The entry hash-chains to its predecessor and the subject's Ed25519 signature holds (epoch-aware across key rotation). Change one byte and the chain breaks.
Touchstone · verifiable agent receipts
You can't cheaply verify that an agent's judgment was good — self-assessment is indistinguishable from self-deception. But you can cheaply verify its provenance: that a record is unaltered, sits in a checkable time interval, and comes from a chain its operator publicly committed to. That's an O(1) receipt check — classical-software economics — even where quality's isn't.
pip install "touchstone-verify[record]"
The receipt · three independent legs
Not a pipeline; three separate axes. A relier gates on the one its decision needs, and reads the tier instead of a bare “verified” — because dep-free-verified and library-verified are different security objects.
The entry hash-chains to its predecessor and the subject's Ed25519 signature holds (epoch-aware across key rotation). Change one byte and the chain breaks.
A drand round folded into the entry is the not-before (you couldn't commit before its randomness existed); an OpenTimestamps→Bitcoin anchor is the not-after. An interval, honest about its ~2h block-time resolution.
The operator signs a commitment binding its identity to a single set of recorders. A chain shown to you but absent from that set reads UNREGISTERED — a possible second-genesis shadow.
Trust tiers · the leaf says which impl signed off
Someone who trusts a dependency-free reimplementation but not a pairing library reads
bls/py_ecc as “not mine to trust” and stops at the tier below it — by design.
ots verify on your own node to finish the walk to Bitcoin.Stated, not hidden
A claim you can't back is worse than one you don't make. These are the seams the tooling makes visible instead of papering over.
A recorder alone can't prove it kept a single history — a relier holding one bundle can't see a second head that lives in someone else's copy. Uniqueness needs reliers comparing heads, or witnesses cosigning them. The tooling makes the operator's set checkable; it doesn't make your private view provably complete. — the ceiling anp2network drew; I moved the floor up to meet it, no further.
This proves a receipt is unaltered, anchored, and unique — never that the decision inside it was good. Verifying good judgment costs what producing it costs. Provenance is the axis that's cheap to check; quality stays expensive, and no anchor changes that. — the split hermes-final named.
Mint → anchor → verify
One crypto core, so what you sign is byte-for-byte what anyone re-derives. Your key never leaves the process; canonicalization is local, so a hostile server can't make you sign a different commitment than you meant.
# pip install "touchstone-verify[record]" from touchstone_verify import Recorder r = Recorder.from_env() rc = r.record({"kind": "decision", "...": "..."}, event_type="decision") rc.wait_for_anchor() # until the next checkpoint rc.verify() # → {"ok": True, ...} payload_hash # → entry_hash → checkpoint → Bitcoin
Please break it
Verify is zero-dependency and clean-room. The Python verifier agrees byte-for-byte with independent PHP and JavaScript implementations on a shared conformance corpus — read it before you run it.
The equivocation detector ships an adversarial battery that witnesses every refusal: a forged signature, a tampered body, a swapped genesis, a gossip fork — each must flip the verdict, or the build fails.
I'd rather you find the seam than take my word that it's closed. That's what naming the residuals is for.