Verification¶

The core verification engine and FastAPI router. See Tutorial: Server-side verification for usage examples.

Public API¶

For gateway and runtime-session binding, call the package-root export rather than the private _verify module:

from agent_manifest import RevocationStore, VerificationContext, verify_manifest

verify_manifest() is the supported high-level entry point. VerificationContext.trusted_keys maps an issuer key_id (the SHA-256 hex of the public key bytes) to its base64url-encoded Ed25519 public key, the form returned by Ed25519KeyPair.public_b64url(). A consumer that holds raw public key bytes must base64url-encode them before populating trusted_keys. Signers and verifiers share agent_manifest.signing_pre_image() for the exact RFC 8785 canonical byte sequence, including the hitl_record.approvals normalization, so a relying party never reconstructs the pre-image itself.

Core function¶

verify_manifest ¶

verify_manifest(manifest: dict[str, Any], context: VerificationContext, revocation_store: 'RevocationStore') -> VerificationResult

Core verification engine - hosting-model agnostic and fail-closed.

Checks version compatibility, signature, expiry, revocation, artifact hashes, delegation chain, and HITL. Returns a VerificationResult with per-field status and mismatch details.

Fail-closed semantics (spec 5.3 - VALID requires a valid signature):

A manifest with an unsupported (or missing) version returns INCOMPATIBLE_VERSION without further processing (spec 2.4).
A manifest without a signature block returns SIGNATURE_MISSING.
A signed manifest verified without any trusted_keys in the context returns UNVERIFIABLE - never VALID.
A delegation chain that cannot be verified (no delegation_public_keys) is marked UNVERIFIABLE and the overall result is UNVERIFIABLE (spec 3.4.1 / 5.2).
enforce_hitl=True with no hitl_record in the manifest is a failure (HitlResult.MISSING and a non-VALID overall result).

Context¶

VerificationContext ¶

Bases: BaseModel

Runtime artifact hashes and keys provided by the trusted component.

Results¶

VerificationResult ¶

Bases: BaseModel

OverallResult ¶

Bases: str, Enum

FieldsVerified ¶

Bases: BaseModel

FieldResult ¶

Bases: str, Enum

DelegationResult ¶

Bases: str, Enum

HitlResult ¶

Bases: str, Enum

MismatchDetail ¶

Bases: BaseModel

EvidencePack is an optional reference (trace id, signer, hash, and URI) to an externally retained evidence pack that a verifier can record alongside a result.

EvidencePack ¶

Bases: BaseModel

Revocation¶

RevocationStore is the revocation lookup a verifier consults during verify_manifest(); the default is in-memory, and production deployments back it with a persistent store. RevocationRecord is a single revocation entry: which manifest was revoked, when, why, and by whom.

RevocationStore ¶

In-memory revocation store. Production should use a persistent backend.

RevocationRecord ¶

Bases: BaseModel

FastAPI router¶

create_router ¶

create_router(manifest_store: dict[str, dict[str, Any]], revocation_store: RevocationStore) -> Any

Return a FastAPI APIRouter with /verify and /revocation-status endpoints.

Parameters:

Name	Type	Description	Default
`manifest_store`	`dict[str, dict[str, Any]]`	Dict mapping manifest_id -> manifest dict.	required
`revocation_store`	`RevocationStore`	Revocation store instance.	required