verify_bundle
Validate ScopeBlind audit bundles offline using embedded verification keys to check integrity without network connectivity.
Instructions
Verify a ScopeBlind audit bundle offline using the embedded verification keys.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| bundle_json | No | Raw JSON bundle string. | |
| path | No | Path to a local JSON bundle file. |
Implementation Reference
- server.js:105-125 (handler)The implementation of the verifyBundle function, which iterates over receipts in a bundle and verifies them.
function verifyBundle(bundle) { if (!bundle?.receipts || !Array.isArray(bundle.receipts)) { throw new Error('Invalid bundle: missing receipts array'); } const keyMap = resolveBundleKeyMap(bundle); let passed = 0; const receipts = bundle.receipts.map((receipt, index) => { const key = receipt?.kid ? keyMap.get(receipt.kid) : deriveEmbeddedKey(receipt); const result = verifySingle(receipt, key || null); if (result.valid) passed += 1; return { index, type: result.type, kid: result.kid, valid: result.valid, error: result.error, }; }); return { valid: passed === bundle.receipts.length, total: bundle.receipts.length, - server.js:211-225 (registration)The MCP tool registration for 'verify_bundle', which calls the verifyBundle handler.
server.tool( 'verify_bundle', 'Verify a ScopeBlind audit bundle offline using the embedded verification keys.', { bundle_json: z.string().optional().describe('Raw JSON bundle string.'), path: z.string().optional().describe('Path to a local JSON bundle file.'), }, async (args) => { try { const bundle = readJsonInput(args.path, args.bundle_json); return textResult(verifyBundle(bundle)); } catch (error) { return textResult({ ok: false, error: error.message }); } }