Skip to content

dynamicfeed/df-verify

Repository files navigation

DF-VERIFY/1: verifiable grounding for AI that acts

Reference implementation of DF-VERIFY/1, an open, vendor-neutral standard for cryptographically signing, publishing, and independently verifying exactly what an AI system was told the moment it acted.

When an AI acts (it moves a robot, places a trade, files a claim), "trust me" is not an audit trail. DF-VERIFY attaches an Ed25519 signature to any JSON response, publishes the verifying key openly, and lets anyone check it with no account and no dependency on the issuer. You can verify, even against the issuer.

conformance DF-VERIFY/1 License: MIT

Every verifier here (Python, JavaScript, C#, Rust) is held to the same language-agnostic conformance vectors, run in CI on every commit. Canonicalization must match byte-for-byte, the authentic signature must verify, and the tampered twin must be rejected.

What's here

Path What
clients/python dynamicfeed-verify: Python reference verifier (library + CLI)
clients/js @dynamicfeed/verify: JavaScript/TypeScript verifier (Node, Deno, Bun, browser)
clients/csharp C# reference verifier
clients/rust dynamicfeed-verify: Rust reference verifier (library + CLI), passes the shared vectors
examples/verified-agent a runnable agent that verifies a signature before it acts
tests/vectors language-agnostic conformance vectors + Python & JS harnesses

Verify in 30 seconds

Both reference verifiers are published. Install one and check a live signed verdict in two lines.

Python (pip install dynamicfeed-verify)

from dynamicfeed_verify import verify_live
env, result = verify_live()        # fetch a fresh signed verdict and verify it
assert result["ok"]                # tampered or unsigned: this fails

JavaScript (npm i @dynamicfeed/verify)

import { verifyLive } from '@dynamicfeed/verify';
const { result } = await verifyLive();
if (!result.ok) throw new Error(`unverified world-state: ${result.error}`);

Or run the demo agent from source (verify-before-act, and watch it refuse when tampered):

git clone https://github.com/dynamicfeed/df-verify && cd df-verify
pip install cryptography
python examples/verified-agent/agent.py            # verify a live verdict, then act
python examples/verified-agent/agent.py --tamper   # altered after signing, the agent refuses to act

How it works

  1. Drop the signature block; keep the rest as the payload.
  2. Canonicalize: JSON, keys sorted recursively, compact separators, non-ASCII escaped \uXXXX, UTF-8.
  3. Fetch the public key from https://dynamicfeed.ai/.well-known/keys, look up signature.key_id.
  4. Verify the Ed25519 signature over the canonical bytes. Change one byte → it fails.

Conformance

python3 tests/verify_vectors.py     # Python harness  → "✓ ALL 10 VECTORS PASS"
node    tests/verify_vectors.mjs    # JS harness (run: npm install --prefix clients/js  first)

Both reference verifiers reproduce every vector (same canonical bytes, same signature verdicts), so you can confirm a new implementation in any language byte-for-byte.

Links

License

MIT.

Reliability axis

Beyond signing what was said, the reliability/ toolkit grades how much to believe it: the OKF reliability object (schema + zero-dep Python & JS validators), enforcing signed != verified. See reliability/README.md.

About

DF-VERIFY/1 — verifiable grounding for AI that acts. Reference verifiers (Python/JS/C#), a demo agent, and conformance vectors. Spec: https://dynamicfeed.ai/standard

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors