# AuditSpine — standalone verifier (reference)

`CLASSIFICATION: CUI // INTERNAL`

> **Customer? Start here:** [**CUSTOMER_QUICKSTART.md**](CUSTOMER_QUICKSTART.md) — 60-second walk-through with exact commands, expected GREEN/RED output, and what each check proves.
>
> **Portal team wiring the download page?** The machine-readable manifest is [downloads_manifest.json](downloads_manifest.json) — regenerate with `python Dragonfly/Testing/diagnostic/auditspine_regenerate_downloads_manifest.py` whenever the standalone set changes.

---

This README is the *reference* (design notes for engineers + portal authors). The single-file, stdlib-only verifier a customer can run on any machine with
Python 3.10+ to **re-derive** a sealed bundle independently. No `pip install`.
No network. Drop it next to your `bundle.json` and run:

```
python auditspine_verify_standalone.py path/to/bundle.json
```

Exit codes: `0` = GREEN (bundle verifies), `1` = RED (errors printed),
`2` = bad invocation (missing file, malformed JSON).

Modes: `--json` (machine-readable), `--quiet` (exit code only).

## Why a standalone file (vs `pip install auditspine`)

The customer's whole point of running the verifier is **not trusting us**. A
single self-contained script — readable in one screen, no dependencies, no
implicit code path — is the strongest possible expression of that. The
in-tree package (`Dragonfly/auditspine/`) is the canonical implementation;
this file mirrors its verify-only logic with the same formulas, and a
**parity test** (`test_auditspine_standalone_parity.py`) asserts both produce
identical verdicts on the same bundles. If they ever disagree, the parity
test fails and one of them is broken.

## What it checks

Exactly what `python -m auditspine` checks:

1. **bundle_hash** re-derives from the canonical body (no container tamper).
2. **chain** — every seal's `seal_hash` recomputes from `payload_hash | previous_seal_hash | sealed_at | actor`, and `previous_seal_hash` matches the prior link.
3. **embedded payloads** — each base64'd payload's SHA-256 matches the recorded `payload_hash`.

## Not in this file

- Seal **creation** (only verification — that's the substrate's job, not the customer's).
- Multi-chain composite verification (`auditspine.composition`) — separate; this file is bundle-verify only.

---

`CLASSIFICATION: CUI // INTERNAL`
*v0.1.0 — Story 7.31.5.1.1. Copyright (c) 2026 AuditSpine LLC / Viride LLC. All rights reserved.*