Verify Pact evidence without trusting anyone.

The verifier checks signatures, hash chain integrity, and policy/constitution matches, then outputs a deterministic PASS/FAIL with reason codes and the failing round/event.

Verifiers fail closed. Missing or unverifiable artifacts invalidate the bundle.

Why Pact exists

Without Pact

Logs are informal and mutable
Intent is implicit; disputes require humans
Insurance and audit are impossible

With Pact

Negotiation is signed and hash-linked
Failures are classified with blame
Evidence is portable and verifiable

Verifiers fail closed. Missing or unverifiable artifacts invalidate the bundle.

What a verifier checks

Signatures: All agent signatures must be cryptographically valid
Hash chain integrity: Each round's hash must match the previous round's output
Constitution/policy hash match: The policy referenced must match the hash in the transcript
Deterministic replay constraints: Same inputs and policy must produce the same transcript checks
Evidence refs validity: All referenced evidence artifacts must be present and verifiable

CLI sketch

# Replay transcript deterministically
pact replay --transcript ./artifacts/transcript.json

# Verify evidence bundle integrity
pact verify --bundle ./artifacts/bundle.json

# Run judgment with failure event
pact judge --bundle ./artifacts/bundle.json --failure-event settlement_timeout

Threat model

Tampering: Any modification to signed transcripts breaks the hash chain and is detectable
Forged signatures: Invalid cryptographic signatures fail verification
Replay attacks / mismatched versions: Policy hash mismatches or version conflicts are detected
Missing evidence refs: Referenced artifacts that are absent or unverifiable cause verification to fail

Outputs

Verification produces a binary result:

PASS: All checks valid. The evidence bundle is admissible.
FAIL: One or more checks invalid. Includes failure reason codes and pointers to the failed round or event.