1172 lines
53 KiB
Python
1172 lines
53 KiB
Python
#!/usr/bin/env python3
|
|
"""Verify retained authenticated-Chrome proof for Leo's unseen Telegram chain."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import argparse
|
|
import hashlib
|
|
import json
|
|
import re
|
|
import struct
|
|
import zlib
|
|
from datetime import datetime, timezone
|
|
from itertools import pairwise
|
|
from pathlib import Path
|
|
from typing import Any
|
|
from urllib.parse import urlparse
|
|
|
|
try:
|
|
import build_telegram_visible_unseen_chain_packet as packet_builder
|
|
import collect_telegram_visible_unseen_chain_state as state_collector
|
|
import verify_leo_unseen_reasoning_chain as unseen
|
|
except ImportError: # pragma: no cover - imported as scripts.* in tests
|
|
from scripts import build_telegram_visible_unseen_chain_packet as packet_builder
|
|
from scripts import collect_telegram_visible_unseen_chain_state as state_collector
|
|
from scripts import verify_leo_unseen_reasoning_chain as unseen
|
|
|
|
SCHEMA = "livingip.telegramVisibleUnseenChainReceipt.v2"
|
|
CAPTURE_SCHEMA = "livingip.telegramVisibleUnseenChainCapture.v1"
|
|
BROWSER_PROVENANCE_SCHEMA = "livingip.authenticatedChromeTelegramCaptureProvenance.v1"
|
|
SHA64_RE = re.compile(r"^[0-9a-f]{64}$")
|
|
MIN_SCREENSHOT_WIDTH = 320
|
|
MIN_SCREENSHOT_HEIGHT = 200
|
|
DEFAULT_CODEX_SESSIONS_ROOT = Path.home() / ".codex" / "sessions"
|
|
REPORT_DIR = Path("docs/reports/leo-working-state-20260709")
|
|
DEFAULT_PACKET = packet_builder.DEFAULT_OUT
|
|
DEFAULT_PREFLIGHT = REPORT_DIR / "telegram-visible-unseen-chain-preflight-current.json"
|
|
DEFAULT_POSTFLIGHT = REPORT_DIR / "telegram-visible-unseen-chain-postflight-current.json"
|
|
DEFAULT_OUT = REPORT_DIR / "telegram-visible-unseen-chain-capture-receipt-current.json"
|
|
DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-unseen-chain-capture-receipt-current.md"
|
|
|
|
|
|
def _load_json(path: Path) -> dict[str, Any]:
|
|
return json.loads(path.read_text(encoding="utf-8"))
|
|
|
|
|
|
def _sha256_file(path: Path) -> str:
|
|
return hashlib.sha256(path.read_bytes()).hexdigest()
|
|
|
|
|
|
def _present(value: Any) -> bool:
|
|
if value is None:
|
|
return False
|
|
if isinstance(value, str):
|
|
return bool(value.strip())
|
|
if isinstance(value, (dict, list)):
|
|
return bool(value)
|
|
return True
|
|
|
|
|
|
def blank_capture_template(packet: dict[str, Any], preflight: dict[str, Any]) -> dict[str, Any]:
|
|
target = packet.get("target") or {}
|
|
return {
|
|
"schema": CAPTURE_SCHEMA,
|
|
"protocol_sha256": packet.get("protocol_sha256"),
|
|
"preflight_state_token_sha256": preflight.get("state_token_sha256"),
|
|
"operator_authorization_text": packet.get("explicit_operator_authorization_text"),
|
|
"operator_authorization_captured_at_utc": "",
|
|
"extra_messages_sent": 0,
|
|
"capture_source": {
|
|
"platform": "telegram",
|
|
"transport": "authenticated_chrome_telegram_ui",
|
|
"chat_label": target.get("chat_label"),
|
|
"chat_id": target.get("chat_id"),
|
|
"captured_at_utc": "",
|
|
"captured_by": "",
|
|
"final_screenshot": "",
|
|
"final_accessibility": "",
|
|
"browser_provenance": "",
|
|
"final_capture_reuses_turn_3": False,
|
|
"final_capture_reuse_reason": "",
|
|
},
|
|
"messages": [
|
|
{
|
|
"sequence": item["sequence"],
|
|
"prompt_id": item["prompt_id"],
|
|
"sent_text": item["message"],
|
|
"reply": "",
|
|
"sent_at_utc": "",
|
|
"reply_at_utc": "",
|
|
"telegram_message_id": "",
|
|
"reply_message_id": "",
|
|
"turn_screenshot": "",
|
|
"turn_accessibility": "",
|
|
}
|
|
for item in packet.get("exact_messages", [])
|
|
],
|
|
}
|
|
|
|
|
|
def _resolve_evidence(path_value: str, evidence_root: Path) -> dict[str, Any]:
|
|
root = evidence_root.resolve()
|
|
if not path_value.strip():
|
|
return {
|
|
"path": path_value,
|
|
"exists": False,
|
|
"contained_in_evidence_root": False,
|
|
"bytes": 0,
|
|
"sha256": "",
|
|
}
|
|
path = Path(path_value)
|
|
if not path.is_absolute():
|
|
path = root / path
|
|
resolved = path.resolve()
|
|
contained = resolved == root or root in resolved.parents
|
|
exists = contained and resolved.is_file()
|
|
return {
|
|
"path": str(resolved),
|
|
"exists": exists,
|
|
"contained_in_evidence_root": contained,
|
|
"bytes": resolved.stat().st_size if exists else 0,
|
|
"sha256": _sha256_file(resolved) if exists else "",
|
|
}
|
|
|
|
|
|
def _inspect_png(evidence: dict[str, Any]) -> dict[str, Any]:
|
|
metadata: dict[str, Any] = {
|
|
"valid_png": False,
|
|
"width": 0,
|
|
"height": 0,
|
|
"bit_depth": 0,
|
|
"color_type": -1,
|
|
"crc_valid": False,
|
|
"pixel_data_valid": False,
|
|
}
|
|
if not evidence.get("exists"):
|
|
return metadata
|
|
data = Path(str(evidence["path"])).read_bytes()
|
|
if not data.startswith(b"\x89PNG\r\n\x1a\n"):
|
|
return metadata
|
|
offset = 8
|
|
chunks: list[tuple[bytes, bytes]] = []
|
|
crc_valid = True
|
|
while offset + 12 <= len(data):
|
|
length = struct.unpack(">I", data[offset : offset + 4])[0]
|
|
chunk_end = offset + 12 + length
|
|
if chunk_end > len(data):
|
|
return metadata
|
|
chunk_type = data[offset + 4 : offset + 8]
|
|
payload = data[offset + 8 : offset + 8 + length]
|
|
expected_crc = struct.unpack(">I", data[offset + 8 + length : chunk_end])[0]
|
|
crc_valid = crc_valid and (zlib.crc32(chunk_type + payload) & 0xFFFFFFFF) == expected_crc
|
|
chunks.append((chunk_type, payload))
|
|
offset = chunk_end
|
|
if chunk_type == b"IEND":
|
|
break
|
|
if not chunks or chunks[0][0] != b"IHDR" or len(chunks[0][1]) != 13:
|
|
return metadata
|
|
if chunks[-1][0] != b"IEND" or offset != len(data):
|
|
return metadata
|
|
width, height, bit_depth, color_type, compression, filtering, interlace = struct.unpack(">IIBBBBB", chunks[0][1])
|
|
idat = b"".join(payload for chunk_type, payload in chunks if chunk_type == b"IDAT")
|
|
channels = {2: 3, 6: 4}.get(color_type)
|
|
pixel_data_valid = False
|
|
if idat and channels and bit_depth == 8 and compression == 0 and filtering == 0 and interlace == 0:
|
|
try:
|
|
pixels = zlib.decompress(idat)
|
|
except zlib.error:
|
|
pixels = b""
|
|
expected_size = height * (1 + width * channels)
|
|
pixel_data_valid = len(pixels) == expected_size
|
|
metadata.update(
|
|
{
|
|
"width": width,
|
|
"height": height,
|
|
"bit_depth": bit_depth,
|
|
"color_type": color_type,
|
|
"crc_valid": crc_valid,
|
|
"pixel_data_valid": pixel_data_valid,
|
|
"valid_png": crc_valid
|
|
and pixel_data_valid
|
|
and width >= MIN_SCREENSHOT_WIDTH
|
|
and height >= MIN_SCREENSHOT_HEIGHT,
|
|
}
|
|
)
|
|
return metadata
|
|
|
|
|
|
def _parse_aware_timestamp(value: Any) -> datetime | None:
|
|
if not isinstance(value, str) or not value.strip():
|
|
return None
|
|
candidate = value.strip()
|
|
if candidate.endswith("Z"):
|
|
candidate = candidate[:-1] + "+00:00"
|
|
try:
|
|
parsed = datetime.fromisoformat(candidate)
|
|
except ValueError:
|
|
return None
|
|
if parsed.tzinfo is None or parsed.utcoffset() is None:
|
|
return None
|
|
return parsed
|
|
|
|
|
|
def _all_true_section(value: Any, *, allow_empty: bool = False) -> bool:
|
|
if not isinstance(value, dict):
|
|
return False
|
|
return (allow_empty or bool(value)) and all(item is True for item in value.values())
|
|
|
|
|
|
def _state_artifact_checks(
|
|
artifact: dict[str, Any],
|
|
*,
|
|
phase: str,
|
|
packet: dict[str, Any],
|
|
packet_path: Path,
|
|
) -> dict[str, bool]:
|
|
baseline_checks_required = phase == "postflight"
|
|
return {
|
|
f"{phase}_schema_supported": artifact.get("schema") == state_collector.SCHEMA,
|
|
f"{phase}_status_and_phase_pass": artifact.get("status") == "pass" and artifact.get("phase") == phase,
|
|
f"{phase}_packet_checks_all_pass": _all_true_section(artifact.get("packet_checks")),
|
|
f"{phase}_remote_checks_all_pass": _all_true_section(artifact.get("remote_checks")),
|
|
f"{phase}_baseline_checks_all_pass": _all_true_section(
|
|
artifact.get("baseline_checks"), allow_empty=not baseline_checks_required
|
|
),
|
|
f"{phase}_state_token_derivation_valid": state_collector.state_token_is_valid(artifact),
|
|
f"{phase}_packet_file_hash_bound": artifact.get("packet_file_sha256") == _sha256_file(packet_path),
|
|
f"{phase}_protocol_bound": artifact.get("protocol_sha256") == packet.get("protocol_sha256"),
|
|
f"{phase}_manifest_bound": artifact.get("manifest_binding") == packet.get("manifest_binding"),
|
|
}
|
|
|
|
|
|
def _capture_messages(capture: dict[str, Any]) -> list[dict[str, Any]]:
|
|
messages = capture.get("messages")
|
|
return [item for item in messages if isinstance(item, dict)] if isinstance(messages, list) else []
|
|
|
|
|
|
def _normalized_text(value: str) -> str:
|
|
return re.sub(r"\s+", " ", value).strip().casefold()
|
|
|
|
|
|
def _accessibility_binds_message(evidence: dict[str, Any], *, sent_text: str, reply: str) -> bool:
|
|
if not evidence.get("exists") or not evidence.get("path"):
|
|
return False
|
|
text = Path(str(evidence["path"])).read_text(encoding="utf-8", errors="replace")
|
|
normalized = _normalized_text(text)
|
|
return _normalized_text(sent_text) in normalized and _normalized_text(reply) in normalized
|
|
|
|
|
|
def _artifact_hash_manifest(
|
|
*,
|
|
final_screenshot: dict[str, Any],
|
|
final_accessibility: dict[str, Any],
|
|
turn_evidence: list[dict[str, Any]],
|
|
) -> dict[str, Any]:
|
|
return {
|
|
"final_screenshot": final_screenshot.get("sha256"),
|
|
"final_accessibility": final_accessibility.get("sha256"),
|
|
"turn_screenshots": [item["screenshot"].get("sha256") for item in turn_evidence],
|
|
"turn_accessibility": [item["accessibility"].get("sha256") for item in turn_evidence],
|
|
}
|
|
|
|
|
|
def _browser_provenance_checks(
|
|
evidence: dict[str, Any],
|
|
*,
|
|
packet: dict[str, Any],
|
|
preflight: dict[str, Any],
|
|
capture: dict[str, Any],
|
|
capture_source: dict[str, Any],
|
|
messages: list[dict[str, Any]],
|
|
artifact_hashes: dict[str, Any],
|
|
) -> tuple[dict[str, bool], dict[str, Any]]:
|
|
provenance: dict[str, Any] = {}
|
|
if evidence.get("exists"):
|
|
try:
|
|
value = _load_json(Path(str(evidence["path"])))
|
|
except (OSError, UnicodeDecodeError, json.JSONDecodeError):
|
|
value = {}
|
|
if isinstance(value, dict):
|
|
provenance = value
|
|
browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {}
|
|
authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {}
|
|
telegram = provenance.get("telegram") if isinstance(provenance.get("telegram"), dict) else {}
|
|
provider_ids = [
|
|
str(browser.get(key) or "") for key in ("browser_id", "session_id", "tab_id", "provider_capture_id")
|
|
]
|
|
packet_serialized = json.dumps(packet, sort_keys=True)
|
|
provenance_serialized = json.dumps(provenance, sort_keys=True)
|
|
capture_serialized = json.dumps(capture, sort_keys=True)
|
|
target = packet.get("target") if isinstance(packet.get("target"), dict) else {}
|
|
page_url = str(browser.get("page_url") or "")
|
|
parsed_url = urlparse(page_url)
|
|
expected_message_ids = [str(item.get("telegram_message_id") or "") for item in messages]
|
|
expected_reply_ids = [str(item.get("reply_message_id") or "") for item in messages]
|
|
authorization_text = str(capture.get("operator_authorization_text") or "")
|
|
checks = {
|
|
"browser_provenance_file_present_and_contained": evidence.get("exists") is True
|
|
and evidence.get("contained_in_evidence_root") is True,
|
|
"browser_provenance_schema_supported": provenance.get("schema") == BROWSER_PROVENANCE_SCHEMA,
|
|
"browser_provenance_status_and_checks_pass": provenance.get("status") == "pass"
|
|
and _all_true_section(provenance.get("checks")),
|
|
"browser_provenance_channel_is_chrome_extension": provenance.get("capture_channel") == "codex_chrome_extension"
|
|
and browser.get("browser_type") == "extension",
|
|
"browser_provenance_sha256_not_self_declared": bool(evidence.get("sha256"))
|
|
and evidence.get("sha256") not in capture_serialized
|
|
and evidence.get("sha256") not in provenance_serialized,
|
|
"browser_provenance_challenge_and_protocol_bound": provenance.get("capture_challenge_nonce")
|
|
== preflight.get("capture_challenge_nonce")
|
|
and provenance.get("protocol_sha256") == packet.get("protocol_sha256"),
|
|
"browser_provider_identifiers_present_and_not_from_packet": all(
|
|
len(value) >= 8 and value not in packet_serialized for value in provider_ids
|
|
)
|
|
and len(set(provider_ids)) == len(provider_ids),
|
|
"browser_observed_telegram_web_origin": parsed_url.scheme == "https"
|
|
and parsed_url.hostname == "web.telegram.org"
|
|
and str(target.get("chat_id") or "") in page_url,
|
|
"browser_observed_exact_chat_identity": telegram.get("chat_id") == target.get("chat_id")
|
|
and telegram.get("chat_label") == target.get("chat_label")
|
|
and str(target.get("chat_label") or "").casefold() in str(browser.get("page_title") or "").casefold(),
|
|
"browser_observed_exact_message_and_reply_ids": telegram.get("message_ids") == expected_message_ids
|
|
and telegram.get("reply_ids") == expected_reply_ids,
|
|
"browser_provenance_artifact_hashes_exact": provenance.get("artifacts") == artifact_hashes,
|
|
"browser_provenance_capture_timestamp_bound": browser.get("captured_at_utc")
|
|
== capture_source.get("captured_at_utc"),
|
|
"authorization_provenance_is_independent_codex_user_message": authorization.get("source")
|
|
== "codex_platform_user_message"
|
|
and all(
|
|
len(str(authorization.get(key) or "")) >= 8 for key in ("thread_id", "user_message_id", "source_receipt_id")
|
|
),
|
|
"authorization_provenance_hash_and_timestamp_bound": authorization.get("text_sha256")
|
|
== hashlib.sha256(authorization_text.encode("utf-8")).hexdigest()
|
|
and authorization.get("captured_at_utc") == capture.get("operator_authorization_captured_at_utc"),
|
|
"authorization_text_not_copied_into_provenance": bool(authorization_text)
|
|
and authorization_text not in provenance_serialized,
|
|
}
|
|
return checks, provenance
|
|
|
|
|
|
def _codex_rollout_provenance_checks(
|
|
rollout_path: Path | None,
|
|
*,
|
|
sessions_root: Path,
|
|
evidence_root: Path,
|
|
packet: dict[str, Any],
|
|
capture: dict[str, Any],
|
|
provenance: dict[str, Any],
|
|
provenance_evidence: dict[str, Any],
|
|
artifact_hashes: dict[str, Any],
|
|
messages: list[dict[str, Any]],
|
|
) -> tuple[dict[str, bool], dict[str, Any]]:
|
|
root = sessions_root.resolve()
|
|
resolved = rollout_path.resolve() if rollout_path is not None else Path()
|
|
contained = bool(rollout_path) and resolved.is_file() and root in resolved.parents
|
|
outside_evidence_root = bool(rollout_path) and evidence_root.resolve() not in resolved.parents
|
|
events: list[dict[str, Any]] = []
|
|
jsonl_valid = contained
|
|
if contained:
|
|
try:
|
|
with resolved.open(encoding="utf-8") as handle:
|
|
for line in handle:
|
|
if not line.strip():
|
|
continue
|
|
value = json.loads(line)
|
|
if not isinstance(value, dict):
|
|
jsonl_valid = False
|
|
continue
|
|
events.append(value)
|
|
except (OSError, UnicodeDecodeError, json.JSONDecodeError):
|
|
jsonl_valid = False
|
|
events = []
|
|
|
|
operator_context = packet.get("operator_context") if isinstance(packet.get("operator_context"), dict) else {}
|
|
authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {}
|
|
browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {}
|
|
thread_id = str(operator_context.get("codex_thread_id") or "")
|
|
authorization_text = str(capture.get("operator_authorization_text") or "")
|
|
user_message_id = str(authorization.get("user_message_id") or "")
|
|
matching_user_events: list[dict[str, Any]] = []
|
|
browser_events: dict[str, dict[str, Any]] = {}
|
|
for event in events:
|
|
payload = event.get("payload") if isinstance(event.get("payload"), dict) else {}
|
|
if event.get("type") == "response_item" and payload.get("type") == "message" and payload.get("role") == "user":
|
|
content = payload.get("content") if isinstance(payload.get("content"), list) else []
|
|
text = "".join(
|
|
str(item.get("text") or "")
|
|
for item in content
|
|
if isinstance(item, dict) and item.get("type") == "input_text"
|
|
)
|
|
metadata = (
|
|
payload.get("internal_chat_message_metadata_passthrough")
|
|
if isinstance(payload.get("internal_chat_message_metadata_passthrough"), dict)
|
|
else {}
|
|
)
|
|
if text == authorization_text and metadata.get("turn_id") == user_message_id:
|
|
matching_user_events.append(event)
|
|
if event.get("type") == "event_msg" and payload.get("type") == "mcp_tool_call_end":
|
|
call_id = str(payload.get("call_id") or "")
|
|
if call_id:
|
|
browser_events[call_id] = event
|
|
|
|
user_event = matching_user_events[0] if len(matching_user_events) == 1 else {}
|
|
session_meta_ids = [
|
|
str((event.get("payload") or {}).get("id") or "")
|
|
for event in events
|
|
if event.get("type") == "session_meta" and isinstance(event.get("payload"), dict)
|
|
]
|
|
user_event_sha256 = (
|
|
hashlib.sha256(json.dumps(user_event, sort_keys=True, separators=(",", ":")).encode("utf-8")).hexdigest()
|
|
if user_event
|
|
else ""
|
|
)
|
|
turn_call_ids = provenance.get("turn_capture_call_ids")
|
|
turn_call_ids = [str(value) for value in turn_call_ids] if isinstance(turn_call_ids, list) else []
|
|
final_call_id = str(provenance.get("final_capture_call_id") or "")
|
|
reuse_final = (capture.get("capture_source") or {}).get("final_capture_reuses_turn_3") is True
|
|
call_id_shape_valid = (
|
|
len(turn_call_ids) == 3
|
|
and all(len(value) >= 8 for value in turn_call_ids)
|
|
and len(set(turn_call_ids)) == 3
|
|
and len(final_call_id) >= 8
|
|
and (
|
|
(reuse_final and final_call_id == turn_call_ids[2])
|
|
or (not reuse_final and final_call_id not in turn_call_ids)
|
|
)
|
|
)
|
|
expected_call_ids = set(turn_call_ids + ([final_call_id] if final_call_id else []))
|
|
selected_events = {call_id: browser_events.get(call_id, {}) for call_id in expected_call_ids}
|
|
|
|
def browser_event_parts(event: dict[str, Any]) -> tuple[dict[str, Any], str, datetime | None]:
|
|
payload = event.get("payload") if isinstance(event.get("payload"), dict) else {}
|
|
result = payload.get("result") if isinstance(payload.get("result"), dict) else {}
|
|
ok = result.get("Ok") if isinstance(result.get("Ok"), dict) else {}
|
|
meta = ok.get("_meta") if isinstance(ok.get("_meta"), dict) else {}
|
|
surface = meta.get("codex/toolSurface") if isinstance(meta.get("codex/toolSurface"), dict) else {}
|
|
content = ok.get("content") if isinstance(ok.get("content"), list) else []
|
|
result_text = "\n".join(
|
|
str(item.get("text") or "") for item in content if isinstance(item, dict) and item.get("type") == "text"
|
|
)
|
|
return surface, result_text, _parse_aware_timestamp(event.get("timestamp"))
|
|
|
|
event_parts = {call_id: browser_event_parts(event) for call_id, event in selected_events.items()}
|
|
browser_id = str(browser.get("browser_id") or "")
|
|
tab_id = str(browser.get("tab_id") or "")
|
|
all_events_are_chrome = bool(expected_call_ids) and all(
|
|
event
|
|
and parts[0].get("backend") == "chrome"
|
|
and parts[0].get("kind") == "browserUse"
|
|
and parts[0].get("browserId") == browser_id
|
|
and tab_id in (parts[0].get("openTabIds") or [])
|
|
for call_id, event in selected_events.items()
|
|
for parts in [event_parts[call_id]]
|
|
)
|
|
all_events_invoked_capture_apis = (
|
|
bool(expected_call_ids)
|
|
and all(
|
|
event
|
|
and "screenshot("
|
|
in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "")
|
|
and "domSnapshot("
|
|
in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "")
|
|
and ".url("
|
|
in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "")
|
|
and ".title("
|
|
in str((((event.get("payload") or {}).get("invocation") or {}).get("arguments") or {}).get("code") or "")
|
|
for event in selected_events.values()
|
|
)
|
|
and len(selected_events) == len(expected_call_ids)
|
|
)
|
|
turn_receipts_bound = len(turn_call_ids) == len(messages) == 3 and all(
|
|
call_id in event_parts
|
|
and all(
|
|
value in event_parts[call_id][1]
|
|
for value in (
|
|
artifact_hashes["turn_screenshots"][index],
|
|
artifact_hashes["turn_accessibility"][index],
|
|
str(message.get("telegram_message_id") or ""),
|
|
str(message.get("reply_message_id") or ""),
|
|
str(browser.get("page_url") or ""),
|
|
str(browser.get("page_title") or ""),
|
|
str((packet.get("target") or {}).get("chat_id") or ""),
|
|
)
|
|
)
|
|
for index, (call_id, message) in enumerate(zip(turn_call_ids, messages, strict=True))
|
|
)
|
|
final_receipt_text = event_parts.get(final_call_id, ({}, "", None))[1]
|
|
final_receipt_bound = bool(final_receipt_text) and all(
|
|
value in final_receipt_text
|
|
for value in (
|
|
str(artifact_hashes.get("final_screenshot") or ""),
|
|
str(artifact_hashes.get("final_accessibility") or ""),
|
|
str(provenance_evidence.get("sha256") or ""),
|
|
*(str(item.get("telegram_message_id") or "") for item in messages),
|
|
*(str(item.get("reply_message_id") or "") for item in messages),
|
|
)
|
|
)
|
|
event_times = [event_parts.get(call_id, ({}, "", None))[2] for call_id in turn_call_ids]
|
|
final_event_at = event_parts.get(final_call_id, ({}, "", None))[2]
|
|
send_times = [_parse_aware_timestamp(item.get("sent_at_utc")) for item in messages]
|
|
reply_times = [_parse_aware_timestamp(item.get("reply_at_utc")) for item in messages]
|
|
browser_event_order_valid = all(
|
|
value is not None for value in (*event_times, final_event_at, *send_times, *reply_times)
|
|
)
|
|
if browser_event_order_valid:
|
|
browser_event_order_valid = bool(
|
|
reply_times[0] < event_times[0] < send_times[1]
|
|
and reply_times[1] < event_times[1] < send_times[2]
|
|
and reply_times[2] < event_times[2]
|
|
and (
|
|
(reuse_final and final_event_at == event_times[2])
|
|
or (not reuse_final and event_times[2] < final_event_at)
|
|
)
|
|
)
|
|
authorization_event_at = _parse_aware_timestamp(user_event.get("timestamp")) if user_event else None
|
|
capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {}
|
|
checks = {
|
|
"codex_rollout_log_is_trusted_external_file": contained
|
|
and outside_evidence_root
|
|
and thread_id in resolved.name,
|
|
"codex_rollout_log_jsonl_valid": jsonl_valid and bool(events),
|
|
"codex_rollout_session_meta_matches_thread": session_meta_ids == [thread_id],
|
|
"codex_rollout_has_exact_single_authorization_event": len(matching_user_events) == 1,
|
|
"codex_authorization_event_bound_to_provenance": authorization.get("thread_id") == thread_id
|
|
and authorization.get("source_receipt_id") == user_event_sha256
|
|
and user_event.get("timestamp") == capture.get("operator_authorization_captured_at_utc"),
|
|
"codex_rollout_capture_call_ids_valid": call_id_shape_valid,
|
|
"codex_rollout_capture_events_are_chrome_backend": all_events_are_chrome,
|
|
"codex_rollout_capture_events_invoked_screenshot_and_dom_snapshot": all_events_invoked_capture_apis,
|
|
"codex_rollout_turn_receipts_bind_artifacts_and_telegram_ids": turn_receipts_bound,
|
|
"codex_rollout_final_receipt_binds_provenance_artifacts_and_all_ids": final_receipt_bound,
|
|
"codex_rollout_capture_event_order_valid": browser_event_order_valid,
|
|
"codex_rollout_final_event_timestamp_bound": final_event_at is not None
|
|
and capture_source.get("captured_at_utc") == (selected_events.get(final_call_id) or {}).get("timestamp")
|
|
and browser.get("captured_at_utc") == (selected_events.get(final_call_id) or {}).get("timestamp"),
|
|
"codex_rollout_authorization_timestamp_is_aware": authorization_event_at is not None,
|
|
}
|
|
evidence = {
|
|
"path": str(resolved) if rollout_path else "",
|
|
"sha256": _sha256_file(resolved) if contained else "",
|
|
"thread_id": thread_id,
|
|
"authorization_turn_id": user_message_id,
|
|
"turn_capture_call_ids": turn_call_ids,
|
|
"final_capture_call_id": final_call_id,
|
|
"turn_capture_timestamps": [(selected_events.get(call_id) or {}).get("timestamp") for call_id in turn_call_ids],
|
|
"final_capture_timestamp": (selected_events.get(final_call_id) or {}).get("timestamp"),
|
|
}
|
|
return checks, evidence
|
|
|
|
|
|
def _timeline_checks(
|
|
preflight: dict[str, Any],
|
|
capture: dict[str, Any],
|
|
postflight: dict[str, Any],
|
|
provenance: dict[str, Any],
|
|
messages: list[dict[str, Any]],
|
|
) -> tuple[dict[str, bool], dict[str, Any]]:
|
|
capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {}
|
|
browser = provenance.get("browser") if isinstance(provenance.get("browser"), dict) else {}
|
|
authorization = provenance.get("authorization") if isinstance(provenance.get("authorization"), dict) else {}
|
|
preflight_at = _parse_aware_timestamp(preflight.get("generated_at_utc"))
|
|
authorization_at = _parse_aware_timestamp(capture.get("operator_authorization_captured_at_utc"))
|
|
send_times = [_parse_aware_timestamp(item.get("sent_at_utc")) for item in messages]
|
|
reply_times = [_parse_aware_timestamp(item.get("reply_at_utc")) for item in messages]
|
|
final_capture_at = _parse_aware_timestamp(capture_source.get("captured_at_utc"))
|
|
postflight_at = _parse_aware_timestamp(postflight.get("generated_at_utc"))
|
|
browser_capture_at = _parse_aware_timestamp(browser.get("captured_at_utc"))
|
|
authorization_provenance_at = _parse_aware_timestamp(authorization.get("captured_at_utc"))
|
|
timestamps = [
|
|
preflight_at,
|
|
authorization_at,
|
|
*send_times,
|
|
*reply_times,
|
|
final_capture_at,
|
|
postflight_at,
|
|
browser_capture_at,
|
|
authorization_provenance_at,
|
|
]
|
|
valid = len(messages) == 3 and all(value is not None for value in timestamps)
|
|
strict_turn_order = False
|
|
preflight_before_authorization = False
|
|
authorization_before_first_send = False
|
|
final_after_reply3 = False
|
|
postflight_after_reply3 = False
|
|
if valid:
|
|
assert preflight_at is not None
|
|
assert authorization_at is not None
|
|
assert final_capture_at is not None
|
|
assert postflight_at is not None
|
|
ordered_turns = [
|
|
send_times[0],
|
|
reply_times[0],
|
|
send_times[1],
|
|
reply_times[1],
|
|
send_times[2],
|
|
reply_times[2],
|
|
]
|
|
strict_turn_order = all(left < right for left, right in pairwise(ordered_turns))
|
|
preflight_before_authorization = preflight_at < authorization_at
|
|
authorization_before_first_send = authorization_at < send_times[0]
|
|
final_after_reply3 = reply_times[2] < final_capture_at
|
|
postflight_after_reply3 = reply_times[2] < postflight_at
|
|
checks = {
|
|
"timestamps_valid_and_timezone_aware": valid,
|
|
"preflight_before_captured_authorization": preflight_before_authorization,
|
|
"captured_authorization_before_first_send": authorization_before_first_send,
|
|
"strict_send_reply_turn_order": strict_turn_order,
|
|
"final_capture_after_third_reply": final_after_reply3,
|
|
"postflight_after_third_reply": postflight_after_reply3,
|
|
}
|
|
timeline = {
|
|
"preflight": preflight.get("generated_at_utc"),
|
|
"authorization": capture.get("operator_authorization_captured_at_utc"),
|
|
"turns": [
|
|
{"sent_at_utc": item.get("sent_at_utc"), "reply_at_utc": item.get("reply_at_utc")} for item in messages
|
|
],
|
|
"final_capture": capture_source.get("captured_at_utc"),
|
|
"postflight": postflight.get("generated_at_utc"),
|
|
}
|
|
return checks, timeline
|
|
|
|
|
|
def _subject_match(postflight: dict[str, Any]) -> dict[str, Any]:
|
|
subject = (postflight.get("remote") or {}).get("subject_readback") or {}
|
|
matches = subject.get("matches") if isinstance(subject, dict) else []
|
|
return matches[0] if isinstance(matches, list) and len(matches) == 1 else {}
|
|
|
|
|
|
def _semantic_checks(replies: list[str], *, subject_ref: str, subject_match: dict[str, Any]) -> dict[str, bool]:
|
|
if len(replies) != 3:
|
|
return {
|
|
"visible_db_object_selected_without_operator_id": False,
|
|
"visible_weak_support_explained": False,
|
|
"same_subject_survived_challenge": False,
|
|
"assumption_support_and_falsifier_separated": False,
|
|
"multiple_review_only_candidates_proposed": False,
|
|
"objection_revised_candidate": False,
|
|
"resolving_source_named": False,
|
|
"review_approval_apply_boundary_explicit": False,
|
|
"reply_claimed_no_mutation": False,
|
|
"independent_db_object_matches_visible_subject": False,
|
|
}
|
|
first, second, third = replies
|
|
first_refs = unseen._short_refs(first)
|
|
second_refs = unseen._short_refs(second)
|
|
shared_terms = unseen._shared_subject_terms(first, second)
|
|
selected = subject_ref[:8].casefold() if subject_ref else ""
|
|
visible_subject = bool(selected and (selected in first.casefold() or selected in second.casefold()))
|
|
same_subject = bool(
|
|
visible_subject
|
|
and (
|
|
(selected in first.casefold() and selected in second.casefold())
|
|
or first_refs & second_refs
|
|
or len(shared_terms) >= 2
|
|
)
|
|
)
|
|
row = subject_match.get("row") if isinstance(subject_match.get("row"), dict) else {}
|
|
row_id = str(row.get("id") or "").casefold()
|
|
proposals = unseen._contains(second, "proposal a", "proposal b") or (
|
|
unseen._contains_any(second, "two proposals", "two replacement claims") and "1" in second and "2" in second
|
|
)
|
|
return {
|
|
"visible_db_object_selected_without_operator_id": unseen._contains_any(first, "claim", "belief", "axiom")
|
|
and unseen._contains_any(first, "database", "db", "public.")
|
|
and unseen._contains_any(first, "confidence", "support", "evidence"),
|
|
"visible_weak_support_explained": unseen._contains_any(
|
|
first,
|
|
"nothing supports",
|
|
"zero evidence",
|
|
"no evidence",
|
|
"no claim-evidence",
|
|
"no_source_pointer",
|
|
"no external primary source",
|
|
),
|
|
"same_subject_survived_challenge": same_subject,
|
|
"assumption_support_and_falsifier_separated": unseen._contains_any(second, "assumption")
|
|
and unseen._contains_any(second, "observed support", "evidence")
|
|
and unseen._contains_any(second, "falsifier", "counterexample", "would falsify"),
|
|
"multiple_review_only_candidates_proposed": proposals
|
|
and unseen._contains_any(second, "review", "staged", "proposal")
|
|
and unseen._contains_any(
|
|
second,
|
|
"nothing applied",
|
|
"not live knowledge",
|
|
"staged only",
|
|
"not an apply",
|
|
),
|
|
"objection_revised_candidate": unseen._contains_any(third, "revised proposal", "revision")
|
|
and unseen._contains(third, "mechanism", "outcome"),
|
|
"resolving_source_named": unseen._contains_any(
|
|
third, "what would resolve", "source would resolve", "evidence would resolve"
|
|
)
|
|
and unseen._contains_any(
|
|
third,
|
|
"study",
|
|
"dataset",
|
|
"source",
|
|
"randomized",
|
|
"quasi-experimental",
|
|
"replication",
|
|
"ostrom",
|
|
),
|
|
"review_approval_apply_boundary_explicit": unseen._contains_any(
|
|
third, "review", "pending_review", "human review"
|
|
)
|
|
and unseen._contains_any(third, "approve", "approved", "approval")
|
|
and unseen._contains_any(third, "apply", "applied_at", "canonical"),
|
|
"reply_claimed_no_mutation": unseen._contains_any(
|
|
third,
|
|
"not an apply",
|
|
"nothing staged or changed",
|
|
"canonical unchanged",
|
|
"staged intent, not knowledge",
|
|
"proposal (not an apply)",
|
|
),
|
|
"independent_db_object_matches_visible_subject": bool(
|
|
visible_subject and row_id and row_id.startswith(selected)
|
|
),
|
|
}
|
|
|
|
|
|
def verify_capture(
|
|
packet: dict[str, Any],
|
|
preflight: dict[str, Any],
|
|
capture: dict[str, Any] | None,
|
|
postflight: dict[str, Any] | None,
|
|
*,
|
|
packet_path: Path,
|
|
evidence_root: Path,
|
|
codex_rollout_log: Path | None = None,
|
|
codex_sessions_root: Path = DEFAULT_CODEX_SESSIONS_ROOT,
|
|
) -> dict[str, Any]:
|
|
if capture is None:
|
|
packet_integrity = state_collector.packet_checks(packet)
|
|
preflight_integrity = _state_artifact_checks(
|
|
preflight,
|
|
phase="preflight",
|
|
packet=packet,
|
|
packet_path=packet_path,
|
|
)
|
|
ready = all(packet_integrity.values()) and all(preflight_integrity.values())
|
|
return {
|
|
"schema": SCHEMA,
|
|
"generated_at_utc": datetime.now(timezone.utc).isoformat(),
|
|
"mode": "telegram_visible_unseen_chain_capture_verifier",
|
|
"status": "awaiting_action_time_authorization" if ready else "fail",
|
|
"receipt_ready": False,
|
|
"current_tier": "T0_packet_plus_T3_preflight" if ready else "T0_failed_preflight",
|
|
"required_tier": "T3_live_readonly",
|
|
"telegram_visible_messages_sent": False,
|
|
"mutates_db": False,
|
|
"packet_path": str(packet_path),
|
|
"preflight_path": str(DEFAULT_PREFLIGHT),
|
|
"postflight_path": str(DEFAULT_POSTFLIGHT),
|
|
"capture_template": blank_capture_template(packet, preflight),
|
|
"checks": {
|
|
**packet_integrity,
|
|
**preflight_integrity,
|
|
"action_time_authorization_present": False,
|
|
"capture_present": False,
|
|
"postflight_present": False,
|
|
},
|
|
"claim_ceiling": {
|
|
"proven": (
|
|
"The exact packet and live zero-mutation preflight are ready."
|
|
if ready
|
|
else "No readiness claim; packet or preflight integrity validation failed."
|
|
),
|
|
"not_proven": [
|
|
"Telegram-visible message delivery",
|
|
"Telegram-visible Leo replies",
|
|
"post-send fingerprint equality",
|
|
],
|
|
},
|
|
}
|
|
|
|
messages = _capture_messages(capture)
|
|
expected = packet.get("exact_messages") or []
|
|
capture_source = capture.get("capture_source") if isinstance(capture.get("capture_source"), dict) else {}
|
|
replies = [str(item.get("reply") or "") for item in messages]
|
|
ids = [str(item.get("telegram_message_id") or "") for item in messages]
|
|
reply_ids = [str(item.get("reply_message_id") or "") for item in messages]
|
|
screenshot = _resolve_evidence(str(capture_source.get("final_screenshot") or ""), evidence_root)
|
|
screenshot["png"] = _inspect_png(screenshot)
|
|
accessibility = _resolve_evidence(str(capture_source.get("final_accessibility") or ""), evidence_root)
|
|
turn_evidence = [
|
|
{
|
|
"prompt_id": item.get("prompt_id"),
|
|
"screenshot": _resolve_evidence(str(item.get("turn_screenshot") or ""), evidence_root),
|
|
"accessibility": _resolve_evidence(str(item.get("turn_accessibility") or ""), evidence_root),
|
|
}
|
|
for item in messages
|
|
]
|
|
for evidence in turn_evidence:
|
|
evidence["screenshot"]["png"] = _inspect_png(evidence["screenshot"])
|
|
browser_provenance_evidence = _resolve_evidence(str(capture_source.get("browser_provenance") or ""), evidence_root)
|
|
artifact_hashes = _artifact_hash_manifest(
|
|
final_screenshot=screenshot,
|
|
final_accessibility=accessibility,
|
|
turn_evidence=turn_evidence,
|
|
)
|
|
postflight = postflight or {}
|
|
subject_ref = str(postflight.get("subject_ref") or "")
|
|
subject_match = _subject_match(postflight)
|
|
semantics = _semantic_checks(replies, subject_ref=subject_ref, subject_match=subject_match)
|
|
pre_fingerprint = (preflight.get("remote") or {}).get("fingerprint_after") or {}
|
|
post_fingerprint = (postflight.get("remote") or {}).get("fingerprint_after") or {}
|
|
pre_service = (preflight.get("remote") or {}).get("service_after") or {}
|
|
post_service = (postflight.get("remote") or {}).get("service_after") or {}
|
|
service_keys = ("MainPID", "NRestarts", "ExecMainStartTimestamp")
|
|
handler_binding = packet.get("handler_receipt_binding") or {}
|
|
handler_path = Path(str(handler_binding.get("path") or ""))
|
|
if not handler_path.is_absolute():
|
|
handler_path = evidence_root / handler_path
|
|
expected_ids = [str(item.get("prompt_id") or "") for item in expected]
|
|
actual_ids = [str(item.get("prompt_id") or "") for item in messages]
|
|
packet_integrity = state_collector.packet_checks(packet)
|
|
preflight_integrity = _state_artifact_checks(
|
|
preflight,
|
|
phase="preflight",
|
|
packet=packet,
|
|
packet_path=packet_path,
|
|
)
|
|
postflight_integrity = _state_artifact_checks(
|
|
postflight,
|
|
phase="postflight",
|
|
packet=packet,
|
|
packet_path=packet_path,
|
|
)
|
|
browser_checks, browser_provenance = _browser_provenance_checks(
|
|
browser_provenance_evidence,
|
|
packet=packet,
|
|
preflight=preflight,
|
|
capture=capture,
|
|
capture_source=capture_source,
|
|
messages=messages,
|
|
artifact_hashes=artifact_hashes,
|
|
)
|
|
codex_rollout_checks, codex_rollout_evidence = _codex_rollout_provenance_checks(
|
|
codex_rollout_log,
|
|
sessions_root=codex_sessions_root,
|
|
evidence_root=evidence_root,
|
|
packet=packet,
|
|
capture=capture,
|
|
provenance=browser_provenance,
|
|
provenance_evidence=browser_provenance_evidence,
|
|
artifact_hashes=artifact_hashes,
|
|
messages=messages,
|
|
)
|
|
timeline_checks, timeline = _timeline_checks(
|
|
preflight,
|
|
capture,
|
|
postflight,
|
|
browser_provenance,
|
|
messages,
|
|
)
|
|
turn_screenshot_hashes = [item["screenshot"]["sha256"] for item in turn_evidence]
|
|
turn_accessibility_hashes = [item["accessibility"]["sha256"] for item in turn_evidence]
|
|
final_matches_earlier_turn = (
|
|
screenshot.get("sha256") in turn_screenshot_hashes[:2]
|
|
or accessibility.get("sha256") in turn_accessibility_hashes[:2]
|
|
)
|
|
final_matches_turn_three = bool(
|
|
len(turn_evidence) == 3
|
|
and (
|
|
screenshot.get("sha256") == turn_screenshot_hashes[2]
|
|
or accessibility.get("sha256") == turn_accessibility_hashes[2]
|
|
)
|
|
)
|
|
final_reuse_documented = capture_source.get("final_capture_reuses_turn_3") is True and _present(
|
|
capture_source.get("final_capture_reuse_reason")
|
|
)
|
|
final_reuse_policy_satisfied = not final_matches_earlier_turn and (
|
|
(final_matches_turn_three and final_reuse_documented)
|
|
or (
|
|
not final_matches_turn_three
|
|
and capture_source.get("final_capture_reuses_turn_3") is False
|
|
and not _present(capture_source.get("final_capture_reuse_reason"))
|
|
)
|
|
)
|
|
checks = {
|
|
**packet_integrity,
|
|
**preflight_integrity,
|
|
**postflight_integrity,
|
|
**browser_checks,
|
|
**codex_rollout_checks,
|
|
**timeline_checks,
|
|
"capture_schema_supported": capture.get("schema") == CAPTURE_SCHEMA,
|
|
"packet_ready": packet.get("ready_to_request_action_time_authorization") is True,
|
|
"packet_file_hash_matches_preflight": _sha256_file(packet_path) == preflight.get("packet_file_sha256"),
|
|
"handler_receipt_binding_unchanged": handler_path.is_file()
|
|
and _sha256_file(handler_path) == handler_binding.get("sha256"),
|
|
"protocol_bound_across_all_artifacts": capture.get("protocol_sha256")
|
|
== preflight.get("protocol_sha256")
|
|
== postflight.get("protocol_sha256")
|
|
== packet.get("protocol_sha256"),
|
|
"preflight_state_token_bound_to_capture_and_postflight": capture.get("preflight_state_token_sha256")
|
|
== preflight.get("state_token_sha256")
|
|
== postflight.get("baseline_state_token_sha256"),
|
|
"preflight_challenge_bound_to_postflight": bool(
|
|
SHA64_RE.fullmatch(str(preflight.get("capture_challenge_nonce") or ""))
|
|
)
|
|
and preflight.get("capture_challenge_nonce") == postflight.get("capture_challenge_nonce"),
|
|
"exact_action_time_authorization_captured": capture.get("operator_authorization_text")
|
|
== packet.get("explicit_operator_authorization_text")
|
|
and _present(capture.get("operator_authorization_captured_at_utc")),
|
|
"authenticated_chrome_transport_declared": capture_source.get("platform") == "telegram"
|
|
and capture_source.get("transport") == "authenticated_chrome_telegram_ui",
|
|
"bot_api_not_substituted": "bot_api" not in json.dumps(capture_source).casefold(),
|
|
"exact_destination_matches": capture_source.get("chat_label") == (packet.get("target") or {}).get("chat_label")
|
|
and capture_source.get("chat_id") == (packet.get("target") or {}).get("chat_id"),
|
|
"exact_three_messages_and_no_extras": len(messages) == len(expected) == 3
|
|
and capture.get("extra_messages_sent") == 0,
|
|
"prompt_ids_and_sequence_exact": actual_ids == expected_ids
|
|
and [item.get("sequence") for item in messages] == [1, 2, 3],
|
|
"sent_text_exact": [item.get("sent_text") for item in messages] == [item.get("message") for item in expected],
|
|
"visible_replies_nonempty": len(replies) == 3 and all(reply.strip() for reply in replies),
|
|
"message_and_reply_ids_present_unique": all(ids)
|
|
and all(reply_ids)
|
|
and len(set(ids)) == 3
|
|
and len(set(reply_ids)) == 3
|
|
and set(ids).isdisjoint(reply_ids),
|
|
"capture_metadata_present": all(
|
|
_present(capture_source.get(key)) for key in ("captured_at_utc", "captured_by")
|
|
),
|
|
"all_evidence_paths_contained_in_root": all(
|
|
item.get("contained_in_evidence_root") is True
|
|
for item in (
|
|
screenshot,
|
|
accessibility,
|
|
browser_provenance_evidence,
|
|
*(turn["screenshot"] for turn in turn_evidence),
|
|
*(turn["accessibility"] for turn in turn_evidence),
|
|
)
|
|
),
|
|
"visual_evidence_files_present": screenshot["exists"]
|
|
and screenshot["bytes"] > 0
|
|
and accessibility["exists"]
|
|
and accessibility["bytes"] > 0
|
|
and len(turn_evidence) == 3
|
|
and all(
|
|
item["screenshot"]["exists"]
|
|
and item["screenshot"]["bytes"] > 0
|
|
and item["accessibility"]["exists"]
|
|
and item["accessibility"]["bytes"] > 0
|
|
for item in turn_evidence
|
|
),
|
|
"screenshots_are_valid_png_with_metadata": screenshot["png"]["valid_png"] is True
|
|
and len(turn_evidence) == 3
|
|
and all(item["screenshot"]["png"]["valid_png"] is True for item in turn_evidence),
|
|
"per_turn_screenshot_hashes_distinct_nonempty": len(turn_screenshot_hashes) == 3
|
|
and all(SHA64_RE.fullmatch(value) for value in turn_screenshot_hashes)
|
|
and len(set(turn_screenshot_hashes)) == 3,
|
|
"per_turn_accessibility_hashes_distinct_nonempty": len(turn_accessibility_hashes) == 3
|
|
and all(SHA64_RE.fullmatch(value) for value in turn_accessibility_hashes)
|
|
and len(set(turn_accessibility_hashes)) == 3,
|
|
"final_capture_reuse_policy_satisfied": final_reuse_policy_satisfied,
|
|
"turn_accessibility_binds_exact_messages_and_replies": len(turn_evidence) == len(messages) == 3
|
|
and all(
|
|
_accessibility_binds_message(
|
|
evidence["accessibility"],
|
|
sent_text=str(message.get("sent_text") or ""),
|
|
reply=str(message.get("reply") or ""),
|
|
)
|
|
for evidence, message in zip(turn_evidence, messages, strict=True)
|
|
),
|
|
"canonical_fingerprint_unchanged_from_preflight": bool(
|
|
pre_fingerprint.get("fingerprint_sha256")
|
|
and pre_fingerprint.get("fingerprint_sha256") == post_fingerprint.get("fingerprint_sha256")
|
|
),
|
|
"gateway_process_unchanged_from_preflight": all(
|
|
pre_service.get(key) == post_service.get(key) for key in service_keys
|
|
),
|
|
**semantics,
|
|
}
|
|
outcomes = {
|
|
"telegram_visible_three_turn_chain": all(
|
|
checks[key]
|
|
for key in (
|
|
"authenticated_chrome_transport_declared",
|
|
"browser_provenance_channel_is_chrome_extension",
|
|
"codex_rollout_has_exact_single_authorization_event",
|
|
"codex_rollout_capture_events_are_chrome_backend",
|
|
"codex_rollout_turn_receipts_bind_artifacts_and_telegram_ids",
|
|
"codex_rollout_final_receipt_binds_provenance_artifacts_and_all_ids",
|
|
"codex_rollout_capture_event_order_valid",
|
|
"browser_observed_telegram_web_origin",
|
|
"browser_observed_exact_chat_identity",
|
|
"browser_observed_exact_message_and_reply_ids",
|
|
"authorization_provenance_hash_and_timestamp_bound",
|
|
"exact_destination_matches",
|
|
"exact_three_messages_and_no_extras",
|
|
"sent_text_exact",
|
|
"visible_replies_nonempty",
|
|
"strict_send_reply_turn_order",
|
|
"screenshots_are_valid_png_with_metadata",
|
|
"per_turn_screenshot_hashes_distinct_nonempty",
|
|
"per_turn_accessibility_hashes_distinct_nonempty",
|
|
"final_capture_reuse_policy_satisfied",
|
|
"visual_evidence_files_present",
|
|
"turn_accessibility_binds_exact_messages_and_replies",
|
|
)
|
|
),
|
|
"visible_db_grounded_challenge": all(
|
|
checks[key]
|
|
for key in (
|
|
"visible_db_object_selected_without_operator_id",
|
|
"visible_weak_support_explained",
|
|
"same_subject_survived_challenge",
|
|
"assumption_support_and_falsifier_separated",
|
|
"independent_db_object_matches_visible_subject",
|
|
)
|
|
),
|
|
"visible_review_only_revision": all(
|
|
checks[key]
|
|
for key in (
|
|
"multiple_review_only_candidates_proposed",
|
|
"objection_revised_candidate",
|
|
"resolving_source_named",
|
|
"review_approval_apply_boundary_explicit",
|
|
"reply_claimed_no_mutation",
|
|
)
|
|
),
|
|
"canonical_state_unchanged": checks["canonical_fingerprint_unchanged_from_preflight"],
|
|
}
|
|
passed = all(checks.values()) and all(outcomes.values())
|
|
return {
|
|
"schema": SCHEMA,
|
|
"generated_at_utc": datetime.now(timezone.utc).isoformat(),
|
|
"mode": "telegram_visible_unseen_chain_capture_verifier",
|
|
"status": "pass" if passed else "fail",
|
|
"receipt_ready": passed,
|
|
"current_tier": "T3_live_readonly" if passed else "T2_or_lower_incomplete_visible_proof",
|
|
"required_tier": "T3_live_readonly",
|
|
"telegram_visible_messages_sent": passed,
|
|
"capture_claimed_messages_sent": True,
|
|
"production_apply_executed": False,
|
|
"mutates_db": False,
|
|
"packet_path": str(packet_path),
|
|
"checks": checks,
|
|
"outcomes": outcomes,
|
|
"selected_subject": {
|
|
"ref": subject_ref,
|
|
"table": subject_match.get("table"),
|
|
"row_id": (subject_match.get("row") or {}).get("id"),
|
|
},
|
|
"evidence": {
|
|
"final_screenshot": screenshot,
|
|
"final_accessibility": accessibility,
|
|
"turn_evidence": turn_evidence,
|
|
"browser_provenance": browser_provenance_evidence,
|
|
"browser_provider_identifiers": browser_provenance.get("browser"),
|
|
"codex_rollout_provenance": codex_rollout_evidence,
|
|
"timeline": timeline,
|
|
"final_capture_reuses_turn_3": capture_source.get("final_capture_reuses_turn_3"),
|
|
"final_capture_reuse_reason": capture_source.get("final_capture_reuse_reason"),
|
|
"telegram_message_ids": ids,
|
|
"telegram_reply_ids": reply_ids,
|
|
"preflight_state_token_sha256": preflight.get("state_token_sha256"),
|
|
"postflight_state_token_sha256": postflight.get("state_token_sha256"),
|
|
"canonical_fingerprint_sha256": post_fingerprint.get("fingerprint_sha256"),
|
|
},
|
|
"claim_ceiling": {
|
|
"proven": (
|
|
"One exact authenticated-Chrome Telegram chain visibly selected and challenged a DB object, "
|
|
"proposed and revised review-only knowledge, preserved the approval/apply boundary, and left the "
|
|
"canonical fingerprint unchanged."
|
|
if passed
|
|
else "No T3 claim; at least one visible, semantic, binding, or state check failed."
|
|
),
|
|
"not_proven": [
|
|
"canonical proposal staging or apply",
|
|
"agent-to-agent review",
|
|
"GCP runtime parity for the Telegram-visible chain",
|
|
],
|
|
},
|
|
}
|
|
|
|
|
|
def write_json(path: Path, data: dict[str, Any]) -> None:
|
|
path.parent.mkdir(parents=True, exist_ok=True)
|
|
path.write_text(json.dumps(data, indent=2, sort_keys=True) + "\n", encoding="utf-8")
|
|
|
|
|
|
def write_markdown(path: Path, data: dict[str, Any]) -> None:
|
|
lines = [
|
|
"# Telegram-Visible Unseen Chain Capture Receipt",
|
|
"",
|
|
f"Generated UTC: `{data['generated_at_utc']}`",
|
|
f"Status: `{data['status']}`",
|
|
f"Receipt ready: `{data['receipt_ready']}`",
|
|
f"Current tier: `{data['current_tier']}`",
|
|
f"Required tier: `{data['required_tier']}`",
|
|
f"Telegram-visible messages sent: `{data['telegram_visible_messages_sent']}`",
|
|
f"Mutates DB: `{data['mutates_db']}`",
|
|
"",
|
|
"## Checks",
|
|
"",
|
|
]
|
|
lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data.get("checks", {}).items()))
|
|
if data.get("capture_template"):
|
|
lines.extend(
|
|
[
|
|
"",
|
|
"## Awaiting Authorized Capture",
|
|
"",
|
|
"The packet and preflight are ready. No Telegram message has been sent by this verifier.",
|
|
"A future T3 receipt also requires the exact platform authorization event and Chrome-backend capture receipts from the bound Codex rollout log.",
|
|
]
|
|
)
|
|
lines.extend(
|
|
[
|
|
"",
|
|
"## Claim Ceiling",
|
|
"",
|
|
data["claim_ceiling"]["proven"],
|
|
"",
|
|
]
|
|
)
|
|
path.parent.mkdir(parents=True, exist_ok=True)
|
|
path.write_text("\n".join(lines), encoding="utf-8")
|
|
|
|
|
|
def parse_args(argv: list[str] | None = None) -> argparse.Namespace:
|
|
parser = argparse.ArgumentParser(description=__doc__)
|
|
parser.add_argument("--packet", type=Path, default=DEFAULT_PACKET)
|
|
parser.add_argument("--preflight", type=Path, default=DEFAULT_PREFLIGHT)
|
|
parser.add_argument("--capture-json", type=Path)
|
|
parser.add_argument("--postflight", type=Path, default=DEFAULT_POSTFLIGHT)
|
|
parser.add_argument("--evidence-root", type=Path, default=Path("."))
|
|
parser.add_argument(
|
|
"--codex-rollout-log",
|
|
type=Path,
|
|
help="Platform rollout JSONL containing the exact user authorization and Chrome capture tool receipts",
|
|
)
|
|
parser.add_argument("--out", type=Path, default=DEFAULT_OUT)
|
|
parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT)
|
|
return parser.parse_args(argv)
|
|
|
|
|
|
def main(argv: list[str] | None = None) -> int:
|
|
args = parse_args(argv)
|
|
packet = _load_json(args.packet)
|
|
preflight = _load_json(args.preflight)
|
|
capture = _load_json(args.capture_json) if args.capture_json else None
|
|
postflight = _load_json(args.postflight) if capture is not None and args.postflight.exists() else None
|
|
receipt = verify_capture(
|
|
packet,
|
|
preflight,
|
|
capture,
|
|
postflight,
|
|
packet_path=args.packet,
|
|
evidence_root=args.evidence_root,
|
|
codex_rollout_log=args.codex_rollout_log,
|
|
)
|
|
write_json(args.out, receipt)
|
|
write_markdown(args.markdown_out, receipt)
|
|
print(
|
|
json.dumps(
|
|
{
|
|
"out": str(args.out),
|
|
"markdown_out": str(args.markdown_out),
|
|
"status": receipt["status"],
|
|
"receipt_ready": receipt["receipt_ready"],
|
|
},
|
|
indent=2,
|
|
sort_keys=True,
|
|
)
|
|
)
|
|
return 0 if receipt["status"] in {"pass", "awaiting_action_time_authorization"} else 2
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|