verify_trustatom
Verify the integrity of TrustAtom receipts by confirming Ed25519 signatures are authentic and receipts haven't been tampered with for compliance and auditing.
Instructions
Verify the integrity of an existing TrustAtom receipt. Confirms the Ed25519 signature is authentic and the receipt hasn't been tampered with.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| receipt_id | Yes | The TrustAtom receipt ID (e.g., ta_01hx9k...) |
Implementation Reference
- src/sign.ts:175-201 (handler)The core logic that verifies the Ed25519 signature of a TrustAtom receipt.
export function verifyTrustAtom( receipt: TrustAtomReceipt, ): VerifyResult { try { const sig = naclUtil.decodeBase64(receipt.signature_b64); const pubKey = naclUtil.decodeBase64(receipt.public_key_b64); const msg = naclUtil.decodeUTF8(receipt.evidence_hash); const valid = nacl.sign.detached.verify(msg, sig, pubKey); return { valid, reason: valid ? "Ed25519 signature verified — receipt is authentic" : "Signature mismatch — receipt may have been tampered with", receipt_id: receipt.id, public_key_b64: receipt.public_key_b64, }; } catch (e: unknown) { return { valid: false, reason: `Verification failed: ${e instanceof Error ? e.message : String(e)}`, receipt_id: receipt.id, public_key_b64: receipt.public_key_b64, }; } } - src/server.ts:193-217 (registration)The MCP tool handler case for "verify_trustatom" in src/server.ts, which calls the verification logic.
case "verify_trustatom": { const receiptId = String(args?.receipt_id ?? ""); const found = ledger.find((r) => r.id === receiptId); if (!found) { return { content: [ { type: "text", text: JSON.stringify({ valid: false, reason: `Receipt ${receiptId} not found in ledger`, }), }, ], }; } const result = verifyTrustAtom(found); return { content: [ { type: "text", text: JSON.stringify(result, null, 2), },