The receipts.
This is the live trust state of @kontourai/surface v0.12.0,
the reference implementation of the Hachure spec.
The panel below is rendered by the <surface-trust-panel> web component
from kontourai/surface opens external site
and loaded from /trust/latest.json.
The bundle was generated by running real checks against the v0.12.0 checkout:
npm test (pass/fail counts captured as evidence),
all five Hachure spec conformance vectors opens external site (per-vector results),
statusFunctionVersion agreement between implementation and spec package,
and git tag/commit anchored as the integrity reference.
Producer: kontourai-surface-release.
Raw bundle JSON: /trust/latest.json
·
Generated by scripts/release-trust-bundle.mjs opens external site
·
Spec vectors: hachure-org/spec/conformance opens external site
buildTrustReport(bundle) — a pure, deterministic
function of the bundle data and a now timestamp.
Clone kontourai/surface,
run node scripts/release-trust-bundle.mjs --out /tmp/my-check,
and compare.
Any conforming implementation of statusFunctionVersion = "1" must produce the same
per-claim statuses for the same inputs.
/.well-known/hachure/verify.
It is a second, independent implementation — it does not use @kontourai/surface —
proof the spec is implementable from its text alone.
The signed release assets for v0.12.0 are also available:
trust-bundle.dsse.json opens external site
and
trust-bundle.sigstore.json opens external site.
The in-toto statement inside the DSSE binds trust-bundle.json
to a Fulcio certificate for
publish-npm.yml@refs/tags/v0.12.0.
Digest binding is inspectable today: