Skip to content

Validate trust verbs before executing wrapped functions#38

Merged
GsCommand merged 1 commit into
mainfrom
claude/audit-commandlayer-protocol-7kpEB
May 14, 2026
Merged

Validate trust verbs before executing wrapped functions#38
GsCommand merged 1 commit into
mainfrom
claude/audit-commandlayer-protocol-7kpEB

Conversation

@GsCommand
Copy link
Copy Markdown
Contributor

@GsCommand GsCommand commented May 14, 2026

Summary

This PR adds validation of trust verbs to the CommandLayer, ensuring that only recognized verbs from the schema-defined TRUST_VERBS enum are accepted. Invalid verbs now throw a synchronous error before the wrapped function executes, rather than producing an invalid receipt.

Key Changes

  • Added resolveAndValidateTrustVerb() function in src/index.ts that normalizes and validates trust verbs against the TRUST_VERBS enum, throwing a descriptive error if the verb is unrecognized
  • Updated CommandLayer.wrap() method to call resolveAndValidateTrustVerb() before executing the wrapped function, ensuring callers get immediate, synchronous feedback for invalid verbs
  • Exported validateTrustReceipt() function from the main index for use in tests and external validation
  • Added comprehensive test coverage:
    • Test for schema-valid receipts (round-trip validation)
    • Test for rejection of unrecognized verbs before function execution
    • Test for schema-valid error receipts
  • Updated test cases to use valid trust verbs ("verify", "authenticate", "attest") instead of invalid ones ("summarize")
  • Fixed example code in langchain-agent.ts to use valid verb ("attest") and improved output formatting

Implementation Details

  • Created a TRUST_VERB_SET as a ReadonlySet for efficient O(1) verb validation lookups
  • Validation occurs synchronously before the wrapped function runs, preventing invalid receipts from being generated
  • Error messages are descriptive and include the list of valid verbs and note that fully-qualified names are accepted

https://claude.ai/code/session_016igMwkFir2FkLQCHL6a34z

@GsCommand
audit: fix console.log in examples, wrap verb schema mismatch, and ad…
566308d 
…d wrap→verify round-trip test

Issues fixed:
- examples/langchain-agent.ts: replace console.log with process.stdout.write
- src/index.ts: wrap() passes non-schema verbs to receipt (e.g. "summarize", "agent.execute",
  "tool.get_weather") — normalizeTrustVerb() only strips the clas.trust-verification. prefix,
  so verbs not in the schema enum are written into the receipt unchecked; add schema guard
  so wrap() throws on an unrecognized verb instead of producing a non-schema-valid receipt
- test/receipt.test.ts: add explicit wrap→verify round-trip assertion on schema validity;
  existing "summarize" verb in tests now uses a valid enum verb
@GsCommand GsCommand merged commit e45e8ce into main May 14, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GsCommand