{ "author_run": true, "claims": [ { "claim_id": "pack-check-tamper-roundtrip", "claim_sha256": "882978e8bd49558678fab77699a92b1f748741b711a910b8ddb510df07335194", "command": "PYTHONPATH=src python3 -c \"import tempfile, pathlib, yaml; from certiv.pack import pack; from certiv.check import check; d = pathlib.Path(tempfile.mkdtemp()); (d / 'n.txt').write_text('4 5 6\\n'); m = {'schema': 'certiv_manifest_v1', 'paper': {'title': 't', 'authors': ['a']}, 'tier': 'T1', 'claims': [{'id': 'sum', 'statement': 's', 'command': 'python3 -c \\\"print(sum(int(x) for x in open(chr(110)+chr(46)+chr(116)+chr(120)+chr(116)).read().split()))\\\"', 'inputs': ['n.txt'], 'expect': {'value': '15'}}]}; (d / 'certiv.yaml').write_text(yaml.safe_dump(m)); r, p1 = pack(d, created_at='2026-01-01T00:00:00Z'); f1, p2 = check(d); (d / 'n.txt').write_text('9\\n'); f2, p3 = check(d); ok = (not p1) and (not p2) and p3 and 'input_hash_drift' in (f2[0].get('reason') or ''); print('E2E_ROUNDTRIP_OK' if ok else 'E2E_BROKEN')\"", "expect": { "value": "E2E_ROUNDTRIP_OK" }, "inputs": [ { "path": "src/certiv/hashing.py", "sha256": "81cfc8305c18f83dbd0a99643a43d9b0d76f6ed5d4c77104e2a1339cbb6cf18d" }, { "path": "src/certiv/manifest.py", "sha256": "d545ce990ef5d583a2143645b7692650262d47c3c89078206d4f0fced4d1a3fe" }, { "path": "src/certiv/runner.py", "sha256": "a40658b259202ef165236fc813d5fc0420fd6e4ef19e0e8803269fa41072a53d" }, { "path": "src/certiv/receipt.py", "sha256": "8cca0861be1e85248e6f7f5916d1eee1ba3fde0dcd5f8e4a5181c88c457fc423" }, { "path": "src/certiv/pack.py", "sha256": "0dfca285d5bda4b294f0daacda88c1ece736ee57475e23ef945d5537d1f08245" }, { "path": "src/certiv/check.py", "sha256": "5e4f3eb220c0ce97ff9ff181a6626ae4eaa709fd58c386682855e9a2d3a285a2" }, { "path": "src/certiv/registry.py", "sha256": "82253f414e567470298c6ef7fd2fcfd8662ecf8e77c1bbc92c83ef450a8f097d" }, { "path": "src/certiv/cli.py", "sha256": "17b3e68c53b552b8df0708c23fc2f8d9ef82897894fe4a67a5f10c1c970d2c83" } ], "kind": "executable", "notes": [], "run": { "duplicate_run_match": true, "exit_code": 0, "stdout_sha256": "23806d1fd9bf2ab90ea6e27d3e865420007269674f35c4a44c79e61315a7878a" }, "statement": "A packed paper passes check; tampering any pinned input makes check fail and name the file. End to end, stdlib only.", "status": "verified_local", "weight": "load_bearing" }, { "claim_id": "nondeterminism-fails-closed", "claim_sha256": "1e02111cf6a4506115a950dc2c28f99c018075a61f7a2f1e3b5b1f12dd39a4d3", "command": "PYTHONPATH=src python3 -c \"import tempfile, pathlib, yaml; from certiv.pack import pack; d = pathlib.Path(tempfile.mkdtemp()); m = {'schema': 'certiv_manifest_v1', 'paper': {'title': 't', 'authors': ['a']}, 'tier': 'T1', 'claims': [{'id': 'rnd', 'statement': 's', 'command': 'python3 -c \\\"import os; print(os.urandom(8).hex())\\\"', 'inputs': [], 'expect': {'stdout_sha256': 'auto'}}]}; (d / 'certiv.yaml').write_text(yaml.safe_dump(m)); r, problems = pack(d, created_at='2026-01-01T00:00:00Z'); print('FAIL_CLOSED_OK' if any('non_deterministic' in p for p in problems) else 'FAIL_OPEN')\"", "expect": { "value": "FAIL_CLOSED_OK" }, "inputs": [ { "path": "src/certiv/pack.py", "sha256": "0dfca285d5bda4b294f0daacda88c1ece736ee57475e23ef945d5537d1f08245" }, { "path": "src/certiv/runner.py", "sha256": "a40658b259202ef165236fc813d5fc0420fd6e4ef19e0e8803269fa41072a53d" } ], "kind": "executable", "notes": [], "run": { "duplicate_run_match": true, "exit_code": 0, "stdout_sha256": "12acb96954f82636809679ff258f7f61c92ed01750ae7e7c0d5da66bac119828" }, "statement": "A claim whose command is not deterministic is refused at pack time, never blessed.", "status": "verified_local", "weight": "load_bearing" }, { "claim_id": "node-fields-rejected", "claim_sha256": "443c4372c734b53327059175d6f0cb00906e129b69392f1381732ec9ea397458", "command": "PYTHONPATH=src python3 -c \"from certiv.receipt import verify_receipt_structure; v = verify_receipt_structure({'schema': 'certiv_receipt_v1', 'created_at': 'x', 'verification_result': {}, 'claims': [], 'receipt_sha256': ''}); print('NODE_FIELDS_REJECTED' if any('node_field' in x for x in v) else 'NODE_FIELDS_ACCEPTED')\"", "expect": { "value": "NODE_FIELDS_REJECTED" }, "inputs": [ { "path": "src/certiv/receipt.py", "sha256": "8cca0861be1e85248e6f7f5916d1eee1ba3fde0dcd5f8e4a5181c88c457fc423" } ], "kind": "executable", "notes": [], "run": { "duplicate_run_match": true, "exit_code": 0, "stdout_sha256": "2e59f7d4afd96b53afec7873f10a4b773030829faf4b0cd63965395482f4db3f" }, "statement": "An author-side receipt that carries node-only fields (verification_result, verified_at, node_id) is rejected.", "status": "verified_local", "weight": "load_bearing" }, { "claim_id": "kernel-agrees-with-tool", "claim_sha256": "a75e91e376989a8f7f09bc14bba02f6cd80f0ace688eedad3aafd37b4e0d86f6", "command": "PYTHONPATH=src python3 -c \"import tempfile, pathlib, yaml, subprocess, sys; from certiv.pack import pack; d = pathlib.Path(tempfile.mkdtemp()); (d / 'x.txt').write_text('7 11\\n'); m = {'schema': 'certiv_manifest_v1', 'paper': {'title': 't', 'authors': ['a']}, 'tier': 'T1', 'claims': [{'id': 'sum', 'statement': 's', 'command': 'python3 -c \\\"print(sum(int(x) for x in open(chr(120)+chr(46)+chr(116)+chr(120)+chr(116)).read().split()))\\\"', 'inputs': ['x.txt'], 'expect': {'value': '18'}}]}; (d / 'certiv.yaml').write_text(yaml.safe_dump(m)); r, problems = pack(d, created_at='2026-01-01T00:00:00Z'); sys.exit(1) if problems else None; k = subprocess.run(['python3', 'src/certiv/kernel/certiv-kernel.py', str(d), '--execute'], capture_output=True, text=True); print('KERNEL_AGREES' if k.returncode == 0 and 'CONFIRMED' in k.stdout else 'KERNEL_DISAGREES:' + k.stdout.strip())\"", "expect": { "value": "KERNEL_AGREES" }, "inputs": [ { "path": "src/certiv/kernel/certiv-kernel.py", "sha256": "0f8a8b3e63b2796b26b7dfbf6301ad349e333f1aca6cf938493177503933bb9c" }, { "path": "src/certiv/pack.py", "sha256": "0dfca285d5bda4b294f0daacda88c1ece736ee57475e23ef945d5537d1f08245" } ], "kind": "executable", "notes": [], "run": { "duplicate_run_match": true, "exit_code": 0, "stdout_sha256": "aa41ec8f5bf31fbc745d75a56a42ceba1c25c83d36afef783f5654992083db89" }, "statement": "The independent single-file kernel confirms, by re-execution, a receipt the full tool packs.", "status": "verified_local", "weight": "load_bearing" }, { "claim_id": "kernel-stays-readable", "claim_sha256": "c169a06fd8a65337ae9c2ba56b89f5ef44b580a0f0286c37ed9b570f45fb7df4", "command": "python3 -c \"n = sum(1 for _ in open('src/certiv/kernel/certiv-kernel.py')); print('KERNEL_SMALL' if n <= 250 else 'TOO_BIG:%d' % n)\"", "expect": { "value": "KERNEL_SMALL" }, "inputs": [ { "path": "src/certiv/kernel/certiv-kernel.py", "sha256": "0f8a8b3e63b2796b26b7dfbf6301ad349e333f1aca6cf938493177503933bb9c" } ], "kind": "executable", "notes": [], "run": { "duplicate_run_match": true, "exit_code": 0, "stdout_sha256": "6cb993405918139b4dcacb12e11c388648ea8961591de20fe6739b92e78dbb75" }, "statement": "The kernel, the one file a skeptic must trust, stays at or under 250 lines of standard library Python.", "status": "verified_local", "weight": "load_bearing" } ], "claims_merkle_root": "155b70f62f7376913541180d0468a21b50d9442d591c2e4e4da9f66b2f72fa9e", "coverage": { "load_bearing_total": 5, "load_bearing_verified_local": 5, "receipt_coverage_local": 1.0, "supporting_total": 0 }, "created_at": "2026-07-08T17:01:24Z", "environment": { "platform": "Linux-6.18.33.2-microsoft-standard-WSL2-x86_64-with-glibc2.35", "python": "3.9.7" }, "kernel": { "file": "certiv-kernel.py", "sha256": "0f8a8b3e63b2796b26b7dfbf6301ad349e333f1aca6cf938493177503933bb9c" }, "manifest_sha256": "bf76a62faf78fa6869dbd915d5630e24c713eee5a3dc919bee44f3987f5f78ee", "paper": { "authors": [ "G-14" ], "title": "certiv 0.1, the tool under its own law" }, "receipt_sha256": "c80ed6520b37345e16e2795edb6a61d0f83183e481e2eabc9c55878879821b11", "schema": "certiv_receipt_v1", "seal": null, "tier": "T1", "tool": { "name": "certiv", "version": "0.1.0" } }