Documentation
¶
Overview ¶
Package verifier implements result verification for SEMI-trust nodes.
Constitution §CLAUDE-1 (anti-bluff): SEMI-trust results are never accepted on face value; they must be proven correct by an independent trusted executor before the controller forwards them downstream.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrMismatch = errors.New("verifier: result mismatch — SEMI node output rejected")
ErrMismatch is returned when a SEMI node's result does not match the trusted recomputation. It is a typed sentinel so callers can errors.Is-check it.
Functions ¶
This section is empty.
Types ¶
type Job ¶
type Job struct {
// ID is an opaque label used in log records (e.g. "task-42").
ID string
// Input is the byte payload passed to the executor.
Input []byte
}
Job is a deterministic compute unit: a pure function from []byte input to []byte output whose result must be reproducible by any trusted executor.
The executor registered with New receives the entire Job so it can use any field (ID, Input, or future extensions). Fn is optional; callers that wire a single shared executor can leave it nil.
type MismatchRecord ¶
type MismatchRecord struct {
RunID string // per-call UUID
JobID string // job identifier
TrustLevel string // always "SEMI" in current use
NodeID string // reporting node identifier
SemiHash string // sha256 of the SEMI-submitted result
TrustedHash string // sha256 of the trusted recomputation
At time.Time // wall-clock timestamp of the rejection
}
MismatchRecord is persisted to the log when a SEMI node's result is rejected. The RunID is a per-call UUID so replayed log records cannot be confused with the current rejection.
func (MismatchRecord) String ¶
func (m MismatchRecord) String() string
String renders a human-readable mismatch record for log output.
type Option ¶
type Option func(*Verifier)
Option is a functional option for Verifier.
func WithMismatchLogger ¶
func WithMismatchLogger(fn func(r MismatchRecord)) Option
WithMismatchLogger replaces the default log.Printf mismatch sink with a custom receiver. Tests inject a recorder here to assert the logged UUID.
type Verifier ¶
type Verifier struct {
// contains filtered or unexported fields
}
Verifier gates results from SEMI-trust nodes using a trusted re-executor.
Usage:
v := New(trustedExecutor)
if err := v.VerifyResult(job, semiResult, console.TrustSemi, "node-7"); err != nil {
// err wraps ErrMismatch — the result is rejected
}
func New ¶
New creates a Verifier backed by the given trusted executor function. executor must be deterministic: the same Job must always produce the same output. Panics if executor is nil.
func (*Verifier) VerifyResult ¶
func (v *Verifier) VerifyResult( job Job, result []byte, trustLevel console.TrustLevel, nodeID string, ) error
VerifyResult checks result according to trustLevel:
- TrustFull: accepted without verification (bypass).
- TrustSemi: result is verified against a trusted recomputation via sha256 checksum comparison. A mismatch emits a MismatchRecord (UUID-tagged) and returns an error wrapping ErrMismatch.
- TrustUntrusted: always rejected (unconditional ErrMismatch).
nodeID identifies the reporting node and is embedded in the MismatchRecord.
Source Files