
{
"digest": "sha256:0396a0afb4802666620d63682da492bf219867fc7099aa0628df71aed60a2b42",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:2b21d2200ae30ce18e9803ce18dc338b0429636d0a3f6abf6eaf2715340344ed",
"path": "seal.json",
"size_bytes": 712
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/execution_without_intent/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:c66fee7334d8077b76e96500eef6fded3d4df6c43adabed19f63e8a8439e476a","event_id":"00000000-0000-4000-8000-000000000211","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc","event_hash":"sha256:0cf93dc668ae23232678731e8d5286322e5524fdb03e6779efac8933c33e1e1f","event_id":"00000000-0000-4000-8000-000000000212","event_type":"action_executed","op":"meridian.v1.plc.write","op_digest":"sha256:a68906cc6970cc15a611fff2b81a07a31dc93bd7dd5506bf4406cb16d447252b","payload":{"kind":"command_executed","params":{"plc":"plc:demo","register":"R9","value":"1"}},"prev_event_hash":"sha256:c66fee7334d8077b76e96500eef6fded3d4df6c43adabed19f63e8a8439e476a","result":"ok","seq":1,"trace_id":"99999999-9999-4999-8999-999999999999","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/execution_without_intent/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:c66fee7334d8077b76e96500eef6fded3d4df6c43adabed19f63e8a8439e476a
seq=1 root=sha256:0ebb872451cb6669ae997e558631fdaa38df560b53c6e09ca51621f2e84c9145

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/execution_without_intent/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:0ebb872451cb6669ae997e558631fdaa38df560b53c6e09ca51621f2e84c9145","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_execution_without_intent","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/execution_without_intent/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/invalid_jsonl_truncated/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: invalid_jsonl_truncated

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/invalid_jsonl_truncated/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:076f6c0260405dd67ac641d9ad61a86c2e15e5b77140d41f297bd52c1047de8b",
"path": "README.md",
"size_bytes": 57
},
{
"digest": "sha256:5ae4c468ed53f5c8a7518ffd24cac29837f20e7377db06aa995fed4b5e88e654",
"path": "receipts.jsonl",
"size_bytes": 14
},
{
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:7be2019d7bca77e2b9e44da0710ae43fc8625ec448938a6aaa69efe533b7a00f",
"path": "seal.json",
"size_bytes": 711
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/invalid_jsonl_truncated/receipts.jsonl Normal file
View File

@@ -0,0 +1 @@
{"truncated":

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/invalid_jsonl_truncated/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/invalid_jsonl_truncated/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_invalid_jsonl_truncated","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/invalid_jsonl_truncated/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/manifest_hash_mismatch/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: manifest_hash_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/manifest_hash_mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:51fb89251d833c3229d284ce080135f1d53c7a22a5b5c715fe43a7257e61d98c",
"path": "README.md",
"size_bytes": 56
},
{
"digest": "sha256:2222222222222222222222222222222222222222222222222222222222222222",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:2579685d2b55aa625b00cc62833ce139277ba82d856873d62d78f62a7380c6ca",
"path": "seal.json",
"size_bytes": 710
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/manifest_hash_mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/manifest_hash_mismatch/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/manifest_hash_mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_manifest_hash_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/manifest_hash_mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/missing_required_file_roots/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: missing_required_file_roots

26
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/missing_required_file_roots/integrity.json Normal file
View File

@@ -0,0 +1,26 @@
{
"files": [
{
"digest": "sha256:f55737e620d70f3a0d13c56bae90556ad012375786d5d1a3e7e3c6360c97ad21",
"path": "README.md",
"size_bytes": 61
},
{
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:2117ebec196781f6b1526ea2786eacda4661790000f8ca0ac4d965f4a3dcd04b",
"path": "seal.json",
"size_bytes": 701
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/missing_required_file_roots/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/missing_required_file_roots/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_missing_roots","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/missing_required_file_roots/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/op_digest_mismatch/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: op_digest_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/op_digest_mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:6d84872131ebbbea2cfe51f4fc78b637cf8d3fbd07536efad7842494824ebff5",
"path": "README.md",
"size_bytes": 52
},
{
"digest": "sha256:cc8c8a8a826aa2af56c973d0acf5d2cb3c15ec27774b32d379fdbcd773ea89fc",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:0f409ba6f0b3a5f725c27ea4f694d3233ba525c0e8b45346db78677a28a1bb27",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:d9927f312b368cc93c5f658129520be2e410a53cc430ee17d1994a56a587fa7b",
"path": "seal.json",
"size_bytes": 706
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/op_digest_mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:0dc6ce7f089a5a984b539949cd115c3c82bdf042d8c258629c2435f52ff0931c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/op_digest_mismatch/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:bd92627c9be6c20d5fa39a43af20b71399df67515c57c4f3747021135ce6c1a0

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/op_digest_mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:bd92627c9be6c20d5fa39a43af20b71399df67515c57c4f3747021135ce6c1a0","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_op_digest_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/op_digest_mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/prev_event_hash_mismatch/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: prev_event_hash_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/prev_event_hash_mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:b2c04f16a262c9c0dbf5cd97453f39a2d1784cd4cf8bc33c2db18699ebee85b7",
"path": "README.md",
"size_bytes": 58
},
{
"digest": "sha256:d0926fb0271ef172b3a266acba1ef72e4874b4c6a10fd4728c4a5c0637f23b1e",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:151c573c6450d7e11ac7714e5f46f3ed4dd8236095cd4dd4abcece4aa0d6cfe0",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:9ce9202c3070d5c10873cc060c40657a582d1d0ba610afb158bdc064dd089150",
"path": "seal.json",
"size_bytes": 706
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/prev_event_hash_mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:66097f23685fbf3559480b7cb89f2bef233321702f94ab0878074fa023b459e5","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:1111111111111111111111111111111111111111111111111111111111111111","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/prev_event_hash_mismatch/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:018be4d5f99ee40aa0d2fa0ef572a029b10b3626462bec9f0046d32358e04122

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/prev_event_hash_mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:018be4d5f99ee40aa0d2fa0ef572a029b10b3626462bec9f0046d32358e04122","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_prev_hash_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/prev_event_hash_mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/range_mismatch/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: range_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/range_mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:487b6fe99e45ba428c81ccbf8412fd8cdfe653631e686bc9e3d84337e5968ec6",
"path": "README.md",
"size_bytes": 48
},
{
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:ab1e7d06897cf422b09e688ef6346756a1b4cea3237c350f4f5f9d4b3fb5becc",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:eeea9ab98df5540b0493f948e3fbb2f982f6a950cd6d690edcb8edc7818780c6",
"path": "seal.json",
"size_bytes": 702
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/range_mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/range_mismatch/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/range_mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":0,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:086b680e09037deacf61ba9cc73b3c7da2737db7ef3802c887b12e6d76bd85ee","seq":0,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_range_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/range_mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/revoked_capability_used/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: revoked_capability_used

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/revoked_capability_used/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:e2ac0e69c825925179a37cc3c7f302db809c0882529b09b24fa19170c76a9722",
"path": "README.md",
"size_bytes": 57
},
{
"digest": "sha256:102e1ba3c758a3387ee658a552a682339cb0ff4c0dac46b8fee2ab1298d661ac",
"path": "receipts.jsonl",
"size_bytes": 2616
},
{
"digest": "sha256:800646f71e8dfa68f5ff59e037aefe1f4c343ec8fe50259f7c70b53559c14ec6",
"path": "roots.txt",
"size_bytes": 377
},
{
"digest": "sha256:7572439a56d51a887204b0ad45af3b9d1be561b19b83d6563686ff2c70a22d4f",
"path": "seal.json",
"size_bytes": 711
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

4
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/revoked_capability_used/receipts.jsonl Normal file
View File

@@ -0,0 +1,4 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:255f64c373130f8c525b25a75a4f39509fe9d5749cc0a0998b8ec4770c2bdb5e","event_id":"00000000-0000-4000-8000-000000000401","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:guardian:demo","cap_hash":"none","event_hash":"sha256:01dee033c0551df6d97f1bf1a42901eff46fe74c924e7ffd6b826294770e4746","event_id":"00000000-0000-4000-8000-000000000402","event_type":"cap_revoke","op":"meridian.v1.cap.revoke","op_digest":"sha256:3ec26a65972bb3d5cdbb73e8b5cb21493eb4d93cfa4a5458624b344fb2c71205","payload":{"params":{"revoked_cap_hash":"sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"}},"prev_event_hash":"sha256:255f64c373130f8c525b25a75a4f39509fe9d5749cc0a0998b8ec4770c2bdb5e","result":"ok","seq":1,"trace_id":"55555555-5555-4555-8555-555555555555","ts":"2025-03-17T03:17:41Z"}
{"actor":"did:vm:operator:demo","cap_hash":"sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee","event_hash":"sha256:362ef4b2dfb84d65740385a2408e5c2d2347f4b72c54719c71cc23ff3753583b","event_id":"00000000-0000-4000-8000-000000000403","event_type":"action_intent","op":"meridian.v1.plc.write","op_digest":"sha256:117d3ce1dbece95b6bf06b1d251946dedfd879a0cb38aa8b8ec4e34380f1d1c8","payload":{"kind":"command_requested","params":{"plc":"plc:demo","register":"R7","value":"1"}},"prev_event_hash":"sha256:01dee033c0551df6d97f1bf1a42901eff46fe74c924e7ffd6b826294770e4746","result":"ok","seq":2,"trace_id":"44444444-4444-4444-8444-444444444444","ts":"2025-03-17T03:17:42Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee","event_hash":"sha256:bd3b793f7cc567527df49b49c1282bbf43c67e7bac4e8ad54a45c4e76f06f035","event_id":"00000000-0000-4000-8000-000000000404","event_type":"action_executed","op":"meridian.v1.plc.write","op_digest":"sha256:117d3ce1dbece95b6bf06b1d251946dedfd879a0cb38aa8b8ec4e34380f1d1c8","payload":{"kind":"command_executed","params":{"plc":"plc:demo","register":"R7","value":"1"}},"prev_event_hash":"sha256:362ef4b2dfb84d65740385a2408e5c2d2347f4b72c54719c71cc23ff3753583b","result":"ok","seq":3,"trace_id":"44444444-4444-4444-8444-444444444444","ts":"2025-03-17T03:17:43Z"}

5
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/revoked_capability_used/roots.txt Normal file
View File

@@ -0,0 +1,5 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:255f64c373130f8c525b25a75a4f39509fe9d5749cc0a0998b8ec4770c2bdb5e
seq=1 root=sha256:d825463571271525aa2e65fb72574040538c71ee8ab8ebf88de72d08cc364038
seq=2 root=sha256:f0b4f65c899b47afc42611b449fe4be1c092d2360e172af9cb31137660290bf0
seq=3 root=sha256:22f52ba66114decc6702f2e711ddfd690b1567a5fc2586339feb658c44f593c3

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/revoked_capability_used/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:44Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":3,"until_ts":"2025-03-17T03:17:43Z"},"root":{"end":"sha256:22f52ba66114decc6702f2e711ddfd690b1567a5fc2586339feb658c44f593c3","seq":3,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_revoked_capability_used","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/revoked_capability_used/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/root_mismatch/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: root_mismatch

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/root_mismatch/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:cb5376f22e2f1d4b956f3a61cd85d2010d9ff160f9109f876eb6dff7e68eb483",
"path": "README.md",
"size_bytes": 47
},
{
"digest": "sha256:fe99e620546158cba1855aef378ce7c14de48c89e99bf7ee9eb259340d21f1df",
"path": "receipts.jsonl",
"size_bytes": 1200
},
{
"digest": "sha256:818502d58a7dea7ec78196f629a223b10ec2603a762fc76500b2bc59592d9e66",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:9cb2077be17e3f77f4151830b309e6ff79169fa9a188b0707fd3662b6b4354f2",
"path": "seal.json",
"size_bytes": 701
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/root_mismatch/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:e94f886565c5ddb0593a763d185a9f939895cddbb9fe678474097bd44642636c","event_id":"00000000-0000-4000-8000-000000000102","event_type":"tamper_signal","op":"meridian.v1.tamper_signal","op_digest":"sha256:ab8c0984c1dec7b04adc4d6eb51ba3065e339ff63b55d00aa6169e5047004c0f","payload":{"kind":"tamper_signal","params":{"signal":"case_open"}},"prev_event_hash":"sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e","result":"ok","seq":1,"trace_id":"33333333-3333-4333-8333-333333333333","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/root_mismatch/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:29e0c8bbe263751ae6b81171fd05aa3f8ab5a9085d4e6c084f1238cc77af933e
seq=1 root=sha256:3333333333333333333333333333333333333333333333333333333333333333

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/root_mismatch/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:3333333333333333333333333333333333333333333333333333333333333333","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_root_mismatch","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/root_mismatch/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/seq_non_monotonic_duplicate/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: seq_non_monotonic_duplicate

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/seq_non_monotonic_duplicate/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:d22dcdada9f37d6f6860d160ea994f7db1b75844b3ff6d301e33d47a69010e9c",
"path": "README.md",
"size_bytes": 61
},
{
"digest": "sha256:0e4056952676edaf73e2841421a7c7597a4ccee5c6c1cf29576eb9cb8926a8c0",
"path": "receipts.jsonl",
"size_bytes": 1800
},
{
"digest": "sha256:dda5f37f4d5bb9bda4b00c7042b2249fb8ec6ae68008b86d6e60774cca728458",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:a6cbbbfe4a59dfdff145d4ca8a7b631d71b599f35ae53dbfdbea90bc9b103d98",
"path": "seal.json",
"size_bytes": 705
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/seq_non_monotonic_duplicate/receipts.jsonl Normal file
View File

@@ -0,0 +1,3 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:8400306ca8ae4c0a051d25b5315ce07654281ea49d58698fa7a3d30f17a9c3a0","event_id":"00000000-0000-4000-8000-000000000301","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:8433e0eb0867866fa7ba7fba0bff09302b6ac9bc03d04608cf3d7e4f892c7648","event_id":"00000000-0000-4000-8000-000000000302","event_type":"health_event","op":"meridian.v1.health","op_digest":"sha256:86a43eb2d983d91d8cf106edf3d55e9590a72647fe00ca9a919819a4c853ec30","payload":{"kind":"health_event","params":{"ok":true}},"prev_event_hash":"sha256:8400306ca8ae4c0a051d25b5315ce07654281ea49d58698fa7a3d30f17a9c3a0","result":"ok","seq":1,"trace_id":"aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa","ts":"2025-03-17T03:17:41Z"}
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:5955a07c38ee54c89feef03eb7295483e2ad00059174b20ec8f24481e090f03a","event_id":"00000000-0000-4000-8000-000000000303","event_type":"corruption_detected","op":"meridian.v1.corruption_detected","op_digest":"sha256:3fb33f6ebd627285686d974ee770894dc91f1e77b90448ddda0d23012e48eccb","payload":{"kind":"corruption_detected","params":{"component":"storage"}},"prev_event_hash":"sha256:8433e0eb0867866fa7ba7fba0bff09302b6ac9bc03d04608cf3d7e4f892c7648","result":"error","seq":1,"trace_id":"bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/seq_non_monotonic_duplicate/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:8400306ca8ae4c0a051d25b5315ce07654281ea49d58698fa7a3d30f17a9c3a0
seq=1 root=sha256:ed0d9e93d9feed61c3c3baa9a99866d88909275efb1d6490a7760363aa41d0ce

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/seq_non_monotonic_duplicate/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:ed0d9e93d9feed61c3c3baa9a99866d88909275efb1d6490a7760363aa41d0ce","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_seq_non_monotonic","sentinel_version":"0.1.0"}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/seq_non_monotonic_duplicate/verifier_manifest.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/silent_denial_intent_without_outcome/README.md Normal file
View File

@@ -0,0 +1 @@
MERIDIAN v1 conformance fixture: silent_denial_intent_without_outcome

31
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/silent_denial_intent_without_outcome/integrity.json Normal file
View File

@@ -0,0 +1,31 @@
{
"files": [
{
"digest": "sha256:b38038066e2b0824a4d2e23ae90964452c073c328934bd1a64a395a07b84738f",
"path": "README.md",
"size_bytes": 70
},
{
"digest": "sha256:8403298da38e131bfb9533ab3f483b7e6a5800e3ec0769f8890656cc026c54c9",
"path": "receipts.jsonl",
"size_bytes": 1288
},
{
"digest": "sha256:a3aff64880a37f16b8e1e83cc2f8e16d40d4126676abce6a071c4ed090f7280c",
"path": "roots.txt",
"size_bytes": 211
},
{
"digest": "sha256:1630336168944b3fc601984ab346ed9bccb3fb0a63daa40437b276aa230dbebc",
"path": "seal.json",
"size_bytes": 701
},
{
"digest": "sha256:421bc39113331983867b523c4019984ddee73136cde3af5e540978549101d4d8",
"path": "verifier_manifest.json",
"size_bytes": 238
}
],
"format": "vm-sentinel-integrity-v1",
"hash_algo": "sha256"
}

2
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/silent_denial_intent_without_outcome/receipts.jsonl Normal file
View File

@@ -0,0 +1,2 @@
{"actor":"did:vm:meridian:gw:demo","cap_hash":"none","event_hash":"sha256:65454174bcfd71e018828a00aa1a54ef48bb68c901df0af4889979b572da252b","event_id":"00000000-0000-4000-8000-000000000201","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"11111111-1111-4111-8111-111111111111","ts":"2025-03-17T03:17:40Z"}
{"actor":"did:vm:operator:demo","cap_hash":"sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb","event_hash":"sha256:988d189147174703c406cced62a4d1e5c968ad676b2ddcfc99d0652f7c974c22","event_id":"00000000-0000-4000-8000-000000000202","event_type":"action_intent","op":"meridian.v1.plc.write","op_digest":"sha256:f0625adaa0316d2058fd9f2d9ccf497fda392b709306b74441e7236e2f29d39a","payload":{"kind":"command_requested","params":{"plc":"plc:demo","register":"R2","value":"1"}},"prev_event_hash":"sha256:65454174bcfd71e018828a00aa1a54ef48bb68c901df0af4889979b572da252b","result":"ok","seq":1,"trace_id":"22222222-2222-4222-8222-222222222223","ts":"2025-03-17T03:17:41Z"}

3
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/silent_denial_intent_without_outcome/roots.txt Normal file
View File

@@ -0,0 +1,3 @@
# Sentinel root history (seq -> merkle root)
seq=0 root=sha256:65454174bcfd71e018828a00aa1a54ef48bb68c901df0af4889979b572da252b
seq=1 root=sha256:9b669e18278c025b371af97d641406d36b3b2b770ded71cf4420d16e4fe336e1

1
MERIDIAN_V1_CONFORMANCE_TEST_SUITE/fixtures/fail/silent_denial_intent_without_outcome/seal.json Normal file
View File

@@ -0,0 +1 @@
{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:meridian:gw:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":1,"until_ts":"2025-03-17T03:17:41Z"},"root":{"end":"sha256:9b669e18278c025b371af97d641406d36b3b2b770ded71cf4420d16e4fe336e1","seq":1,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"mv1_silent_denial","sentinel_version":"0.1.0"}

Some files were not shown because too many files have changed in this diff Show More