#!/usr/bin/env python3 """Validate local Telegram capture structure without authenticating live delivery.""" from __future__ import annotations import argparse import hashlib import json import re import struct import zlib from datetime import datetime, timezone from itertools import pairwise from pathlib import Path from typing import Any from urllib.parse import urlparse try: import build_telegram_visible_unseen_chain_packet as packet_builder import collect_telegram_visible_unseen_chain_state as state_collector import verify_leo_unseen_reasoning_chain as unseen except ImportError: # pragma: no cover - imported as scripts.* in tests from scripts import build_telegram_visible_unseen_chain_packet as packet_builder from scripts import collect_telegram_visible_unseen_chain_state as state_collector from scripts import verify_leo_unseen_reasoning_chain as unseen SCHEMA = "livingip.telegramVisibleUnseenChainReceipt.v3" CAPTURE_SCHEMA = "livingip.telegramVisibleUnseenChainCapture.v1" BROWSER_PROVENANCE_SCHEMA = "livingip.authenticatedChromeTelegramCaptureProvenance.v1" SHA64_RE = re.compile(r"^[0-9a-f]{64}$") MIN_SCREENSHOT_WIDTH = 320 MIN_SCREENSHOT_HEIGHT = 200 PREPARATION_STATUS = "prepared_external_receipt_required" PREPARATION_TIER = "T0_local_preparation" FAILED_PREPARATION_TIER = "T0_failed_preparation" DEFAULT_CODEX_SESSIONS_ROOT = Path.home() / ".codex" / "sessions" REPORT_DIR = Path("docs/reports/leo-working-state-20260709") DEFAULT_PACKET = packet_builder.DEFAULT_OUT DEFAULT_PREFLIGHT = REPORT_DIR / "telegram-visible-unseen-chain-preflight-current.json" DEFAULT_POSTFLIGHT = REPORT_DIR / "telegram-visible-unseen-chain-postflight-current.json" DEFAULT_OUT = REPORT_DIR / "telegram-visible-unseen-chain-capture-receipt-current.json" DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-unseen-chain-capture-receipt-current.md" def _load_json(path: Path) -> dict[str, Any]: return json.loads(path.read_text(encoding="utf-8")) def _sha256_file(path: Path) -> str: return hashlib.sha256(path.read_bytes()).hexdigest() def _present(value: Any) -> bool: if value is None: return False if isinstance(value, str): return bool(value.strip()) if isinstance(value, (dict, list)): return bool(value) return True def _preparation_only_fields(*, preparation_ready: bool) -> dict[str, Any]: return { "verification_scope": "caller_writable_preparation_structure", "preparation_ready": preparation_ready, "receipt_ready": False, "current_tier": PREPARATION_TIER if preparation_ready else FAILED_PREPARATION_TIER, "required_tier": "T3_live_readonly", "telegram_visible_messages_sent": False, "live_receipt_boundary": { "required": True, "verified": False, "accepted_by_this_api": False, "authority": "independently_authenticated_platform_browser_receipt", "local_inputs_are": "caller_writable_preparation_evidence", }, } def blank_capture_template(packet: dict[str, Any], preflight: dict[str, Any]) -> dict[str, Any]: target = packet.get("target") or {} return { "schema": CAPTURE_SCHEMA, "protocol_sha256": packet.get("protocol_sha256"), "preflight_state_token_sha256": preflight.get("state_token_sha256"), "operator_authorization_text": packet.get("explicit_operator_authorization_text"), "operator_authorization_captured_at_utc": "", "extra_messages_sent": 0, "capture_source": { "platform": "telegram", "transport": "authenticated_chrome_telegram_ui", "chat_label": target.get("chat_label"), "chat_id": target.get("chat_id"), "captured_at_utc": "", "captured_by": "", "final_screenshot": "", "final_accessibility": "", "browser_provenance": "", "final_capture_reuses_turn_3": False, "final_capture_reuse_reason": "", }, "messages": [ { "sequence": item["sequence"], "prompt_id": item["prompt_id"], "sent_text": item["message"], "reply": "", "sent_at_utc": "", "reply_at_utc": "", "telegram_message_id": "", "reply_message_id": "", "turn_screenshot": "", "turn_accessibility": "", } for item in packet.get("exact_messages", []) ], } def _resolve_evidence(path_value: str, evidence_root: Path) -> dict[str, Any]: root = evidence_root.resolve() if not path_value.strip(): return { "path": path_value, "exists": False, "contained_in_evidence_root": False, "bytes": 0, "sha256": "", } path = Path(path_value) if not path.is_absolute(): path = root / path resolved = path.resolve() contained = resolved == root or root in resolved.parents exists = contained and resolved.is_file() return { "path": str(resolved), "exists": exists, "contained_in_evidence_root": contained, "bytes": resolved.stat().st_size if exists else 0, "sha256": _sha256_file(resolved) if exists else "", } def _inspect_png(evidence: dict[str, Any]) -> dict[str, Any]: metadata: dict[str, Any] = { "valid_png": False, "width": 0, "height": 0, "bit_depth": 0, "color_type": -1, "crc_valid": False, "pixel_data_valid": False, } if not evidence.get("exists"): return metadata data = Path(str(evidence["path"])).read_bytes() if not data.startswith(b"\x89PNG\r\n\x1a\n"): return metadata offset = 8 chunks: list[tuple[bytes, bytes]] = [] crc_valid = True while offset + 12 <= len(data): length = struct.unpack(">I", data[offset : offset + 4])[0] chunk_end = offset + 12 + length if chunk_end > len(data): return metadata chunk_type = data[offset + 4 : offset + 8] payload = data[offset + 8 : offset + 8 + length] expected_crc = struct.unpack(">I", data[offset + 8 + length : chunk_end])[0] crc_valid = crc_valid and (zlib.crc32(chunk_type + payload) & 0xFFFFFFFF) == expected_crc chunks.append((chunk_type, payload)) offset = chunk_end if chunk_type == b"IEND": break if not chunks or chunks[0][0] != b"IHDR" or len(chunks[0][1]) != 13: return metadata if chunks[-1][0] != b"IEND" or offset != len(data): return metadata width, height, bit_depth, color_type, compression, filtering, interlace = struct.unpack(">IIBBBBB", chunks[0][1]) idat = b"".join(payload for chunk_type, payload in chunks if chunk_type == b"IDAT") channels = {2: 3, 6: 4}.get(color_type) pixel_data_valid = False if idat and channels and bit_depth == 8 and compression == 0 and filtering == 0 and interlace == 0: try: pixels = zlib.decompress(idat) except zlib.error: pixels = b"" expected_size = height * (1 + width * channels) pixel_data_valid = len(pixels) == expected_size metadata.update( { "width": width, "height": height, "bit_depth": bit_depth, "color_type": color_type, "crc_valid": crc_valid, "pixel_data_valid": pixel_data_valid, "valid_png": crc_valid and pixel_data_valid and width >= MIN_SCREENSHOT_WIDTH and height >= MIN_SCREENSHOT_HEIGHT, } ) return metadata def _parse_aware_timestamp(value: Any) -> datetime | None: if not isinstance(value, str) or not value.strip(): return None candidate = value.strip() if candidate.endswith("Z"): candidate = candidate[:-1] + "+00:00" try: parsed = datetime.fromisoformat(candidate) except ValueError: return None if parsed.tzinfo is None or parsed.utcoffset() is None: return None return parsed def _all_true_section(value: Any, *, allow_empty: bool = False) -> bool: if not isinstance(value, dict): return False return (allow_empty or bool(value)) and all(item is True for item in value.values()) def _state_artifact_checks( artifact: dict[str, Any], *, phase: str, packet: dict[str, Any], packet_path: Path, ) -> dict[str, bool]: baseline_checks_required = phase == "postflight" return { f"{phase}_schema_supported": artifact.get("schema") == state_collector.SCHEMA, f"{phase}_status_and_phase_pass": artifact.get("status") == "pass" and artifact.get("phase") == phase, f"{phase}_packet_checks_all_pass": _all_true_section(artifact.get("packet_checks")), f"{phase}_remote_checks_all_pass": _all_true_section(artifact.get("remote_checks")), f"{phase}_baseline_checks_all_pass": _all_true_section( artifact.get("baseline_checks"), allow_empty=not baseline_checks_required ), f"{phase}_state_token_derivation_valid": state_collector.state_token_is_valid(artifact), f"{phase}_packet_file_hash_bound": artifact.get("packet_file_sha256") == _sha256_file(packet_path), f"{phase}_protocol_bound": artifact.get("protocol_sha256") == packet.get("protocol_sha256"), f"{phase}_manifest_bound": artifact.get("manifest_binding") == packet.get("manifest_binding"), } def _capture_messages(capture: dict[str, Any]) -> list[dict[str, Any]]: messages = capture.get("messages") return [item for item in messages if isinstance(item, dict)] if isinstance(messages, list) else [] def _normalized_text(value: str) -> str: return re.sub(r"\s+", " ", value).strip().casefold() def _accessibility_binds_message(evidence: dict[str, Any], *, sent_text: str, reply: str) -> bool: if not evidence.get("exists") or not evidence.get("path"): return False text = Path(str(evidence["path"])).read_text(encoding="utf-8", errors="replace") normalized = _normalized_text(text) return _normalized_text(sent_text) in normalized and _normalized_text(reply) in normalized def _artifact_hash_manifest( *, final_screenshot: dict[str, Any], final_accessibility: dict[str, Any], turn_evidence: list[dict[str, Any]], ) -> dict[str, Any]: return { "final_screenshot": final_screenshot.get("sha256"), "final_accessibility": final_accessibility.get("sha256"), "turn_screenshots": [item["screenshot"].get("sha256") for item in turn_evidence], "turn_accessibility": [item["accessibility"].get("sha256") for item in turn_evidence], } def _browser_provenance_checks( evidence: dict[str, Any], *, packet: dict[str, Any], preflight: dict[str, Any], capture: dict[str, Any], capture_source: dict[str, Any], messages: list[dict[str, Any]], artifact_hashes: dict[str, Any], ) -> tuple[dict[str, bool], dict[str, Any]]: provenance: dict[str, Any] = {} if evidence.get("exists"): try: value = _load_json(Path(str(evidence["path"]))) except (OSError, UnicodeDecodeError, json.JSONDecodeError): value = {} if isinstance(value, dict): provenance = value browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {} authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {} telegram = provenance.get("telegram") if isinstance(provenance.get("telegram"), dict) else {} provider_ids = [ str(browser.get(key) or "") for key in ("browser_id", "session_id", "tab_id", "provider_capture_id") ] packet_serialized = json.dumps(packet, sort_keys=True) provenance_serialized = json.dumps(provenance, sort_keys=True) capture_serialized = json.dumps(capture, sort_keys=True) target = packet.get("target") if isinstance(packet.get("target"), dict) else {} page_url = str(browser.get("page_url") or "") parsed_url = urlparse(page_url) expected_message_ids = [str(item.get("telegram_message_id") or "") for item in messages] expected_reply_ids = [str(item.get("reply_message_id") or "") for item in messages] authorization_text = str(capture.get("operator_authorization_text") or "") checks = { "browser_provenance_file_present_and_contained": evidence.get("exists") is True and evidence.get("contained_in_evidence_root") is True, "browser_provenance_schema_supported": provenance.get("schema") == BROWSER_PROVENANCE_SCHEMA, "browser_provenance_status_and_checks_pass": provenance.get("status") == "pass" and _all_true_section(provenance.get("checks")), "browser_provenance_channel_is_chrome_extension": provenance.get("capture_channel") == "codex_chrome_extension" and browser.get("browser_type") == "extension", "browser_provenance_sha256_not_self_declared": bool(evidence.get("sha256")) and evidence.get("sha256") not in capture_serialized and evidence.get("sha256") not in provenance_serialized, "browser_provenance_challenge_and_protocol_bound": provenance.get("capture_challenge_nonce") == preflight.get("capture_challenge_nonce") and provenance.get("protocol_sha256") == packet.get("protocol_sha256"), "browser_provider_identifiers_present_and_not_from_packet": all( len(value) >= 8 and value not in packet_serialized for value in provider_ids ) and len(set(provider_ids)) == len(provider_ids), "browser_observed_telegram_web_origin": parsed_url.scheme == "https" and parsed_url.hostname == "web.telegram.org" and str(target.get("chat_id") or "") in page_url, "browser_observed_exact_chat_identity": telegram.get("chat_id") == target.get("chat_id") and telegram.get("chat_label") == target.get("chat_label") and str(target.get("chat_label") or "").casefold() in str(browser.get("page_title") or "").casefold(), "browser_observed_exact_message_and_reply_ids": telegram.get("message_ids") == expected_message_ids and telegram.get("reply_ids") == expected_reply_ids, "browser_provenance_artifact_hashes_exact": provenance.get("artifacts") == artifact_hashes, "browser_provenance_capture_timestamp_bound": browser.get("captured_at_utc") == capture_source.get("captured_at_utc"), "authorization_provenance_claim_has_codex_user_message_shape": authorization.get("source") == "codex_platform_user_message" and all( len(str(authorization.get(key) or "")) >= 8 for key in ("thread_id", "user_message_id", "source_receipt_id") ), "authorization_provenance_hash_and_timestamp_bound": authorization.get("text_sha256") == hashlib.sha256(authorization_text.encode("utf-8")).hexdigest() and authorization.get("captured_at_utc") == capture.get("operator_authorization_captured_at_utc"), "authorization_text_not_copied_into_provenance": bool(authorization_text) and authorization_text not in provenance_serialized, } return checks, provenance def _local_codex_rollout_structure_checks( rollout_path: Path | None, *, sessions_root: Path, evidence_root: Path, packet: dict[str, Any], capture: dict[str, Any], provenance: dict[str, Any], provenance_evidence: dict[str, Any], artifact_hashes: dict[str, Any], messages: list[dict[str, Any]], ) -> tuple[dict[str, bool], dict[str, Any]]: # Codex session JSONL is same-user writable. These checks establish internal # consistency for external review, never an independently authenticated receipt. root = sessions_root.resolve() resolved = rollout_path.resolve() if rollout_path is not None else Path() contained = bool(rollout_path) and resolved.is_file() and root in resolved.parents outside_evidence_root = bool(rollout_path) and evidence_root.resolve() not in resolved.parents events: list[dict[str, Any]] = [] jsonl_valid = contained if contained: try: with resolved.open(encoding="utf-8") as handle: for line in handle: if not line.strip(): continue value = json.loads(line) if not isinstance(value, dict): jsonl_valid = False continue events.append(value) except (OSError, UnicodeDecodeError, json.JSONDecodeError): jsonl_valid = False events = [] operator_context = packet.get("operator_context") if isinstance(packet.get("operator_context"), dict) else {} authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {} browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {} thread_id = str(operator_context.get("codex_thread_id") or "") authorization_text = str(capture.get("operator_authorization_text") or "") user_message_id = str(authorization.get("user_message_id") or "") matching_user_events: list[dict[str, Any]] = [] browser_events: dict[str, dict[str, Any]] = {} for event in events: payload = event.get("payload") if isinstance(event.get("payload"), dict) else {} if event.get("type") == "response_item" and payload.get("type") == "message" and payload.get("role") == "user": content = payload.get("content") if isinstance(payload.get("content"), list) else [] text = "".join( str(item.get("text") or "") for item in content if isinstance(item, dict) and item.get("type") == "input_text" ) metadata = ( payload.get("internal_chat_message_metadata_passthrough") if isinstance(payload.get("internal_chat_message_metadata_passthrough"), dict) else {} ) if text == authorization_text and metadata.get("turn_id") == user_message_id: matching_user_events.append(event) if event.get("type") == "event_msg" and payload.get("type") == "mcp_tool_call_end": call_id = str(payload.get("call_id") or "") if call_id: browser_events[call_id] = event user_event = matching_user_events[0] if len(matching_user_events) == 1 else {} session_meta_ids = [ str((event.get("payload") or {}).get("id") or "") for event in events if event.get("type") == "session_meta" and isinstance(event.get("payload"), dict) ] user_event_sha256 = ( hashlib.sha256(json.dumps(user_event, sort_keys=True, separators=(",", ":")).encode("utf-8")).hexdigest() if user_event else "" ) turn_call_ids = provenance.get("turn_capture_call_ids") turn_call_ids = [str(value) for value in turn_call_ids] if isinstance(turn_call_ids, list) else [] final_call_id = str(provenance.get("final_capture_call_id") or "") reuse_final = (capture.get("capture_source") or {}).get("final_capture_reuses_turn_3") is True call_id_shape_valid = ( len(turn_call_ids) == 3 and all(len(value) >= 8 for value in turn_call_ids) and len(set(turn_call_ids)) == 3 and len(final_call_id) >= 8 and ( (reuse_final and final_call_id == turn_call_ids[2]) or (not reuse_final and final_call_id not in turn_call_ids) ) ) expected_call_ids = set(turn_call_ids + ([final_call_id] if final_call_id else [])) selected_events = {call_id: browser_events.get(call_id, {}) for call_id in expected_call_ids} def browser_event_parts(event: dict[str, Any]) -> tuple[dict[str, Any], str, datetime | None]: payload = event.get("payload") if isinstance(event.get("payload"), dict) else {} result = payload.get("result") if isinstance(payload.get("result"), dict) else {} ok = result.get("Ok") if isinstance(result.get("Ok"), dict) else {} meta = ok.get("_meta") if isinstance(ok.get("_meta"), dict) else {} surface = meta.get("codex/toolSurface") if isinstance(meta.get("codex/toolSurface"), dict) else {} content = ok.get("content") if isinstance(ok.get("content"), list) else [] result_text = "\n".join( str(item.get("text") or "") for item in content if isinstance(item, dict) and item.get("type") == "text" ) return surface, result_text, _parse_aware_timestamp(event.get("timestamp")) event_parts = {call_id: browser_event_parts(event) for call_id, event in selected_events.items()} browser_id = str(browser.get("browser_id") or "") tab_id = str(browser.get("tab_id") or "") all_events_are_chrome = bool(expected_call_ids) and all( event and parts[0].get("backend") == "chrome" and parts[0].get("kind") == "browserUse" and parts[0].get("browserId") == browser_id and tab_id in (parts[0].get("openTabIds") or []) for call_id, event in selected_events.items() for parts in [event_parts[call_id]] ) all_events_invoked_capture_apis = ( bool(expected_call_ids) and all( event and "screenshot(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") and "domSnapshot(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") and ".url(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") and ".title(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") for event in selected_events.values() ) and len(selected_events) == len(expected_call_ids) ) turn_receipts_bound = len(turn_call_ids) == len(messages) == 3 and all( call_id in event_parts and all( value in event_parts[call_id][1] for value in ( artifact_hashes["turn_screenshots"][index], artifact_hashes["turn_accessibility"][index], str(message.get("telegram_message_id") or ""), str(message.get("reply_message_id") or ""), str(browser.get("page_url") or ""), str(browser.get("page_title") or ""), str((packet.get("target") or {}).get("chat_id") or ""), ) ) for index, (call_id, message) in enumerate(zip(turn_call_ids, messages, strict=True)) ) final_receipt_text = event_parts.get(final_call_id, ({}, "", None))[1] final_receipt_bound = bool(final_receipt_text) and all( value in final_receipt_text for value in ( str(artifact_hashes.get("final_screenshot") or ""), str(artifact_hashes.get("final_accessibility") or ""), str(provenance_evidence.get("sha256") or ""), *(str(item.get("telegram_message_id") or "") for item in messages), *(str(item.get("reply_message_id") or "") for item in messages), ) ) event_times = [event_parts.get(call_id, ({}, "", None))[2] for call_id in turn_call_ids] final_event_at = event_parts.get(final_call_id, ({}, "", None))[2] send_times = [_parse_aware_timestamp(item.get("sent_at_utc")) for item in messages] reply_times = [_parse_aware_timestamp(item.get("reply_at_utc")) for item in messages] browser_event_order_valid = all( value is not None for value in (*event_times, final_event_at, *send_times, *reply_times) ) if browser_event_order_valid: browser_event_order_valid = bool( reply_times[0] < event_times[0] < send_times[1] and reply_times[1] < event_times[1] < send_times[2] and reply_times[2] < event_times[2] and ( (reuse_final and final_event_at == event_times[2]) or (not reuse_final and event_times[2] < final_event_at) ) ) authorization_event_at = _parse_aware_timestamp(user_event.get("timestamp")) if user_event else None capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {} checks = { "codex_rollout_log_has_expected_local_sessions_shape": contained and thread_id in resolved.name, "codex_rollout_log_is_separate_from_evidence_root": outside_evidence_root, "codex_rollout_log_jsonl_valid": jsonl_valid and bool(events), "codex_rollout_session_meta_matches_thread": session_meta_ids == [thread_id], "codex_rollout_has_exact_single_authorization_event": len(matching_user_events) == 1, "codex_authorization_event_bound_to_provenance": authorization.get("thread_id") == thread_id and authorization.get("source_receipt_id") == user_event_sha256 and user_event.get("timestamp") == capture.get("operator_authorization_captured_at_utc"), "codex_rollout_capture_call_ids_valid": call_id_shape_valid, "codex_rollout_capture_events_are_chrome_backend": all_events_are_chrome, "codex_rollout_capture_events_invoked_screenshot_and_dom_snapshot": all_events_invoked_capture_apis, "codex_rollout_turn_receipts_bind_artifacts_and_telegram_ids": turn_receipts_bound, "codex_rollout_final_receipt_binds_provenance_artifacts_and_all_ids": final_receipt_bound, "codex_rollout_capture_event_order_valid": browser_event_order_valid, "codex_rollout_final_event_timestamp_bound": final_event_at is not None and capture_source.get("captured_at_utc") == (selected_events.get(final_call_id) or {}).get("timestamp") and browser.get("captured_at_utc") == (selected_events.get(final_call_id) or {}).get("timestamp"), "codex_rollout_authorization_timestamp_is_aware": authorization_event_at is not None, } evidence = { "path": str(resolved) if rollout_path else "", "sha256": _sha256_file(resolved) if contained else "", "thread_id": thread_id, "authorization_turn_id": user_message_id, "turn_capture_call_ids": turn_call_ids, "final_capture_call_id": final_call_id, "turn_capture_timestamps": [(selected_events.get(call_id) or {}).get("timestamp") for call_id in turn_call_ids], "final_capture_timestamp": (selected_events.get(final_call_id) or {}).get("timestamp"), } return checks, evidence def _timeline_checks( preflight: dict[str, Any], capture: dict[str, Any], postflight: dict[str, Any], provenance: dict[str, Any], messages: list[dict[str, Any]], ) -> tuple[dict[str, bool], dict[str, Any]]: capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {} browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {} authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {} preflight_at = _parse_aware_timestamp(preflight.get("generated_at_utc")) authorization_at = _parse_aware_timestamp(capture.get("operator_authorization_captured_at_utc")) send_times = [_parse_aware_timestamp(item.get("sent_at_utc")) for item in messages] reply_times = [_parse_aware_timestamp(item.get("reply_at_utc")) for item in messages] final_capture_at = _parse_aware_timestamp(capture_source.get("captured_at_utc")) postflight_at = _parse_aware_timestamp(postflight.get("generated_at_utc")) browser_capture_at = _parse_aware_timestamp(browser.get("captured_at_utc")) authorization_provenance_at = _parse_aware_timestamp(authorization.get("captured_at_utc")) timestamps = [ preflight_at, authorization_at, *send_times, *reply_times, final_capture_at, postflight_at, browser_capture_at, authorization_provenance_at, ] valid = len(messages) == 3 and all(value is not None for value in timestamps) strict_turn_order = False preflight_before_authorization = False authorization_before_first_send = False final_after_reply3 = False postflight_after_reply3 = False if valid: assert preflight_at is not None assert authorization_at is not None assert final_capture_at is not None assert postflight_at is not None ordered_turns = [ send_times[0], reply_times[0], send_times[1], reply_times[1], send_times[2], reply_times[2], ] strict_turn_order = all(left < right for left, right in pairwise(ordered_turns)) preflight_before_authorization = preflight_at < authorization_at authorization_before_first_send = authorization_at < send_times[0] final_after_reply3 = reply_times[2] < final_capture_at postflight_after_reply3 = reply_times[2] < postflight_at checks = { "timestamps_valid_and_timezone_aware": valid, "preflight_before_captured_authorization": preflight_before_authorization, "captured_authorization_before_first_send": authorization_before_first_send, "strict_send_reply_turn_order": strict_turn_order, "final_capture_after_third_reply": final_after_reply3, "postflight_after_third_reply": postflight_after_reply3, } timeline = { "preflight": preflight.get("generated_at_utc"), "authorization": capture.get("operator_authorization_captured_at_utc"), "turns": [ {"sent_at_utc": item.get("sent_at_utc"), "reply_at_utc": item.get("reply_at_utc")} for item in messages ], "final_capture": capture_source.get("captured_at_utc"), "postflight": postflight.get("generated_at_utc"), } return checks, timeline def _subject_match(postflight: dict[str, Any]) -> dict[str, Any]: subject = (postflight.get("remote") or {}).get("subject_readback") or {} matches = subject.get("matches") if isinstance(subject, dict) else [] return matches[0] if isinstance(matches, list) and len(matches) == 1 else {} def _semantic_checks(replies: list[str], *, subject_ref: str, subject_match: dict[str, Any]) -> dict[str, bool]: if len(replies) != 3: return { "visible_db_object_selected_without_operator_id": False, "visible_weak_support_explained": False, "same_subject_survived_challenge": False, "assumption_support_and_falsifier_separated": False, "multiple_review_only_candidates_proposed": False, "objection_revised_candidate": False, "resolving_source_named": False, "review_approval_apply_boundary_explicit": False, "reply_claimed_no_mutation": False, "independent_db_object_matches_visible_subject": False, } first, second, third = replies first_refs = unseen._short_refs(first) second_refs = unseen._short_refs(second) shared_terms = unseen._shared_subject_terms(first, second) selected = subject_ref[:8].casefold() if subject_ref else "" visible_subject = bool(selected and (selected in first.casefold() or selected in second.casefold())) same_subject = bool( visible_subject and ( (selected in first.casefold() and selected in second.casefold()) or first_refs & second_refs or len(shared_terms) >= 2 ) ) row = subject_match.get("row") if isinstance(subject_match.get("row"), dict) else {} row_id = str(row.get("id") or "").casefold() proposals = unseen._contains(second, "proposal a", "proposal b") or ( unseen._contains_any(second, "two proposals", "two replacement claims") and "1" in second and "2" in second ) return { "visible_db_object_selected_without_operator_id": unseen._contains_any(first, "claim", "belief", "axiom") and unseen._contains_any(first, "database", "db", "public.") and unseen._contains_any(first, "confidence", "support", "evidence"), "visible_weak_support_explained": unseen._contains_any( first, "nothing supports", "zero evidence", "no evidence", "no claim-evidence", "no_source_pointer", "no external primary source", ), "same_subject_survived_challenge": same_subject, "assumption_support_and_falsifier_separated": unseen._contains_any(second, "assumption") and unseen._contains_any(second, "observed support", "evidence") and unseen._contains_any(second, "falsifier", "counterexample", "would falsify"), "multiple_review_only_candidates_proposed": proposals and unseen._contains_any(second, "review", "staged", "proposal") and unseen._contains_any( second, "nothing applied", "not live knowledge", "staged only", "not an apply", ), "objection_revised_candidate": unseen._contains_any(third, "revised proposal", "revision") and unseen._contains(third, "mechanism", "outcome"), "resolving_source_named": unseen._contains_any( third, "what would resolve", "source would resolve", "evidence would resolve" ) and unseen._contains_any( third, "study", "dataset", "source", "randomized", "quasi-experimental", "replication", "ostrom", ), "review_approval_apply_boundary_explicit": unseen._contains_any( third, "review", "pending_review", "human review" ) and unseen._contains_any(third, "approve", "approved", "approval") and unseen._contains_any(third, "apply", "applied_at", "canonical"), "reply_claimed_no_mutation": unseen._contains_any( third, "not an apply", "nothing staged or changed", "canonical unchanged", "staged intent, not knowledge", "proposal (not an apply)", ), "independent_db_object_matches_visible_subject": bool( visible_subject and row_id and row_id.startswith(selected) ), } def verify_capture( packet: dict[str, Any], preflight: dict[str, Any], capture: dict[str, Any] | None, postflight: dict[str, Any] | None, *, packet_path: Path, evidence_root: Path, codex_rollout_log: Path | None = None, codex_sessions_root: Path | None = None, ) -> dict[str, Any]: if capture is None: packet_integrity = state_collector.packet_checks(packet) preflight_integrity = _state_artifact_checks( preflight, phase="preflight", packet=packet, packet_path=packet_path, ) ready = all(packet_integrity.values()) and all(preflight_integrity.values()) return { "schema": SCHEMA, "generated_at_utc": datetime.now(timezone.utc).isoformat(), "mode": "telegram_visible_unseen_chain_preparation_verifier", "status": "awaiting_action_time_authorization" if ready else "fail", **_preparation_only_fields(preparation_ready=ready), "mutates_db": False, "packet_path": str(packet_path), "preflight_path": str(DEFAULT_PREFLIGHT), "postflight_path": str(DEFAULT_POSTFLIGHT), "capture_template": blank_capture_template(packet, preflight), "checks": { **packet_integrity, **preflight_integrity, "action_time_authorization_present": False, "capture_present": False, "postflight_present": False, }, "claim_ceiling": { "proven": ( "The caller-supplied packet and preflight are structurally ready for external review." if ready else "No readiness claim; packet or preflight integrity validation failed." ), "not_proven": [ "independently authenticated platform or browser receipt", "Telegram-visible message delivery", "Telegram-visible Leo replies", "post-send fingerprint equality", ], }, } messages = _capture_messages(capture) expected = packet.get("exact_messages") or [] capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {} replies = [str(item.get("reply") or "") for item in messages] ids = [str(item.get("telegram_message_id") or "") for item in messages] reply_ids = [str(item.get("reply_message_id") or "") for item in messages] screenshot = _resolve_evidence(str(capture_source.get("final_screenshot") or ""), evidence_root) screenshot["png"] = _inspect_png(screenshot) accessibility = _resolve_evidence(str(capture_source.get("final_accessibility") or ""), evidence_root) turn_evidence = [ { "prompt_id": item.get("prompt_id"), "screenshot": _resolve_evidence(str(item.get("turn_screenshot") or ""), evidence_root), "accessibility": _resolve_evidence(str(item.get("turn_accessibility") or ""), evidence_root), } for item in messages ] for evidence in turn_evidence: evidence["screenshot"]["png"] = _inspect_png(evidence["screenshot"]) browser_provenance_evidence = _resolve_evidence(str(capture_source.get("browser_provenance") or ""), evidence_root) artifact_hashes = _artifact_hash_manifest( final_screenshot=screenshot, final_accessibility=accessibility, turn_evidence=turn_evidence, ) postflight = postflight or {} subject_ref = str(postflight.get("subject_ref") or "") subject_match = _subject_match(postflight) semantics = _semantic_checks(replies, subject_ref=subject_ref, subject_match=subject_match) pre_fingerprint = (preflight.get("remote") or {}).get("fingerprint_after") or {} post_fingerprint = (postflight.get("remote") or {}).get("fingerprint_after") or {} pre_service = (preflight.get("remote") or {}).get("service_after") or {} post_service = (postflight.get("remote") or {}).get("service_after") or {} service_keys = ("MainPID", "NRestarts", "ExecMainStartTimestamp") handler_binding = packet.get("handler_receipt_binding") or {} handler_path = Path(str(handler_binding.get("path") or "")) if not handler_path.is_absolute(): handler_path = evidence_root / handler_path expected_ids = [str(item.get("prompt_id") or "") for item in expected] actual_ids = [str(item.get("prompt_id") or "") for item in messages] packet_integrity = state_collector.packet_checks(packet) preflight_integrity = _state_artifact_checks( preflight, phase="preflight", packet=packet, packet_path=packet_path, ) postflight_integrity = _state_artifact_checks( postflight, phase="postflight", packet=packet, packet_path=packet_path, ) browser_checks, browser_provenance = _browser_provenance_checks( browser_provenance_evidence, packet=packet, preflight=preflight, capture=capture, capture_source=capture_source, messages=messages, artifact_hashes=artifact_hashes, ) codex_rollout_checks, codex_rollout_evidence = _local_codex_rollout_structure_checks( codex_rollout_log, sessions_root=codex_sessions_root or DEFAULT_CODEX_SESSIONS_ROOT, evidence_root=evidence_root, packet=packet, capture=capture, provenance=browser_provenance, provenance_evidence=browser_provenance_evidence, artifact_hashes=artifact_hashes, messages=messages, ) timeline_checks, timeline = _timeline_checks( preflight, capture, postflight, browser_provenance, messages, ) turn_screenshot_hashes = [item["screenshot"]["sha256"] for item in turn_evidence] turn_accessibility_hashes = [item["accessibility"]["sha256"] for item in turn_evidence] final_matches_earlier_turn = ( screenshot.get("sha256") in turn_screenshot_hashes[:2] or accessibility.get("sha256") in turn_accessibility_hashes[:2] ) final_matches_turn_three = bool( len(turn_evidence) == 3 and ( screenshot.get("sha256") == turn_screenshot_hashes[2] or accessibility.get("sha256") == turn_accessibility_hashes[2] ) ) final_reuse_documented = capture_source.get("final_capture_reuses_turn_3") is True and _present( capture_source.get("final_capture_reuse_reason") ) final_reuse_policy_satisfied = not final_matches_earlier_turn and ( (final_matches_turn_three and final_reuse_documented) or ( not final_matches_turn_three and capture_source.get("final_capture_reuses_turn_3") is False and not _present(capture_source.get("final_capture_reuse_reason")) ) ) checks = { **packet_integrity, **preflight_integrity, **postflight_integrity, **browser_checks, **codex_rollout_checks, **timeline_checks, "capture_schema_supported": capture.get("schema") == CAPTURE_SCHEMA, "packet_ready": packet.get("ready_to_request_action_time_authorization") is True, "packet_file_hash_matches_preflight": _sha256_file(packet_path) == preflight.get("packet_file_sha256"), "handler_receipt_binding_unchanged": handler_path.is_file() and _sha256_file(handler_path) == handler_binding.get("sha256"), "protocol_bound_across_all_artifacts": capture.get("protocol_sha256") == preflight.get("protocol_sha256") == postflight.get("protocol_sha256") == packet.get("protocol_sha256"), "preflight_state_token_bound_to_capture_and_postflight": capture.get("preflight_state_token_sha256") == preflight.get("state_token_sha256") == postflight.get("baseline_state_token_sha256"), "preflight_challenge_bound_to_postflight": bool( SHA64_RE.fullmatch(str(preflight.get("capture_challenge_nonce") or "")) ) and preflight.get("capture_challenge_nonce") == postflight.get("capture_challenge_nonce"), "exact_action_time_authorization_captured": capture.get("operator_authorization_text") == packet.get("explicit_operator_authorization_text") and _present(capture.get("operator_authorization_captured_at_utc")), "authenticated_chrome_transport_declared": capture_source.get("platform") == "telegram" and capture_source.get("transport") == "authenticated_chrome_telegram_ui", "bot_api_not_substituted": "bot_api" not in json.dumps(capture_source).casefold(), "exact_destination_matches": capture_source.get("chat_label") == (packet.get("target") or {}).get("chat_label") and capture_source.get("chat_id") == (packet.get("target") or {}).get("chat_id"), "exact_three_messages_and_no_extras": len(messages) == len(expected) == 3 and capture.get("extra_messages_sent") == 0, "prompt_ids_and_sequence_exact": actual_ids == expected_ids and [item.get("sequence") for item in messages] == [1, 2, 3], "sent_text_exact": [item.get("sent_text") for item in messages] == [item.get("message") for item in expected], "visible_replies_nonempty": len(replies) == 3 and all(reply.strip() for reply in replies), "message_and_reply_ids_present_unique": all(ids) and all(reply_ids) and len(set(ids)) == 3 and len(set(reply_ids)) == 3 and set(ids).isdisjoint(reply_ids), "capture_metadata_present": all( _present(capture_source.get(key)) for key in ("captured_at_utc", "captured_by") ), "all_evidence_paths_contained_in_root": all( item.get("contained_in_evidence_root") is True for item in ( screenshot, accessibility, browser_provenance_evidence, *(turn["screenshot"] for turn in turn_evidence), *(turn["accessibility"] for turn in turn_evidence), ) ), "visual_evidence_files_present": screenshot["exists"] and screenshot["bytes"] > 0 and accessibility["exists"] and accessibility["bytes"] > 0 and len(turn_evidence) == 3 and all( item["screenshot"]["exists"] and item["screenshot"]["bytes"] > 0 and item["accessibility"]["exists"] and item["accessibility"]["bytes"] > 0 for item in turn_evidence ), "screenshots_are_valid_png_with_metadata": screenshot["png"]["valid_png"] is True and len(turn_evidence) == 3 and all(item["screenshot"]["png"]["valid_png"] is True for item in turn_evidence), "per_turn_screenshot_hashes_distinct_nonempty": len(turn_screenshot_hashes) == 3 and all(SHA64_RE.fullmatch(value) for value in turn_screenshot_hashes) and len(set(turn_screenshot_hashes)) == 3, "per_turn_accessibility_hashes_distinct_nonempty": len(turn_accessibility_hashes) == 3 and all(SHA64_RE.fullmatch(value) for value in turn_accessibility_hashes) and len(set(turn_accessibility_hashes)) == 3, "final_capture_reuse_policy_satisfied": final_reuse_policy_satisfied, "turn_accessibility_binds_exact_messages_and_replies": len(turn_evidence) == len(messages) == 3 and all( _accessibility_binds_message( evidence["accessibility"], sent_text=str(message.get("sent_text") or ""), reply=str(message.get("reply") or ""), ) for evidence, message in zip(turn_evidence, messages, strict=True) ), "canonical_fingerprint_unchanged_from_preflight": bool( pre_fingerprint.get("fingerprint_sha256") and pre_fingerprint.get("fingerprint_sha256") == post_fingerprint.get("fingerprint_sha256") ), "gateway_process_unchanged_from_preflight": all( pre_service.get(key) == post_service.get(key) for key in service_keys ), **semantics, } preparation_outcomes = { "caller_bundle_three_turn_chain_structurally_consistent": all( checks[key] for key in ( "authenticated_chrome_transport_declared", "browser_provenance_channel_is_chrome_extension", "codex_rollout_has_exact_single_authorization_event", "codex_rollout_capture_events_are_chrome_backend", "codex_rollout_turn_receipts_bind_artifacts_and_telegram_ids", "codex_rollout_final_receipt_binds_provenance_artifacts_and_all_ids", "codex_rollout_capture_event_order_valid", "browser_observed_telegram_web_origin", "browser_observed_exact_chat_identity", "browser_observed_exact_message_and_reply_ids", "authorization_provenance_hash_and_timestamp_bound", "exact_destination_matches", "exact_three_messages_and_no_extras", "sent_text_exact", "visible_replies_nonempty", "strict_send_reply_turn_order", "screenshots_are_valid_png_with_metadata", "per_turn_screenshot_hashes_distinct_nonempty", "per_turn_accessibility_hashes_distinct_nonempty", "final_capture_reuse_policy_satisfied", "visual_evidence_files_present", "turn_accessibility_binds_exact_messages_and_replies", ) ), "caller_bundle_db_grounded_challenge_structurally_consistent": all( checks[key] for key in ( "visible_db_object_selected_without_operator_id", "visible_weak_support_explained", "same_subject_survived_challenge", "assumption_support_and_falsifier_separated", "independent_db_object_matches_visible_subject", ) ), "caller_bundle_review_only_revision_structurally_consistent": all( checks[key] for key in ( "multiple_review_only_candidates_proposed", "objection_revised_candidate", "resolving_source_named", "review_approval_apply_boundary_explicit", "reply_claimed_no_mutation", ) ), "caller_bundle_canonical_state_claim_structurally_consistent": checks[ "canonical_fingerprint_unchanged_from_preflight" ], } preparation_ready = all(checks.values()) and all(preparation_outcomes.values()) return { "schema": SCHEMA, "generated_at_utc": datetime.now(timezone.utc).isoformat(), "mode": "telegram_visible_unseen_chain_preparation_verifier", "status": PREPARATION_STATUS if preparation_ready else "fail", **_preparation_only_fields(preparation_ready=preparation_ready), "capture_bundle_present": True, "production_apply_executed": False, "mutates_db": False, "packet_path": str(packet_path), "checks": checks, "preparation_outcomes": preparation_outcomes, "selected_subject": { "ref": subject_ref, "table": subject_match.get("table"), "row_id": (subject_match.get("row") or {}).get("id"), }, "evidence": { "final_screenshot": screenshot, "final_accessibility": accessibility, "turn_evidence": turn_evidence, "browser_provenance": browser_provenance_evidence, "browser_provider_identifiers": browser_provenance.get("browser"), "codex_rollout_provenance": codex_rollout_evidence, "timeline": timeline, "final_capture_reuses_turn_3": capture_source.get("final_capture_reuses_turn_3"), "final_capture_reuse_reason": capture_source.get("final_capture_reuse_reason"), "telegram_message_ids": ids, "telegram_reply_ids": reply_ids, "preflight_state_token_sha256": preflight.get("state_token_sha256"), "postflight_state_token_sha256": postflight.get("state_token_sha256"), "canonical_fingerprint_sha256": post_fingerprint.get("fingerprint_sha256"), }, "claim_ceiling": { "proven": ( "The caller-supplied capture bundle is structurally consistent, including its chronology, evidence, " "semantic, and unchanged-state claims. It is ready for an independently authenticated platform or " "browser receipt outside this verifier; no live activity is authenticated here." if preparation_ready else "No preparation claim; at least one structural, semantic, binding, or state check failed." ), "not_proven": [ "T3 live-readonly Telegram proof", "Telegram-visible message delivery or replies", "canonical proposal staging or apply", "agent-to-agent review", "GCP runtime parity for the Telegram-visible chain", ], }, } def write_json(path: Path, data: dict[str, Any]) -> None: path.parent.mkdir(parents=True, exist_ok=True) path.write_text(json.dumps(data, indent=2, sort_keys=True) + "\n", encoding="utf-8") def write_markdown(path: Path, data: dict[str, Any]) -> None: lines = [ "# Telegram-Visible Unseen Chain Capture Receipt", "", f"Generated UTC: `{data['generated_at_utc']}`", f"Status: `{data['status']}`", f"Preparation ready: `{data['preparation_ready']}`", f"Receipt ready: `{data['receipt_ready']}`", f"Current tier: `{data['current_tier']}`", f"Required tier: `{data['required_tier']}`", f"Telegram-visible messages sent: `{data['telegram_visible_messages_sent']}`", f"Independent live receipt verified: `{data['live_receipt_boundary']['verified']}`", f"Mutates DB: `{data['mutates_db']}`", "", "## Checks", "", ] lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data.get("checks", {}).items())) if data.get("capture_template"): lines.extend( [ "", "## Awaiting Authorized Capture", "", "The packet and preflight are structurally ready. No Telegram message has been sent by this verifier.", "A future T3 receipt requires an independently authenticated platform/browser authority outside this verifier.", ] ) lines.extend( [ "", "## Trust Boundary", "", "Local files, capture artifacts, and Codex rollout JSONL are caller-writable preparation evidence only. " "This verifier cannot accept or mint a live receipt.", "", "## Claim Ceiling", "", data["claim_ceiling"]["proven"], "", ] ) path.parent.mkdir(parents=True, exist_ok=True) path.write_text("\n".join(lines), encoding="utf-8") def parse_args(argv: list[str] | None = None) -> argparse.Namespace: parser = argparse.ArgumentParser(description=__doc__) parser.add_argument("--packet", type=Path, default=DEFAULT_PACKET) parser.add_argument("--preflight", type=Path, default=DEFAULT_PREFLIGHT) parser.add_argument("--capture-json", type=Path) parser.add_argument("--postflight", type=Path, default=DEFAULT_POSTFLIGHT) parser.add_argument("--evidence-root", type=Path, default=Path(".")) parser.add_argument( "--codex-rollout-log", type=Path, help="Local Codex rollout JSONL for preparation-structure checks; this never authenticates a live receipt", ) parser.add_argument("--out", type=Path, default=DEFAULT_OUT) parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT) return parser.parse_args(argv) def main(argv: list[str] | None = None) -> int: args = parse_args(argv) packet = _load_json(args.packet) preflight = _load_json(args.preflight) capture = _load_json(args.capture_json) if args.capture_json else None postflight = _load_json(args.postflight) if capture is not None and args.postflight.exists() else None receipt = verify_capture( packet, preflight, capture, postflight, packet_path=args.packet, evidence_root=args.evidence_root, codex_rollout_log=args.codex_rollout_log, ) write_json(args.out, receipt) write_markdown(args.markdown_out, receipt) print( json.dumps( { "out": str(args.out), "markdown_out": str(args.markdown_out), "status": receipt["status"], "receipt_ready": receipt["receipt_ready"], }, indent=2, sort_keys=True, ) ) return 0 if receipt["status"] in {PREPARATION_STATUS, "awaiting_action_time_authorization"} else 2 if __name__ == "__main__": raise SystemExit(main())