bundle

package

v0.0.0-release-dryrun.9 Latest Latest Go to latest Published: May 19, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/intentproof/intentproof-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package bundle implements creation and verification of IntentProof .proof.tar.zst bundles. A bundle is a tamper-evident archive containing a flow, its events, attestations, policy, run, and certificate, plus a signed manifest that binds them together via Merkle roots.

Index ¶

func Create(w io.Writer, opts CreateOptions) error
type Bundle
type CreateOptions
type Manifest
type ManifestEntry
type SignatureEnvelope
type VerifyResult
- func Verify(r io.Reader, pubkey []byte) (*VerifyResult, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Create ¶

func Create(w io.Writer, opts CreateOptions) error

Create builds a bundle and writes it to the given writer as a tar.zst stream.

Types ¶

type Bundle ¶

type Bundle struct {
	Manifest       *Manifest
	Flow           map[string]interface{}
	Events         []map[string]interface{}
	Attestations   []map[string]interface{}
	Policy         map[string]interface{}
	Run            map[string]interface{}
	Certificate    map[string]interface{}
	InclusionProof []string
	PublicKeys     map[string][]byte
	RawFiles       map[string][]byte // extracted raw bytes for integrity checks
}

Bundle holds the in-memory representation of an extracted bundle.

type CreateOptions ¶

type CreateOptions struct {
	BundleID          string
	FlowID            string
	TenantID          string
	FlowJSON          []byte
	EventsJSONL       []byte
	AttestationsJSONL []byte
	PolicyJSON        []byte
	RunJSON           []byte
	CertificateJSON   []byte
	InclusionProof    []byte
	PublicKeys        map[string][]byte
	CreatedAt         time.Time
	Signer            func([]byte) (*SignatureEnvelope, error)
}

CreateOptions holds the inputs needed to build a bundle.

type Manifest ¶

type Manifest struct {
	Schema      string             `json:"schema"`
	BundleID    string             `json:"bundle_id"`
	CreatedAt   string             `json:"created_at"`
	FlowID      string             `json:"flow_id"`
	TenantID    string             `json:"tenant_id"`
	Files       []ManifestEntry    `json:"files"`
	EventMerkle string             `json:"event_merkle_root"`
	AttMerkle   string             `json:"attestation_merkle_root"`
	Signature   *SignatureEnvelope `json:"signature,omitempty"`
}

Manifest is the canonical bundle manifest. It is signed by the platform and included in the bundle as manifest.json.

type ManifestEntry ¶

type ManifestEntry struct {
	Path string `json:"path"`
	SHA  string `json:"sha256"`
}

type SignatureEnvelope ¶

type SignatureEnvelope struct {
	Alg   string `json:"alg"`
	KeyID string `json:"key_id"`
	Value string `json:"value"`
}

type VerifyResult ¶

type VerifyResult struct {
	Status   string   `json:"status"` // "pass", "fail", "inconclusive"
	Reason   string   `json:"reason"`
	Findings []string `json:"findings"`
}

VerifyResult is the output of bundle verification.

func Verify ¶

func Verify(r io.Reader, pubkey []byte) (*VerifyResult, error)

Verify reads a bundle from the given reader and performs full verification.

Source Files ¶

View all Source files

bundle.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL