@vorim/verify
v0.4.1
Published
Offline verifier for Vorim audit bundles — no network, no Vorim API call, no telemetry.
Maintainers
vorim-aiReadme
@vorim/verify
Offline verifier for Vorim audit bundles. No network. No Vorim API call. No telemetry.
vorim-verify checks that a Vorim audit bundle is authentic and untampered, using only Node's built-in cryptography. The verifier never contacts Vorim — every public key needed to verify a signature is embedded in the bundle itself.
Install
npm install -g @vorim/verifyOr run without installing:
npx @vorim/verify bundle.jsonUsage
vorim-verify bundle.json # verify a bundle file
cat bundle.json | vorim-verify - # read from stdin
vorim-verify --explain bundle.json # per-event verdicts
vorim-verify --json bundle.json # machine-readable JSON outputExit codes: 0 ok, 1 verification failed, 2 CLI / IO error.
Example output:
vorim-verify: OK
bundle_version : vaip-v0
manifest : OK (sha256:8ff556a7222f...)
events total : 247
verified : 247
unsigned : 0
bad signature : 0
unknown agent : 0
malformed : 0What verification proves
For every event marked verified:
- The bundle has not been edited since the API exported it. The bundle's SHA-256 manifest must match the bytes of
events + agentsexactly. - The agent identified in the event is the one that authored the bytes recorded. The event's
ed25519signature verifies under the agent's public key (embedded in the bundle'sagents[]). - The bytes signed are exactly the bytes recorded. Tampering with any of
event_type,action,resource,input_hash,output_hash, orresultinvalidates the signature.
What verification does NOT prove
Be honest about the limits:
- It does not prove the agent's identity is who it claims to be. That requires a separate trust anchor (the Vorim trust API, an IdP, a public key directory). The verifier confirms the binding between the signature and the public key in the bundle.
- It does not prove the bundle is recent. Add a timestamp authority or an externally-witnessed hash chain if freshness matters.
- It does not detect missing events. A bundle with N signed events is a true record of those N events. Whether other events were dropped before export is outside the verifier's scope. Pair with the Vorim
audit_eventscount for that. unsignedandunknown_agentevents are reported but do not fail the bundle. Operator's call: a fresh bundle from a v3.1+ SDK should be 100% signed; an older bundle may not be. The CLI surfaces the count; the operator decides what the threshold is.
Bundle format
The verifier expects the JSON shape produced by POST /v1/audit/export on Vorim API (bundle_version: "vaip-v0"). Minimum required:
{
"bundle_version": "vaip-v0",
"events": [
{
"event_id": "evt_...",
"agent_id_str": "agid_...",
"event_type": "tool_call",
"action": "transfer_funds",
"resource": "acct-1",
"input_hash": null,
"output_hash": null,
"result": "success",
"signature": "ed25519:..."
}
],
"agents": [
{ "agent_id": "agid_...", "public_key": "-----BEGIN PUBLIC KEY-----\n..." }
],
"manifest": "sha256:..."
}Canonical bytes signed
event_type|action|resource|input_hash|output_hash|resultPipe-joined, empty string for missing optional fields. The verifier exposes canonicalPayloadV0() so you can reproduce the bytes yourself.
Programmatic use
import { verifyBundle } from '@vorim/verify';
const bundle = JSON.parse(fs.readFileSync('bundle.json', 'utf-8'));
const report = verifyBundle(bundle);
if (!report.ok) {
console.error('bundle failed verification', report);
process.exit(1);
}Returns a VerifyReport with per-event verdicts and aggregate counts.
Auditing this code
The verifier is small and intentionally has no runtime dependencies. To audit it from source:
git clone https://github.com/Vorim-AI-Labs/vorim-protocol
cd vorim-protocol/packages/verify
npm install
npm test # 23 unit tests
npm run build # produces dist/cli.jsRead src/index.ts for the verification logic (≈220 lines) and src/cli.ts for the CLI shim.
License
MIT — see LICENSE.