Metadata-Version: 2.4
Name: invinoveritas-verify
Version: 0.1.0
Summary: Portable, offline, zero-dependency verifier for invinoveritas verdict proofs — verify without trusting the API or us.
Author: invinoveritas
License: MIT
Project-URL: Homepage, https://api.babyblueviper.com
Project-URL: Track record (the ledger), https://api.babyblueviper.com/ledger
Project-URL: How to verify, https://api.babyblueviper.com/.well-known/agent-handshake
Keywords: invinoveritas,verification,agent,proof,nostr,nip-01,schnorr,trustless
Requires-Python: >=3.8
Description-Content-Type: text/markdown

# invinoveritas-verify (Python)

**Verify an [invinoveritas](https://api.babyblueviper.com) verdict proof OFFLINE — trusting no one, not even our API, and not us.** An invinoveritas proof is a schnorr-signed Nostr event; this recomputes its event id (NIP-01), checks the BIP-340 signature against our **published** key, and confirms it's a real verdict — all on your machine. A `valid` result is something you *proved*, not something we *told* you.

**Zero dependencies** — pure stdlib (`hashlib`). A verifier that shipped a sketchy crypto dependency would be self-defeating; there is nothing here to trust but ~120 readable lines, and the only input that matters is a *public* key.

```bash
pip install invinoveritas-verify
```

```python
from invinoveritas_verify import verify_proof

# `event` is the signed proof from a /review {sign:true} or /prove response.
result = verify_proof(event)
if result["valid"]:
    print("invinoveritas issued exactly this verdict —", result["checks"])
    # {'id_integrity': True, 'signature_valid': True, 'issued_by_invinoveritas': True, 'is_proof_event': True}
```

CLI:

```bash
curl -s https://api.babyblueviper.com/.well-known/agent-handshake \
  | python -c "import sys,json; json.dump(json.load(sys.stdin)['try_it_now']['sample_proof']['event'], open('proof.json','w'))"
python -m invinoveritas_verify proof.json     # → {"valid": true, ...}, computed entirely on your machine
```

## Verify our key yourself

The package pins `PUBLISHED_PUBKEY`. Re-derive it any time and confirm it matches:

```bash
curl -s https://api.babyblueviper.com/.well-known/agent-handshake | grep -o '"verifier_pubkey":"[a-f0-9]*"'
```

If a proof's `pubkey` ≠ that key, it is **not** an invinoveritas verdict.

## Trust model

- `valid` ⇒ invinoveritas issued exactly this verdict (id integrity + schnorr + our key + proof shape).
- It does **not** assert freshness or that the proof was meant for *your* interaction — bind it to your input and check recency yourself.
- Verdicts are **byte-identical** to `POST https://api.babyblueviper.com/verify-proof`. The endpoint is a convenience; this is the same check without the round trip — "recomputable, not a score."

## Related

- **`invinoveritas`** (PyPI) — the full Python SDK, incl. the *online* verify-before-pay client (`preflight_verify`, `verify_proof`) and now `verify_proof_local` (the same offline check).
- **`invinoveritas-verify`** (npm) — the JavaScript/TypeScript twin.

Public track record: https://api.babyblueviper.com/ledger
