@veritasacta/protocol
v0.1.1
Published
Veritas Acta v0.1 — canonical evidence protocol for machine decisions. Types, signing, verification, and conformance tests.
Maintainers
tomjwxfReadme
@veritasacta/protocol
Veritas Acta v0.1 — the canonical evidence protocol for machine decisions.
Every tool call, every agent decision, every policy enforcement — cryptographically signed, content-addressed, and independently verifiable. Without trusting anyone.
Install
npm install @veritasacta/protocolQuick Start
import {
createReceipt,
createDecision,
verifyReceipt,
ACTA_RECEIPT_TYPES,
} from '@veritasacta/protocol';
// Generate a signing key
import { ed25519 } from '@noble/curves/ed25519';
import { bytesToHex } from '@noble/hashes/utils';
import { randomBytes } from 'node:crypto';
const privateKey = randomBytes(32);
const publicKey = ed25519.getPublicKey(privateKey);
const key = {
privateKey: bytesToHex(privateKey),
publicKey: bytesToHex(publicKey),
kid: 'my-gateway',
};
// Create a signed decision receipt
const receipt = createDecision(key, {
issuer_id: 'my-gateway',
subject_id: 'agent-1',
tool_name: 'write_file',
decision: 'allow',
agent_id: 'agent-1',
active_policy_hash: 'sha256:abc123',
});
// Verify it
const result = verifyReceipt(receipt, key.publicKey);
console.log(result); // { valid: true, checks: { ... } }Core Concepts
Receipt Types (v0.1 Ontology)
| Type | Purpose |
|---|---|
| acta:observation | Agent read/observed a resource |
| acta:policy-load | Policy was loaded/changed |
| acta:approval | Human or system authorized an action |
| acta:decision | Gateway allowed/blocked a tool call |
| acta:execution | Tool was invoked with parameters |
| acta:outcome | Tool returned result (success/error/partial/timeout) |
| acta:delegation | Agent A granted authority to Agent B |
| acta:capability-attestation | Third party attests to agent capability |
Evidence Chain
Receipts link to each other via typed edges, forming a directed acyclic graph (DAG):
observation → policy-load → decision → execution → outcome
↑
delegation ─┘Envelope Structure
ActaReceipt<T>
├── signed_claims # Immutable, signed by issuer
│ ├── claims # ActaClaims<T> — the evidence
│ │ ├── receipt_id # Content-addressed (SHA-256)
│ │ ├── event_id # Stable per-event (for equivocation detection)
│ │ ├── edges[] # Typed links to other receipts
│ │ ├── payload # The actual evidence data
│ │ └── payload_digest # SHA-256 of canonical(payload)
│ └── signature # Ed25519 over canonical(claims)
├── anchors[] # Post-signature transparency log proofs
├── witness_signatures[] # Third-party co-signatures
└── disclosure_proofs[] # Salt reveals for selective disclosureSelective Disclosure (GDPR-Ready)
import { createCommitment, verifyCommitment, redactField } from '@veritasacta/protocol';
// Create a salted commitment (hides the real value)
const commitment = createCommitment('[email protected]');
// { salted_hash: "sha256:...", salt_hint: "8-char-prefix" }
// Later, reveal to an auditor
const proof = createDisclosureProof('[email protected]', commitment);
// GDPR: delete the salt → hash is mathematically irreversible
// The DAG remains intact, but the PII is gone forever.Anti-Spam
import { computeProofOfWork, verifyProofOfWork, checkRateLimit } from '@veritasacta/protocol';
// Token bucket rate limiting
const { allowed, retryAfterMs } = checkRateLimit(state, DEFAULT_RATE_LIMITS.basic);
// Hashcash proof-of-work for untrusted issuers
const pow = computeProofOfWork(receiptId, 8); // 8 leading zero bits
const valid = verifyProofOfWork(pow);W3C VC/DID Interop
import { receiptToVC, issuerToDid } from '@veritasacta/protocol';
// Convert any receipt to a W3C Verifiable Credential
const vc = receiptToVC(receipt);
// { "@context": ["https://www.w3.org/2018/credentials/v1", ...], type: ["VerifiableCredential", ...] }
// Map issuer IDs to DIDs
const did = issuerToDid('sb:agent:abc123');
// "did:web:scopeblind.com:agents:abc123"27 Conformance Tests
npm testTests cover: envelope integrity, content-addressed IDs, equivocation detection, selective disclosure, bundle verification, and all 8 receipt types.
License
MIT — this is an open protocol. Build on it.
ScopeBlind provides commercial evidence infrastructure at scopeblind.com.
Ontology: veritasacta.com/ontology