verify_attestation
Confirm pentest authenticity by verifying blockchain-anchored attestations using their hash to ensure tests were performed and results are genuine.
Instructions
Verify a blockchain-anchored pentest attestation by its hash. This is a public endpoint — no API key required. Use this to confirm that a pentest was actually performed and its results are authentic.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| hash | Yes | The attestation hash to verify |
Implementation Reference
- src/tools/verify-attestation.ts:18-74 (handler)The handler function that executes the logic for 'verify_attestation', including calling the client and formatting the response.
async ({ hash }) => { try { const data = await client.getAttestation(hash); const a = data.attestation; const lines = [ `Attestation: ${hash}`, `Verified: ${data.verified ? "YES (blockchain-anchored)" : "PENDING (not yet anchored)"}`, "", "--- Scan Details ---", ` Tier: ${a.creditTier}`, ` Agents: ${a.agentCount}`, ` Agent Hours: ${a.agentHours}`, ` Duration: ${a.durationMin} minutes`, ` Tools Run: ${a.toolsRun}`, ` Risk Score: ${a.riskScore}`, ` Completed: ${a.completedAt}`, ]; if (a.findingSummary) { const summary = a.findingSummary as Record<string, number>; lines.push( "", " Findings:", ` Critical: ${summary.critical || 0}`, ` High: ${summary.high || 0}`, ` Medium: ${summary.medium || 0}`, ` Low: ${summary.low || 0}`, ` Info: ${summary.info || 0}`, ); } if (data.anchor) { lines.push( "", "--- Blockchain Proof ---", ` Chain ID: ${data.anchor.chainId}`, ` TX Hash: ${data.anchor.txHash}`, ` Block: ${data.anchor.blockNumber}`, ` Merkle Root: ${data.anchor.rootHash}`, ); } return { content: [{ type: "text" as const, text: lines.join("\n") }] }; } catch (error) { const message = error instanceof Error ? error.message : String(error); return { content: [ { type: "text" as const, text: `Failed to verify attestation: ${message}`, }, ], isError: true, }; } }, - Input schema definition for the 'verify_attestation' tool.
inputSchema: z.object({ hash: z.string().describe("The attestation hash to verify"), }), - src/tools/verify-attestation.ts:5-75 (registration)Registration function for the 'verify_attestation' tool.
export function registerVerifyAttestation(server: McpServer, client: TurboPentestClient): void { server.registerTool( "verify_attestation", { title: "Verify Attestation", description: "Verify a blockchain-anchored pentest attestation by its hash. " + "This is a public endpoint — no API key required. " + "Use this to confirm that a pentest was actually performed and its results are authentic.", inputSchema: z.object({ hash: z.string().describe("The attestation hash to verify"), }), }, async ({ hash }) => { try { const data = await client.getAttestation(hash); const a = data.attestation; const lines = [ `Attestation: ${hash}`, `Verified: ${data.verified ? "YES (blockchain-anchored)" : "PENDING (not yet anchored)"}`, "", "--- Scan Details ---", ` Tier: ${a.creditTier}`, ` Agents: ${a.agentCount}`, ` Agent Hours: ${a.agentHours}`, ` Duration: ${a.durationMin} minutes`, ` Tools Run: ${a.toolsRun}`, ` Risk Score: ${a.riskScore}`, ` Completed: ${a.completedAt}`, ]; if (a.findingSummary) { const summary = a.findingSummary as Record<string, number>; lines.push( "", " Findings:", ` Critical: ${summary.critical || 0}`, ` High: ${summary.high || 0}`, ` Medium: ${summary.medium || 0}`, ` Low: ${summary.low || 0}`, ` Info: ${summary.info || 0}`, ); } if (data.anchor) { lines.push( "", "--- Blockchain Proof ---", ` Chain ID: ${data.anchor.chainId}`, ` TX Hash: ${data.anchor.txHash}`, ` Block: ${data.anchor.blockNumber}`, ` Merkle Root: ${data.anchor.rootHash}`, ); } return { content: [{ type: "text" as const, text: lines.join("\n") }] }; } catch (error) { const message = error instanceof Error ? error.message : String(error); return { content: [ { type: "text" as const, text: `Failed to verify attestation: ${message}`, }, ], isError: true, }; } }, );