@gravitylock/gwt-verify
v1.1.1
Published
Offline verifier for Gravity Lock signed artifacts
Maintainers
Readme
gwt-verify
Offline verifier CLI for Gravity Lock signed artifacts.
Quick start
cd verifier
npm install
npm testCommands
gwt-verify <artifact.json>gwt-verify <artifact.json> --jsongwt-verify <artifact.json> --pubkey <fingerprint>gwt-verify <artifact.json> --bundle <bundle.json>(custody cross-check)gwt-verify <artifact.json> --sample <n>(pipeline trace replay sample size)gwt-verify --version
Example usage
# Verify extension signed bundle
gwt-verify ./examples/bundle.json
# Machine-readable output
gwt-verify ./examples/bundle.json --json
# Enforce expected signer fingerprint
gwt-verify ./examples/bundle.json --pubkey "aa:bb:cc:..."
# Verify custody manifest against referenced bundle
gwt-verify ./examples/custody.json --bundle ./examples/bundle.json
# Verify pipeline trace with bounded replay sample size
gwt-verify ./examples/pipeline_trace.json --sample 25Packaging smoke
npm testruns verifier unit/integration testsnpm run test:packbuilds a tarball and verifies install-path execution (gwt-verify --version)
Exit codes
0: all checks pass1: signature verification failed2: canonical hash mismatch3: semantic verification failure4: unknown schema or unsupported artifact type5:--pubkeyfingerprint mismatch99: malformed input / read error / bad flags
Current coverage
- Extension signed bundles (
gwt.bundle.v1) with:- canonical hash re-derivation
- Ed25519 signature verification
- audit
prev_event_hashchain check - schema dispatch for
0.12/0.14/0.15/0.16
- Additional artifact semantics:
gwt.custody_manifest.v1: referenced bundle hash cross-check (--bundle)gwt.pipeline_trace.v1: reconstruction replay againsttransformed_input_hashgwt.coherence_report.v1: recompute and validate summary statisticsgwt.nucleus.v1: recompute weighted composite nucleus scoregwt.unified_bundle.v1: container signature + embedded extension/server bundle verification
Publish and npx flow
Use:
verifier/RELEASE.mdfor full release runbook (version bump, pack/install smoke, publish, post-publishnpxvalidation)verifier/PUBLISH_READY_CHECKLIST.mdfor operator checklistnpm run release:check(ornpm run release:check:full) for executable readiness checks
