#!/usr/bin/env python3 """Verify retained authenticated-Chrome proof for Leo's unseen Telegram chain.""" from __future__ import annotations import argparse import hashlib import json import re import struct import zlib from datetime import datetime, timezone from itertools import pairwise from pathlib import Path from typing import Any from urllib.parse import urlparse try: import build_telegram_visible_unseen_chain_packet as packet_builder import collect_telegram_visible_unseen_chain_state as state_collector import verify_leo_unseen_reasoning_chain as unseen except ImportError: # pragma: no cover - imported as scripts.* in tests from scripts import build_telegram_visible_unseen_chain_packet as packet_builder from scripts import collect_telegram_visible_unseen_chain_state as state_collector from scripts import verify_leo_unseen_reasoning_chain as unseen SCHEMA = "livingip.telegramVisibleUnseenChainReceipt.v2" CAPTURE_SCHEMA = "livingip.telegramVisibleUnseenChainCapture.v1" BROWSER_PROVENANCE_SCHEMA = "livingip.authenticatedChromeTelegramCaptureProvenance.v1" SHA64_RE = re.compile(r"^[0-9a-f]{64}$") MIN_SCREENSHOT_WIDTH = 320 MIN_SCREENSHOT_HEIGHT = 200 DEFAULT_CODEX_SESSIONS_ROOT = Path.home() / ".codex" / "sessions" REPORT_DIR = Path("docs/reports/leo-working-state-20260709") DEFAULT_PACKET = packet_builder.DEFAULT_OUT DEFAULT_PREFLIGHT = REPORT_DIR / "telegram-visible-unseen-chain-preflight-current.json" DEFAULT_POSTFLIGHT = REPORT_DIR / "telegram-visible-unseen-chain-postflight-current.json" DEFAULT_OUT = REPORT_DIR / "telegram-visible-unseen-chain-capture-receipt-current.json" DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-unseen-chain-capture-receipt-current.md" def _load_json(path: Path) -> dict[str, Any]: return json.loads(path.read_text(encoding="utf-8")) def _sha256_file(path: Path) -> str: return hashlib.sha256(path.read_bytes()).hexdigest() def _present(value: Any) -> bool: if value is None: return False if isinstance(value, str): return bool(value.strip()) if isinstance(value, (dict, list)): return bool(value) return True def blank_capture_template(packet: dict[str, Any], preflight: dict[str, Any]) -> dict[str, Any]: target = packet.get("target") or {} return { "schema": CAPTURE_SCHEMA, "protocol_sha256": packet.get("protocol_sha256"), "preflight_state_token_sha256": preflight.get("state_token_sha256"), "operator_authorization_text": packet.get("explicit_operator_authorization_text"), "operator_authorization_captured_at_utc": "", "extra_messages_sent": 0, "capture_source": { "platform": "telegram", "transport": "authenticated_chrome_telegram_ui", "chat_label": target.get("chat_label"), "chat_id": target.get("chat_id"), "captured_at_utc": "", "captured_by": "", "final_screenshot": "", "final_accessibility": "", "browser_provenance": "", "final_capture_reuses_turn_3": False, "final_capture_reuse_reason": "", }, "messages": [ { "sequence": item["sequence"], "prompt_id": item["prompt_id"], "sent_text": item["message"], "reply": "", "sent_at_utc": "", "reply_at_utc": "", "telegram_message_id": "", "reply_message_id": "", "turn_screenshot": "", "turn_accessibility": "", } for item in packet.get("exact_messages", []) ], } def _resolve_evidence(path_value: str, evidence_root: Path) -> dict[str, Any]: root = evidence_root.resolve() if not path_value.strip(): return { "path": path_value, "exists": False, "contained_in_evidence_root": False, "bytes": 0, "sha256": "", } path = Path(path_value) if not path.is_absolute(): path = root / path resolved = path.resolve() contained = resolved == root or root in resolved.parents exists = contained and resolved.is_file() return { "path": str(resolved), "exists": exists, "contained_in_evidence_root": contained, "bytes": resolved.stat().st_size if exists else 0, "sha256": _sha256_file(resolved) if exists else "", } def _inspect_png(evidence: dict[str, Any]) -> dict[str, Any]: metadata: dict[str, Any] = { "valid_png": False, "width": 0, "height": 0, "bit_depth": 0, "color_type": -1, "crc_valid": False, "pixel_data_valid": False, } if not evidence.get("exists"): return metadata data = Path(str(evidence["path"])).read_bytes() if not data.startswith(b"\x89PNG\r\n\x1a\n"): return metadata offset = 8 chunks: list[tuple[bytes, bytes]] = [] crc_valid = True while offset + 12 <= len(data): length = struct.unpack(">I", data[offset : offset + 4])[0] chunk_end = offset + 12 + length if chunk_end > len(data): return metadata chunk_type = data[offset + 4 : offset + 8] payload = data[offset + 8 : offset + 8 + length] expected_crc = struct.unpack(">I", data[offset + 8 + length : chunk_end])[0] crc_valid = crc_valid and (zlib.crc32(chunk_type + payload) & 0xFFFFFFFF) == expected_crc chunks.append((chunk_type, payload)) offset = chunk_end if chunk_type == b"IEND": break if not chunks or chunks[0][0] != b"IHDR" or len(chunks[0][1]) != 13: return metadata if chunks[-1][0] != b"IEND" or offset != len(data): return metadata width, height, bit_depth, color_type, compression, filtering, interlace = struct.unpack(">IIBBBBB", chunks[0][1]) idat = b"".join(payload for chunk_type, payload in chunks if chunk_type == b"IDAT") channels = {2: 3, 6: 4}.get(color_type) pixel_data_valid = False if idat and channels and bit_depth == 8 and compression == 0 and filtering == 0 and interlace == 0: try: pixels = zlib.decompress(idat) except zlib.error: pixels = b"" expected_size = height * (1 + width * channels) pixel_data_valid = len(pixels) == expected_size metadata.update( { "width": width, "height": height, "bit_depth": bit_depth, "color_type": color_type, "crc_valid": crc_valid, "pixel_data_valid": pixel_data_valid, "valid_png": crc_valid and pixel_data_valid and width >= MIN_SCREENSHOT_WIDTH and height >= MIN_SCREENSHOT_HEIGHT, } ) return metadata def _parse_aware_timestamp(value: Any) -> datetime | None: if not isinstance(value, str) or not value.strip(): return None candidate = value.strip() if candidate.endswith("Z"): candidate = candidate[:-1] + "+00:00" try: parsed = datetime.fromisoformat(candidate) except ValueError: return None if parsed.tzinfo is None or parsed.utcoffset() is None: return None return parsed def _all_true_section(value: Any, *, allow_empty: bool = False) -> bool: if not isinstance(value, dict): return False return (allow_empty or bool(value)) and all(item is True for item in value.values()) def _state_artifact_checks( artifact: dict[str, Any], *, phase: str, packet: dict[str, Any], packet_path: Path, ) -> dict[str, bool]: baseline_checks_required = phase == "postflight" return { f"{phase}_schema_supported": artifact.get("schema") == state_collector.SCHEMA, f"{phase}_status_and_phase_pass": artifact.get("status") == "pass" and artifact.get("phase") == phase, f"{phase}_packet_checks_all_pass": _all_true_section(artifact.get("packet_checks")), f"{phase}_remote_checks_all_pass": _all_true_section(artifact.get("remote_checks")), f"{phase}_baseline_checks_all_pass": _all_true_section( artifact.get("baseline_checks"), allow_empty=not baseline_checks_required ), f"{phase}_state_token_derivation_valid": state_collector.state_token_is_valid(artifact), f"{phase}_packet_file_hash_bound": artifact.get("packet_file_sha256") == _sha256_file(packet_path), f"{phase}_protocol_bound": artifact.get("protocol_sha256") == packet.get("protocol_sha256"), f"{phase}_manifest_bound": artifact.get("manifest_binding") == packet.get("manifest_binding"), } def _capture_messages(capture: dict[str, Any]) -> list[dict[str, Any]]: messages = capture.get("messages") return [item for item in messages if isinstance(item, dict)] if isinstance(messages, list) else [] def _normalized_text(value: str) -> str: return re.sub(r"\s+", " ", value).strip().casefold() def _accessibility_binds_message(evidence: dict[str, Any], *, sent_text: str, reply: str) -> bool: if not evidence.get("exists") or not evidence.get("path"): return False text = Path(str(evidence["path"])).read_text(encoding="utf-8", errors="replace") normalized = _normalized_text(text) return _normalized_text(sent_text) in normalized and _normalized_text(reply) in normalized def _artifact_hash_manifest( *, final_screenshot: dict[str, Any], final_accessibility: dict[str, Any], turn_evidence: list[dict[str, Any]], ) -> dict[str, Any]: return { "final_screenshot": final_screenshot.get("sha256"), "final_accessibility": final_accessibility.get("sha256"), "turn_screenshots": [item["screenshot"].get("sha256") for item in turn_evidence], "turn_accessibility": [item["accessibility"].get("sha256") for item in turn_evidence], } def _browser_provenance_checks( evidence: dict[str, Any], *, packet: dict[str, Any], preflight: dict[str, Any], capture: dict[str, Any], capture_source: dict[str, Any], messages: list[dict[str, Any]], artifact_hashes: dict[str, Any], ) -> tuple[dict[str, bool], dict[str, Any]]: provenance: dict[str, Any] = {} if evidence.get("exists"): try: value = _load_json(Path(str(evidence["path"]))) except (OSError, UnicodeDecodeError, json.JSONDecodeError): value = {} if isinstance(value, dict): provenance = value browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {} authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {} telegram = provenance.get("telegram") if isinstance(provenance.get("telegram"), dict) else {} provider_ids = [ str(browser.get(key) or "") for key in ("browser_id", "session_id", "tab_id", "provider_capture_id") ] packet_serialized = json.dumps(packet, sort_keys=True) provenance_serialized = json.dumps(provenance, sort_keys=True) capture_serialized = json.dumps(capture, sort_keys=True) target = packet.get("target") if isinstance(packet.get("target"), dict) else {} page_url = str(browser.get("page_url") or "") parsed_url = urlparse(page_url) expected_message_ids = [str(item.get("telegram_message_id") or "") for item in messages] expected_reply_ids = [str(item.get("reply_message_id") or "") for item in messages] authorization_text = str(capture.get("operator_authorization_text") or "") checks = { "browser_provenance_file_present_and_contained": evidence.get("exists") is True and evidence.get("contained_in_evidence_root") is True, "browser_provenance_schema_supported": provenance.get("schema") == BROWSER_PROVENANCE_SCHEMA, "browser_provenance_status_and_checks_pass": provenance.get("status") == "pass" and _all_true_section(provenance.get("checks")), "browser_provenance_channel_is_chrome_extension": provenance.get("capture_channel") == "codex_chrome_extension" and browser.get("browser_type") == "extension", "browser_provenance_sha256_not_self_declared": bool(evidence.get("sha256")) and evidence.get("sha256") not in capture_serialized and evidence.get("sha256") not in provenance_serialized, "browser_provenance_challenge_and_protocol_bound": provenance.get("capture_challenge_nonce") == preflight.get("capture_challenge_nonce") and provenance.get("protocol_sha256") == packet.get("protocol_sha256"), "browser_provider_identifiers_present_and_not_from_packet": all( len(value) >= 8 and value not in packet_serialized for value in provider_ids ) and len(set(provider_ids)) == len(provider_ids), "browser_observed_telegram_web_origin": parsed_url.scheme == "https" and parsed_url.hostname == "web.telegram.org" and str(target.get("chat_id") or "") in page_url, "browser_observed_exact_chat_identity": telegram.get("chat_id") == target.get("chat_id") and telegram.get("chat_label") == target.get("chat_label") and str(target.get("chat_label") or "").casefold() in str(browser.get("page_title") or "").casefold(), "browser_observed_exact_message_and_reply_ids": telegram.get("message_ids") == expected_message_ids and telegram.get("reply_ids") == expected_reply_ids, "browser_provenance_artifact_hashes_exact": provenance.get("artifacts") == artifact_hashes, "browser_provenance_capture_timestamp_bound": browser.get("captured_at_utc") == capture_source.get("captured_at_utc"), "authorization_provenance_is_independent_codex_user_message": authorization.get("source") == "codex_platform_user_message" and all( len(str(authorization.get(key) or "")) >= 8 for key in ("thread_id", "user_message_id", "source_receipt_id") ), "authorization_provenance_hash_and_timestamp_bound": authorization.get("text_sha256") == hashlib.sha256(authorization_text.encode("utf-8")).hexdigest() and authorization.get("captured_at_utc") == capture.get("operator_authorization_captured_at_utc"), "authorization_text_not_copied_into_provenance": bool(authorization_text) and authorization_text not in provenance_serialized, } return checks, provenance def _codex_rollout_provenance_checks( rollout_path: Path | None, *, sessions_root: Path, evidence_root: Path, packet: dict[str, Any], capture: dict[str, Any], provenance: dict[str, Any], provenance_evidence: dict[str, Any], artifact_hashes: dict[str, Any], messages: list[dict[str, Any]], ) -> tuple[dict[str, bool], dict[str, Any]]: root = sessions_root.resolve() resolved = rollout_path.resolve() if rollout_path is not None else Path() contained = bool(rollout_path) and resolved.is_file() and root in resolved.parents outside_evidence_root = bool(rollout_path) and evidence_root.resolve() not in resolved.parents events: list[dict[str, Any]] = [] jsonl_valid = contained if contained: try: with resolved.open(encoding="utf-8") as handle: for line in handle: if not line.strip(): continue value = json.loads(line) if not isinstance(value, dict): jsonl_valid = False continue events.append(value) except (OSError, UnicodeDecodeError, json.JSONDecodeError): jsonl_valid = False events = [] operator_context = packet.get("operator_context") if isinstance(packet.get("operator_context"), dict) else {} authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {} browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {} thread_id = str(operator_context.get("codex_thread_id") or "") authorization_text = str(capture.get("operator_authorization_text") or "") user_message_id = str(authorization.get("user_message_id") or "") matching_user_events: list[dict[str, Any]] = [] browser_events: dict[str, dict[str, Any]] = {} for event in events: payload = event.get("payload") if isinstance(event.get("payload"), dict) else {} if event.get("type") == "response_item" and payload.get("type") == "message" and payload.get("role") == "user": content = payload.get("content") if isinstance(payload.get("content"), list) else [] text = "".join( str(item.get("text") or "") for item in content if isinstance(item, dict) and item.get("type") == "input_text" ) metadata = ( payload.get("internal_chat_message_metadata_passthrough") if isinstance(payload.get("internal_chat_message_metadata_passthrough"), dict) else {} ) if text == authorization_text and metadata.get("turn_id") == user_message_id: matching_user_events.append(event) if event.get("type") == "event_msg" and payload.get("type") == "mcp_tool_call_end": call_id = str(payload.get("call_id") or "") if call_id: browser_events[call_id] = event user_event = matching_user_events[0] if len(matching_user_events) == 1 else {} session_meta_ids = [ str((event.get("payload") or {}).get("id") or "") for event in events if event.get("type") == "session_meta" and isinstance(event.get("payload"), dict) ] user_event_sha256 = ( hashlib.sha256(json.dumps(user_event, sort_keys=True, separators=(",", ":")).encode("utf-8")).hexdigest() if user_event else "" ) turn_call_ids = provenance.get("turn_capture_call_ids") turn_call_ids = [str(value) for value in turn_call_ids] if isinstance(turn_call_ids, list) else [] final_call_id = str(provenance.get("final_capture_call_id") or "") reuse_final = (capture.get("capture_source") or {}).get("final_capture_reuses_turn_3") is True call_id_shape_valid = ( len(turn_call_ids) == 3 and all(len(value) >= 8 for value in turn_call_ids) and len(set(turn_call_ids)) == 3 and len(final_call_id) >= 8 and ( (reuse_final and final_call_id == turn_call_ids[2]) or (not reuse_final and final_call_id not in turn_call_ids) ) ) expected_call_ids = set(turn_call_ids + ([final_call_id] if final_call_id else [])) selected_events = {call_id: browser_events.get(call_id, {}) for call_id in expected_call_ids} def browser_event_parts(event: dict[str, Any]) -> tuple[dict[str, Any], str, datetime | None]: payload = event.get("payload") if isinstance(event.get("payload"), dict) else {} result = payload.get("result") if isinstance(payload.get("result"), dict) else {} ok = result.get("Ok") if isinstance(result.get("Ok"), dict) else {} meta = ok.get("_meta") if isinstance(ok.get("_meta"), dict) else {} surface = meta.get("codex/toolSurface") if isinstance(meta.get("codex/toolSurface"), dict) else {} content = ok.get("content") if isinstance(ok.get("content"), list) else [] result_text = "\n".join( str(item.get("text") or "") for item in content if isinstance(item, dict) and item.get("type") == "text" ) return surface, result_text, _parse_aware_timestamp(event.get("timestamp")) event_parts = {call_id: browser_event_parts(event) for call_id, event in selected_events.items()} browser_id = str(browser.get("browser_id") or "") tab_id = str(browser.get("tab_id") or "") all_events_are_chrome = bool(expected_call_ids) and all( event and parts[0].get("backend") == "chrome" and parts[0].get("kind") == "browserUse" and parts[0].get("browserId") == browser_id and tab_id in (parts[0].get("openTabIds") or []) for call_id, event in selected_events.items() for parts in [event_parts[call_id]] ) all_events_invoked_capture_apis = ( bool(expected_call_ids) and all( event and "screenshot(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") and "domSnapshot(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") and ".url(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") and ".title(" in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "") for event in selected_events.values() ) and len(selected_events) == len(expected_call_ids) ) turn_receipts_bound = len(turn_call_ids) == len(messages) == 3 and all( call_id in event_parts and all( value in event_parts[call_id][1] for value in ( artifact_hashes["turn_screenshots"][index], artifact_hashes["turn_accessibility"][index], str(message.get("telegram_message_id") or ""), str(message.get("reply_message_id") or ""), str(browser.get("page_url") or ""), str(browser.get("page_title") or ""), str((packet.get("target") or {}).get("chat_id") or ""), ) ) for index, (call_id, message) in enumerate(zip(turn_call_ids, messages, strict=True)) ) final_receipt_text = event_parts.get(final_call_id, ({}, "", None))[1] final_receipt_bound = bool(final_receipt_text) and all( value in final_receipt_text for value in ( str(artifact_hashes.get("final_screenshot") or ""), str(artifact_hashes.get("final_accessibility") or ""), str(provenance_evidence.get("sha256") or ""), *(str(item.get("telegram_message_id") or "") for item in messages), *(str(item.get("reply_message_id") or "") for item in messages), ) ) event_times = [event_parts.get(call_id, ({}, "", None))[2] for call_id in turn_call_ids] final_event_at = event_parts.get(final_call_id, ({}, "", None))[2] send_times = [_parse_aware_timestamp(item.get("sent_at_utc")) for item in messages] reply_times = [_parse_aware_timestamp(item.get("reply_at_utc")) for item in messages] browser_event_order_valid = all( value is not None for value in (*event_times, final_event_at, *send_times, *reply_times) ) if browser_event_order_valid: browser_event_order_valid = bool( reply_times[0] < event_times[0] < send_times[1] and reply_times[1] < event_times[1] < send_times[2] and reply_times[2] < event_times[2] and ( (reuse_final and final_event_at == event_times[2]) or (not reuse_final and event_times[2] < final_event_at) ) ) authorization_event_at = _parse_aware_timestamp(user_event.get("timestamp")) if user_event else None capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {} checks = { "codex_rollout_log_is_trusted_external_file": contained and outside_evidence_root and thread_id in resolved.name, "codex_rollout_log_jsonl_valid": jsonl_valid and bool(events), "codex_rollout_session_meta_matches_thread": session_meta_ids == [thread_id], "codex_rollout_has_exact_single_authorization_event": len(matching_user_events) == 1, "codex_authorization_event_bound_to_provenance": authorization.get("thread_id") == thread_id and authorization.get("source_receipt_id") == user_event_sha256 and user_event.get("timestamp") == capture.get("operator_authorization_captured_at_utc"), "codex_rollout_capture_call_ids_valid": call_id_shape_valid, "codex_rollout_capture_events_are_chrome_backend": all_events_are_chrome, "codex_rollout_capture_events_invoked_screenshot_and_dom_snapshot": all_events_invoked_capture_apis, "codex_rollout_turn_receipts_bind_artifacts_and_telegram_ids": turn_receipts_bound, "codex_rollout_final_receipt_binds_provenance_artifacts_and_all_ids": final_receipt_bound, "codex_rollout_capture_event_order_valid": browser_event_order_valid, "codex_rollout_final_event_timestamp_bound": final_event_at is not None and capture_source.get("captured_at_utc") == (selected_events.get(final_call_id) or {}).get("timestamp") and browser.get("captured_at_utc") == (selected_events.get(final_call_id) or {}).get("timestamp"), "codex_rollout_authorization_timestamp_is_aware": authorization_event_at is not None, } evidence = { "path": str(resolved) if rollout_path else "", "sha256": _sha256_file(resolved) if contained else "", "thread_id": thread_id, "authorization_turn_id": user_message_id, "turn_capture_call_ids": turn_call_ids, "final_capture_call_id": final_call_id, "turn_capture_timestamps": [(selected_events.get(call_id) or {}).get("timestamp") for call_id in turn_call_ids], "final_capture_timestamp": (selected_events.get(final_call_id) or {}).get("timestamp"), } return checks, evidence def _timeline_checks( preflight: dict[str, Any], capture: dict[str, Any], postflight: dict[str, Any], provenance: dict[str, Any], messages: list[dict[str, Any]], ) -> tuple[dict[str, bool], dict[str, Any]]: capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {} browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {} authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {} preflight_at = _parse_aware_timestamp(preflight.get("generated_at_utc")) authorization_at = _parse_aware_timestamp(capture.get("operator_authorization_captured_at_utc")) send_times = [_parse_aware_timestamp(item.get("sent_at_utc")) for item in messages] reply_times = [_parse_aware_timestamp(item.get("reply_at_utc")) for item in messages] final_capture_at = _parse_aware_timestamp(capture_source.get("captured_at_utc")) postflight_at = _parse_aware_timestamp(postflight.get("generated_at_utc")) browser_capture_at = _parse_aware_timestamp(browser.get("captured_at_utc")) authorization_provenance_at = _parse_aware_timestamp(authorization.get("captured_at_utc")) timestamps = [ preflight_at, authorization_at, *send_times, *reply_times, final_capture_at, postflight_at, browser_capture_at, authorization_provenance_at, ] valid = len(messages) == 3 and all(value is not None for value in timestamps) strict_turn_order = False preflight_before_authorization = False authorization_before_first_send = False final_after_reply3 = False postflight_after_reply3 = False if valid: assert preflight_at is not None assert authorization_at is not None assert final_capture_at is not None assert postflight_at is not None ordered_turns = [ send_times[0], reply_times[0], send_times[1], reply_times[1], send_times[2], reply_times[2], ] strict_turn_order = all(left < right for left, right in pairwise(ordered_turns)) preflight_before_authorization = preflight_at < authorization_at authorization_before_first_send = authorization_at < send_times[0] final_after_reply3 = reply_times[2] < final_capture_at postflight_after_reply3 = reply_times[2] < postflight_at checks = { "timestamps_valid_and_timezone_aware": valid, "preflight_before_captured_authorization": preflight_before_authorization, "captured_authorization_before_first_send": authorization_before_first_send, "strict_send_reply_turn_order": strict_turn_order, "final_capture_after_third_reply": final_after_reply3, "postflight_after_third_reply": postflight_after_reply3, } timeline = { "preflight": preflight.get("generated_at_utc"), "authorization": capture.get("operator_authorization_captured_at_utc"), "turns": [ {"sent_at_utc": item.get("sent_at_utc"), "reply_at_utc": item.get("reply_at_utc")} for item in messages ], "final_capture": capture_source.get("captured_at_utc"), "postflight": postflight.get("generated_at_utc"), } return checks, timeline def _subject_match(postflight: dict[str, Any]) -> dict[str, Any]: subject = (postflight.get("remote") or {}).get("subject_readback") or {} matches = subject.get("matches") if isinstance(subject, dict) else [] return matches[0] if isinstance(matches, list) and len(matches) == 1 else {} def _semantic_checks(replies: list[str], *, subject_ref: str, subject_match: dict[str, Any]) -> dict[str, bool]: if len(replies) != 3: return { "visible_db_object_selected_without_operator_id": False, "visible_weak_support_explained": False, "same_subject_survived_challenge": False, "assumption_support_and_falsifier_separated": False, "multiple_review_only_candidates_proposed": False, "objection_revised_candidate": False, "resolving_source_named": False, "review_approval_apply_boundary_explicit": False, "reply_claimed_no_mutation": False, "independent_db_object_matches_visible_subject": False, } first, second, third = replies first_refs = unseen._short_refs(first) second_refs = unseen._short_refs(second) shared_terms = unseen._shared_subject_terms(first, second) selected = subject_ref[:8].casefold() if subject_ref else "" visible_subject = bool(selected and (selected in first.casefold() or selected in second.casefold())) same_subject = bool( visible_subject and ( (selected in first.casefold() and selected in second.casefold()) or first_refs & second_refs or len(shared_terms) >= 2 ) ) row = subject_match.get("row") if isinstance(subject_match.get("row"), dict) else {} row_id = str(row.get("id") or "").casefold() proposals = unseen._contains(second, "proposal a", "proposal b") or ( unseen._contains_any(second, "two proposals", "two replacement claims") and "1" in second and "2" in second ) return { "visible_db_object_selected_without_operator_id": unseen._contains_any(first, "claim", "belief", "axiom") and unseen._contains_any(first, "database", "db", "public.") and unseen._contains_any(first, "confidence", "support", "evidence"), "visible_weak_support_explained": unseen._contains_any( first, "nothing supports", "zero evidence", "no evidence", "no claim-evidence", "no_source_pointer", "no external primary source", ), "same_subject_survived_challenge": same_subject, "assumption_support_and_falsifier_separated": unseen._contains_any(second, "assumption") and unseen._contains_any(second, "observed support", "evidence") and unseen._contains_any(second, "falsifier", "counterexample", "would falsify"), "multiple_review_only_candidates_proposed": proposals and unseen._contains_any(second, "review", "staged", "proposal") and unseen._contains_any( second, "nothing applied", "not live knowledge", "staged only", "not an apply", ), "objection_revised_candidate": unseen._contains_any(third, "revised proposal", "revision") and unseen._contains(third, "mechanism", "outcome"), "resolving_source_named": unseen._contains_any( third, "what would resolve", "source would resolve", "evidence would resolve" ) and unseen._contains_any( third, "study", "dataset", "source", "randomized", "quasi-experimental", "replication", "ostrom", ), "review_approval_apply_boundary_explicit": unseen._contains_any( third, "review", "pending_review", "human review" ) and unseen._contains_any(third, "approve", "approved", "approval") and unseen._contains_any(third, "apply", "applied_at", "canonical"), "reply_claimed_no_mutation": unseen._contains_any( third, "not an apply", "nothing staged or changed", "canonical unchanged", "staged intent, not knowledge", "proposal (not an apply)", ), "independent_db_object_matches_visible_subject": bool( visible_subject and row_id and row_id.startswith(selected) ), } def verify_capture( packet: dict[str, Any], preflight: dict[str, Any], capture: dict[str, Any] | None, postflight: dict[str, Any] | None, *, packet_path: Path, evidence_root: Path, codex_rollout_log: Path | None = None, codex_sessions_root: Path = DEFAULT_CODEX_SESSIONS_ROOT, ) -> dict[str, Any]: if capture is None: packet_integrity = state_collector.packet_checks(packet) preflight_integrity = _state_artifact_checks( preflight, phase="preflight", packet=packet, packet_path=packet_path, ) ready = all(packet_integrity.values()) and all(preflight_integrity.values()) return { "schema": SCHEMA, "generated_at_utc": datetime.now(timezone.utc).isoformat(), "mode": "telegram_visible_unseen_chain_capture_verifier", "status": "awaiting_action_time_authorization" if ready else "fail", "receipt_ready": False, "current_tier": "T0_packet_plus_T3_preflight" if ready else "T0_failed_preflight", "required_tier": "T3_live_readonly", "telegram_visible_messages_sent": False, "mutates_db": False, "packet_path": str(packet_path), "preflight_path": str(DEFAULT_PREFLIGHT), "postflight_path": str(DEFAULT_POSTFLIGHT), "capture_template": blank_capture_template(packet, preflight), "checks": { **packet_integrity, **preflight_integrity, "action_time_authorization_present": False, "capture_present": False, "postflight_present": False, }, "claim_ceiling": { "proven": ( "The exact packet and live zero-mutation preflight are ready." if ready else "No readiness claim; packet or preflight integrity validation failed." ), "not_proven": [ "Telegram-visible message delivery", "Telegram-visible Leo replies", "post-send fingerprint equality", ], }, } messages = _capture_messages(capture) expected = packet.get("exact_messages") or [] capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {} replies = [str(item.get("reply") or "") for item in messages] ids = [str(item.get("telegram_message_id") or "") for item in messages] reply_ids = [str(item.get("reply_message_id") or "") for item in messages] screenshot = _resolve_evidence(str(capture_source.get("final_screenshot") or ""), evidence_root) screenshot["png"] = _inspect_png(screenshot) accessibility = _resolve_evidence(str(capture_source.get("final_accessibility") or ""), evidence_root) turn_evidence = [ { "prompt_id": item.get("prompt_id"), "screenshot": _resolve_evidence(str(item.get("turn_screenshot") or ""), evidence_root), "accessibility": _resolve_evidence(str(item.get("turn_accessibility") or ""), evidence_root), } for item in messages ] for evidence in turn_evidence: evidence["screenshot"]["png"] = _inspect_png(evidence["screenshot"]) browser_provenance_evidence = _resolve_evidence(str(capture_source.get("browser_provenance") or ""), evidence_root) artifact_hashes = _artifact_hash_manifest( final_screenshot=screenshot, final_accessibility=accessibility, turn_evidence=turn_evidence, ) postflight = postflight or {} subject_ref = str(postflight.get("subject_ref") or "") subject_match = _subject_match(postflight) semantics = _semantic_checks(replies, subject_ref=subject_ref, subject_match=subject_match) pre_fingerprint = (preflight.get("remote") or {}).get("fingerprint_after") or {} post_fingerprint = (postflight.get("remote") or {}).get("fingerprint_after") or {} pre_service = (preflight.get("remote") or {}).get("service_after") or {} post_service = (postflight.get("remote") or {}).get("service_after") or {} service_keys = ("MainPID", "NRestarts", "ExecMainStartTimestamp") handler_binding = packet.get("handler_receipt_binding") or {} handler_path = Path(str(handler_binding.get("path") or "")) if not handler_path.is_absolute(): handler_path = evidence_root / handler_path expected_ids = [str(item.get("prompt_id") or "") for item in expected] actual_ids = [str(item.get("prompt_id") or "") for item in messages] packet_integrity = state_collector.packet_checks(packet) preflight_integrity = _state_artifact_checks( preflight, phase="preflight", packet=packet, packet_path=packet_path, ) postflight_integrity = _state_artifact_checks( postflight, phase="postflight", packet=packet, packet_path=packet_path, ) browser_checks, browser_provenance = _browser_provenance_checks( browser_provenance_evidence, packet=packet, preflight=preflight, capture=capture, capture_source=capture_source, messages=messages, artifact_hashes=artifact_hashes, ) codex_rollout_checks, codex_rollout_evidence = _codex_rollout_provenance_checks( codex_rollout_log, sessions_root=codex_sessions_root, evidence_root=evidence_root, packet=packet, capture=capture, provenance=browser_provenance, provenance_evidence=browser_provenance_evidence, artifact_hashes=artifact_hashes, messages=messages, ) timeline_checks, timeline = _timeline_checks( preflight, capture, postflight, browser_provenance, messages, ) turn_screenshot_hashes = [item["screenshot"]["sha256"] for item in turn_evidence] turn_accessibility_hashes = [item["accessibility"]["sha256"] for item in turn_evidence] final_matches_earlier_turn = ( screenshot.get("sha256") in turn_screenshot_hashes[:2] or accessibility.get("sha256") in turn_accessibility_hashes[:2] ) final_matches_turn_three = bool( len(turn_evidence) == 3 and ( screenshot.get("sha256") == turn_screenshot_hashes[2] or accessibility.get("sha256") == turn_accessibility_hashes[2] ) ) final_reuse_documented = capture_source.get("final_capture_reuses_turn_3") is True and _present( capture_source.get("final_capture_reuse_reason") ) final_reuse_policy_satisfied = not final_matches_earlier_turn and ( (final_matches_turn_three and final_reuse_documented) or ( not final_matches_turn_three and capture_source.get("final_capture_reuses_turn_3") is False and not _present(capture_source.get("final_capture_reuse_reason")) ) ) checks = { **packet_integrity, **preflight_integrity, **postflight_integrity, **browser_checks, **codex_rollout_checks, **timeline_checks, "capture_schema_supported": capture.get("schema") == CAPTURE_SCHEMA, "packet_ready": packet.get("ready_to_request_action_time_authorization") is True, "packet_file_hash_matches_preflight": _sha256_file(packet_path) == preflight.get("packet_file_sha256"), "handler_receipt_binding_unchanged": handler_path.is_file() and _sha256_file(handler_path) == handler_binding.get("sha256"), "protocol_bound_across_all_artifacts": capture.get("protocol_sha256") == preflight.get("protocol_sha256") == postflight.get("protocol_sha256") == packet.get("protocol_sha256"), "preflight_state_token_bound_to_capture_and_postflight": capture.get("preflight_state_token_sha256") == preflight.get("state_token_sha256") == postflight.get("baseline_state_token_sha256"), "preflight_challenge_bound_to_postflight": bool( SHA64_RE.fullmatch(str(preflight.get("capture_challenge_nonce") or "")) ) and preflight.get("capture_challenge_nonce") == postflight.get("capture_challenge_nonce"), "exact_action_time_authorization_captured": capture.get("operator_authorization_text") == packet.get("explicit_operator_authorization_text") and _present(capture.get("operator_authorization_captured_at_utc")), "authenticated_chrome_transport_declared": capture_source.get("platform") == "telegram" and capture_source.get("transport") == "authenticated_chrome_telegram_ui", "bot_api_not_substituted": "bot_api" not in json.dumps(capture_source).casefold(), "exact_destination_matches": capture_source.get("chat_label") == (packet.get("target") or {}).get("chat_label") and capture_source.get("chat_id") == (packet.get("target") or {}).get("chat_id"), "exact_three_messages_and_no_extras": len(messages) == len(expected) == 3 and capture.get("extra_messages_sent") == 0, "prompt_ids_and_sequence_exact": actual_ids == expected_ids and [item.get("sequence") for item in messages] == [1, 2, 3], "sent_text_exact": [item.get("sent_text") for item in messages] == [item.get("message") for item in expected], "visible_replies_nonempty": len(replies) == 3 and all(reply.strip() for reply in replies), "message_and_reply_ids_present_unique": all(ids) and all(reply_ids) and len(set(ids)) == 3 and len(set(reply_ids)) == 3 and set(ids).isdisjoint(reply_ids), "capture_metadata_present": all( _present(capture_source.get(key)) for key in ("captured_at_utc", "captured_by") ), "all_evidence_paths_contained_in_root": all( item.get("contained_in_evidence_root") is True for item in ( screenshot, accessibility, browser_provenance_evidence, *(turn["screenshot"] for turn in turn_evidence), *(turn["accessibility"] for turn in turn_evidence), ) ), "visual_evidence_files_present": screenshot["exists"] and screenshot["bytes"] > 0 and accessibility["exists"] and accessibility["bytes"] > 0 and len(turn_evidence) == 3 and all( item["screenshot"]["exists"] and item["screenshot"]["bytes"] > 0 and item["accessibility"]["exists"] and item["accessibility"]["bytes"] > 0 for item in turn_evidence ), "screenshots_are_valid_png_with_metadata": screenshot["png"]["valid_png"] is True and len(turn_evidence) == 3 and all(item["screenshot"]["png"]["valid_png"] is True for item in turn_evidence), "per_turn_screenshot_hashes_distinct_nonempty": len(turn_screenshot_hashes) == 3 and all(SHA64_RE.fullmatch(value) for value in turn_screenshot_hashes) and len(set(turn_screenshot_hashes)) == 3, "per_turn_accessibility_hashes_distinct_nonempty": len(turn_accessibility_hashes) == 3 and all(SHA64_RE.fullmatch(value) for value in turn_accessibility_hashes) and len(set(turn_accessibility_hashes)) == 3, "final_capture_reuse_policy_satisfied": final_reuse_policy_satisfied, "turn_accessibility_binds_exact_messages_and_replies": len(turn_evidence) == len(messages) == 3 and all( _accessibility_binds_message( evidence["accessibility"], sent_text=str(message.get("sent_text") or ""), reply=str(message.get("reply") or ""), ) for evidence, message in zip(turn_evidence, messages, strict=True) ), "canonical_fingerprint_unchanged_from_preflight": bool( pre_fingerprint.get("fingerprint_sha256") and pre_fingerprint.get("fingerprint_sha256") == post_fingerprint.get("fingerprint_sha256") ), "gateway_process_unchanged_from_preflight": all( pre_service.get(key) == post_service.get(key) for key in service_keys ), **semantics, } outcomes = { "telegram_visible_three_turn_chain": all( checks[key] for key in ( "authenticated_chrome_transport_declared", "browser_provenance_channel_is_chrome_extension", "codex_rollout_has_exact_single_authorization_event", "codex_rollout_capture_events_are_chrome_backend", "codex_rollout_turn_receipts_bind_artifacts_and_telegram_ids", "codex_rollout_final_receipt_binds_provenance_artifacts_and_all_ids", "codex_rollout_capture_event_order_valid", "browser_observed_telegram_web_origin", "browser_observed_exact_chat_identity", "browser_observed_exact_message_and_reply_ids", "authorization_provenance_hash_and_timestamp_bound", "exact_destination_matches", "exact_three_messages_and_no_extras", "sent_text_exact", "visible_replies_nonempty", "strict_send_reply_turn_order", "screenshots_are_valid_png_with_metadata", "per_turn_screenshot_hashes_distinct_nonempty", "per_turn_accessibility_hashes_distinct_nonempty", "final_capture_reuse_policy_satisfied", "visual_evidence_files_present", "turn_accessibility_binds_exact_messages_and_replies", ) ), "visible_db_grounded_challenge": all( checks[key] for key in ( "visible_db_object_selected_without_operator_id", "visible_weak_support_explained", "same_subject_survived_challenge", "assumption_support_and_falsifier_separated", "independent_db_object_matches_visible_subject", ) ), "visible_review_only_revision": all( checks[key] for key in ( "multiple_review_only_candidates_proposed", "objection_revised_candidate", "resolving_source_named", "review_approval_apply_boundary_explicit", "reply_claimed_no_mutation", ) ), "canonical_state_unchanged": checks["canonical_fingerprint_unchanged_from_preflight"], } passed = all(checks.values()) and all(outcomes.values()) return { "schema": SCHEMA, "generated_at_utc": datetime.now(timezone.utc).isoformat(), "mode": "telegram_visible_unseen_chain_capture_verifier", "status": "pass" if passed else "fail", "receipt_ready": passed, "current_tier": "T3_live_readonly" if passed else "T2_or_lower_incomplete_visible_proof", "required_tier": "T3_live_readonly", "telegram_visible_messages_sent": passed, "capture_claimed_messages_sent": True, "production_apply_executed": False, "mutates_db": False, "packet_path": str(packet_path), "checks": checks, "outcomes": outcomes, "selected_subject": { "ref": subject_ref, "table": subject_match.get("table"), "row_id": (subject_match.get("row") or {}).get("id"), }, "evidence": { "final_screenshot": screenshot, "final_accessibility": accessibility, "turn_evidence": turn_evidence, "browser_provenance": browser_provenance_evidence, "browser_provider_identifiers": browser_provenance.get("browser"), "codex_rollout_provenance": codex_rollout_evidence, "timeline": timeline, "final_capture_reuses_turn_3": capture_source.get("final_capture_reuses_turn_3"), "final_capture_reuse_reason": capture_source.get("final_capture_reuse_reason"), "telegram_message_ids": ids, "telegram_reply_ids": reply_ids, "preflight_state_token_sha256": preflight.get("state_token_sha256"), "postflight_state_token_sha256": postflight.get("state_token_sha256"), "canonical_fingerprint_sha256": post_fingerprint.get("fingerprint_sha256"), }, "claim_ceiling": { "proven": ( "One exact authenticated-Chrome Telegram chain visibly selected and challenged a DB object, " "proposed and revised review-only knowledge, preserved the approval/apply boundary, and left the " "canonical fingerprint unchanged." if passed else "No T3 claim; at least one visible, semantic, binding, or state check failed." ), "not_proven": [ "canonical proposal staging or apply", "agent-to-agent review", "GCP runtime parity for the Telegram-visible chain", ], }, } def write_json(path: Path, data: dict[str, Any]) -> None: path.parent.mkdir(parents=True, exist_ok=True) path.write_text(json.dumps(data, indent=2, sort_keys=True) + "\n", encoding="utf-8") def write_markdown(path: Path, data: dict[str, Any]) -> None: lines = [ "# Telegram-Visible Unseen Chain Capture Receipt", "", f"Generated UTC: `{data['generated_at_utc']}`", f"Status: `{data['status']}`", f"Receipt ready: `{data['receipt_ready']}`", f"Current tier: `{data['current_tier']}`", f"Required tier: `{data['required_tier']}`", f"Telegram-visible messages sent: `{data['telegram_visible_messages_sent']}`", f"Mutates DB: `{data['mutates_db']}`", "", "## Checks", "", ] lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data.get("checks", {}).items())) if data.get("capture_template"): lines.extend( [ "", "## Awaiting Authorized Capture", "", "The packet and preflight are ready. No Telegram message has been sent by this verifier.", "A future T3 receipt also requires the exact platform authorization event and Chrome-backend capture receipts from the bound Codex rollout log.", ] ) lines.extend( [ "", "## Claim Ceiling", "", data["claim_ceiling"]["proven"], "", ] ) path.parent.mkdir(parents=True, exist_ok=True) path.write_text("\n".join(lines), encoding="utf-8") def parse_args(argv: list[str] | None = None) -> argparse.Namespace: parser = argparse.ArgumentParser(description=__doc__) parser.add_argument("--packet", type=Path, default=DEFAULT_PACKET) parser.add_argument("--preflight", type=Path, default=DEFAULT_PREFLIGHT) parser.add_argument("--capture-json", type=Path) parser.add_argument("--postflight", type=Path, default=DEFAULT_POSTFLIGHT) parser.add_argument("--evidence-root", type=Path, default=Path(".")) parser.add_argument( "--codex-rollout-log", type=Path, help="Platform rollout JSONL containing the exact user authorization and Chrome capture tool receipts", ) parser.add_argument("--out", type=Path, default=DEFAULT_OUT) parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT) return parser.parse_args(argv) def main(argv: list[str] | None = None) -> int: args = parse_args(argv) packet = _load_json(args.packet) preflight = _load_json(args.preflight) capture = _load_json(args.capture_json) if args.capture_json else None postflight = _load_json(args.postflight) if capture is not None and args.postflight.exists() else None receipt = verify_capture( packet, preflight, capture, postflight, packet_path=args.packet, evidence_root=args.evidence_root, codex_rollout_log=args.codex_rollout_log, ) write_json(args.out, receipt) write_markdown(args.markdown_out, receipt) print( json.dumps( { "out": str(args.out), "markdown_out": str(args.markdown_out), "status": receipt["status"], "receipt_ready": receipt["receipt_ready"], }, indent=2, sort_keys=True, ) ) return 0 if receipt["status"] in {"pass", "awaiting_action_time_authorization"} else 2 if __name__ == "__main__": raise SystemExit(main())