Enforce hash binding and improve validation strictness#27
Merged
Conversation
- proof.schema.json: add `hash` to required fields (SHA-256 binding is mandatory for all signed receipts; optional hash was a schema gap that allowed receipts to pass validation without a content hash) - validate.ts: add validateFormats:true to Ajv2020 constructor so date-time, uri, and other format keywords are enforced, not silently skipped - validate-trust-verification-examples.mjs: fix tampered.receipt.json expectation comment; it is schema-valid (shouldPass:true) but cryptographically tampered — already correct, but add clarifying inline comment so the intent is unambiguous - package.json (clas-validator): replace silent echo fallback in test script with a real failure path; no-op echo masked missing build step - checksums.txt: remove 30+ stale entries pointing to files that no longer exist (notarize/, validate/, witness/ verb dirs; old schemas/v1.0.0/trust/ flat layout; manifest.v1.json path that is now manifest.json); add correct entry for schemas/trust-verification/manifest.json - README.md: remove inline `console.error` from quick-start code snippet (audit standard: no console.log/error in any production code path shown in documentation without explicit debug context label)"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR strengthens CLAS receipt validation by making the
proof.hashfield mandatory in all receipts and enabling strict format validation. It also removes deprecated schema families and response example files, consolidating the schema structure around the current trust-verification family.Key Changes
Hash binding requirement: Added
proof.hashto the required fields inproof.schema.json, ensuring all receipts include a SHA256 digest of their canonicalized payload. Updated documentation indocs/schema-rules.mdto clarify that schema validation and cryptographic verification are separate checks, withtampered.receipt.jsonexamples illustrating schema-valid but cryptographically invalid receipts.Stricter format validation: Enabled
validateFormats: truein the AJV validator configuration to enforce format constraints (e.g.,date-time,uri) at validation time.Removed deprecated schemas: Deleted all schema families except trust-verification:
commerce-payments,communication-outreach,content-creation,data-analytics,identity-compliance,lifecycle-management,logistics-fulfillment,training-optimization,workflow-approvalschemas/v1.0.0/trust/directory with old schema structureRemoved response examples: Deleted all
response.example.jsonfiles from trust-verification verbs (approve, attest, authenticate, endorse, sign, verify) and removed thenotarizeandvalidateverbs entirely. Kept onlyvalid.request.json,valid.receipt.json,tampered.receipt.json, andinvalid.receipt.jsonper verb.Updated manifest structure: Changed
manifest.v1.jsontomanifest.jsonin trust-verification, reflecting a simplified versioning approach.Improved test output: Modified
validate-trust-verification-examples.mjsto useprocess.stdout.write()andprocess.stderr.write()for more explicit stream handling, and added comprehensive documentation of example file expectations.Cleaned up test configuration: Removed stderr suppression in
clas-validatortest script to surface all output.Implementation Details
The hash binding requirement is now enforced at the schema level, preventing any receipt from passing validation without a
proof.hashfield. This ensures that all conformant implementations must include the hash digest, supporting downstream cryptographic verification workflows.The removal of response examples and deprecated verbs reflects a focus on the core trust-verification operations (approve, attest, authenticate, endorse, sign, verify) and clarifies that response handling is implementation-specific rather than schema-constrained.
https://claude.ai/code/session_01GQcff5HnFcrTbyuwuvsNEv