diff --git a/README.md b/README.md index 4cb18b5..654f00b 100644 --- a/README.md +++ b/README.md @@ -1,197 +1,46 @@ +# VERIFRAX-verify - +## Purpose -
+Verification CLI/runtime surface for Verifrax bundles and decisions. - - - - - +## Status -

VERIFRAX — Public Verifier

+- **Stability**: Experimental +- **SemVer**: Not guaranteed until v1.0.0 +- **Security**: See **Security** section below -

- A static, public verification surface for verifrax.proof.v1 artifacts.
- Proofs are generated privately (engine stays private). Verification is public, portable, and offline-capable. -

+## Scope -

- Open Verifier UI -   |   - Repository -

+- What this repo is responsible for +- What it explicitly does **not** do -

- build - deploy - verifier - security -

+## Quickstart - - - - - - -
Portable Proofs
Copy/paste JSON anywhere		Engine Private
No engine code or IP here		Audit Surface
Deterministic schema validation
+```bash +# clone +git clone https://github.com/Verifrax/VERIFRAX-verify.git +cd VERIFRAX-verify -
+# install (adjust if needed) +# (placeholder) npm install / pnpm install / go test ./... / etc. +``` ---- +## Repository layout -## What this repository is +- `/` Root sources +- `/.github/` Issue + PR templates +- `/docs/` Documentation (if present) -**VERIFRAX-verify** is the **public verifier surface** for verifrax.proof.v1 proofs. +## Security -* **Private:** The VERIFRAX engine that generates proofs (IP, internals, implementation). -* **Public:** This repository, hosting a static verifier UI over GitHub Pages. -* **Portable:** Proofs are plain JSON. Anyone can validate without repo or engine access. +- Report vulnerabilities privately: **security@verifrax.org** +- Do **not** open public issues for sensitive findings -This repository is intentionally minimal: +## Contributing -* no servers -* no secrets -* no signing keys -* no privileged trust - ---- - -## Live Verifier - -**URL:** [https://verifrax.github.io/VERIFRAX-verify/](https://verifrax.github.io/VERIFRAX-verify/) - -### Verification contract (current) - -The verifier validates: - -* JSON parses correctly -* schema === "verifrax.proof.v1" -* required fields are present and well-formed -* artifact.sha256 is a valid 64-hex digest -* canonical fields are displayed deterministically - -Note: Hash recomputation requires local file access. The verifier intentionally avoids fetching or executing anything remotely. - ---- - -## Core invariant - -> Proofs travel without you. - -Once generated, a proof can be shared, archived, or audited without access to: - -* the VERIFRAX engine -* the private repository -* any secrets or credentials - ---- - -## Proof format - -A verifrax.proof.v1 document includes: - -* schema -* created_at -* repo -* baseline_tag -* core_dist_hash -* artifact { name, path, sha256 } -* certificate_v1 -* verify_ref (this verifier URL) - ---- - -## Security and threat model - -This repository is a verification surface, not a signing authority. - -* No secrets -* No engine internals -* No remote execution - -See: - -* THREAT_MODEL.md -* CLI_SPEC.md - ---- - -## Repository structure - -* index.html — Verifier UI -* THREAT_MODEL.md — Threat model -* CLI_SPEC.md — CLI and proof contract -* MARKET_WEDGE.md — Adoption framing -* WHAT_VERIFRAX_SOLVES.md -* WHY_NOT_BLOCKCHAIN.md -* UI_WIREFRAME.md - ---- - -## Deployment - -Deployed via GitHub Pages: - -* Branch: main -* Folder: / -* Build: none (static) - ---- - -## Roadmap (public verifier) - -* Local file upload for SHA-256 recomputation -* Strict canonical field rendering -* Schema version registry -* Anchor visualization (engine-gated) - ---- +See `CONTRIBUTING.md`. ## License -MIT License - -Copyright (c) 2025 **VERIFRAX** - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - ---- - -## Maintainer - -VERIFRAX
-Public verifier: [https://verifrax.github.io/VERIFRAX-verify/](https://verifrax.github.io/VERIFRAX-verify/) - ---- -AUTHORITATIVE LINKS: -- SPEC: https://github.com/Verifrax/VERIFRAX-SPEC -- PROFILES: https://github.com/Verifrax/VERIFRAX-PROFILES -- VERIFIER: https://github.com/Verifrax/VERIFRAX-verify - - -## Contract -- deterministic verification -- minimal dependency footprint -- suitable for CI + local use +MIT. See `LICENSE`.