Skip to content

Commit eec538a

Browse files
refactor(ledger): rename goldseal@v1 certificate format to korgcert@v1 (#18)
Kills the goldseel (policy model) vs goldseal (certificate format) near-homograph by renaming the certificate. The model is untouched. Schema string, verifier, spec, docs, fixtures (re-minted + re-signed), CI, and python/js adapters all move together so signatures still verify (Rust + JS + Python conformance green). Display 'Gold Seal' -> 'Certificate'. Co-authored-by: New1Direction <285551516+New1Direction@users.noreply.github.com>
1 parent ab4eaeb commit eec538a

39 files changed

Lines changed: 276 additions & 276 deletions

.github/actions/verify-goldseal/action.yml renamed to .github/actions/verify-korgcert/action.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
1-
name: "Verify korg Gold Seal"
1+
name: "Verify korg Certificate"
22
description: >-
3-
Independently verify goldseal@v1 certificates or korg-ledger@v1 sessions in CI —
3+
Independently verify korgcert@v1 certificates or korg-ledger@v1 sessions in CI —
44
hash chain, causal DAG, re-derived summary, and the Ed25519 issuer seal. Zero
55
trust in whoever produced the artifact; no network. Renders a rich report into
6-
the job summary and (on pull_request) posts a sticky Gold Seal comment. Fails
6+
the job summary and (on pull_request) posts a sticky Certificate comment. Fails
77
the job on any tampered or unverifiable file.
88
author: "Korg ecosystem maintainers"
99
branding:
@@ -19,7 +19,7 @@ inputs:
1919
required: false
2020
default: ""
2121
comment:
22-
description: "Post/update a sticky Gold Seal comment on the PR (pull_request events). 'true'/'false'."
22+
description: "Post/update a sticky Certificate comment on the PR (pull_request events). 'true'/'false'."
2323
required: false
2424
default: "true"
2525
github-token:

.github/actions/verify-goldseal/report.mjs renamed to .github/actions/verify-korgcert/report.mjs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Verify korg Gold Seals / ledgers, render a rich Markdown report into the job
1+
// Verify korg Certificates / ledgers, render a rich Markdown report into the job
22
// summary, and (on a pull_request) upsert a single sticky PR comment. Reuses the
33
// repo's conformance-pinned verify.mjs — zero extra deps. Exit 0 iff all valid.
44
import { appendFileSync, readFileSync } from "node:fs";
@@ -49,7 +49,7 @@ for (const f of files) {
4949
const allValid = results.every((r) => r.verdict && r.verdict.valid);
5050

5151
const L = [];
52-
L.push(allValid ? "## 🛡️ ✅ Gold Seal verified" : "## 🛡️ ❌ Gold Seal verification FAILED");
52+
L.push(allValid ? "## 🛡️ ✅ Certificate verified" : "## 🛡️ ❌ Certificate verification FAILED");
5353
L.push("");
5454
L.push("_Independently verified — zero trust in the tool that produced it._");
5555
L.push("");
@@ -64,7 +64,7 @@ for (const r of results) {
6464
const e = r.env || {};
6565
L.push(`### ${v.valid ? "✅" : "❌"} \`${r.f}\` — ${v.kind} ${v.valid ? "VALID" : "INVALID"}`);
6666
L.push("");
67-
if (v.kind === "goldseal") {
67+
if (v.kind === "korgcert") {
6868
const s = e.summary || {};
6969
// Every field below is seal-derived (untrusted) → esc() before interpolation,
7070
// and NOT wrapped in backticks (esc neutralizes them, which would break a span).
@@ -143,10 +143,10 @@ if (wantComment && token && repo && pr) {
143143
headers: h,
144144
body: JSON.stringify({ body }),
145145
});
146-
console.log(`korg: updated sticky Gold Seal comment ${existing.id} on PR #${pr}`);
146+
console.log(`korg: updated sticky Certificate comment ${existing.id} on PR #${pr}`);
147147
} else {
148148
await fetch(issueComments, { method: "POST", headers: h, body: JSON.stringify({ body }) });
149-
console.log(`korg: posted Gold Seal comment on PR #${pr}`);
149+
console.log(`korg: posted Certificate comment on PR #${pr}`);
150150
}
151151
} catch (e) {
152152
console.log(`::warning::korg could not upsert the PR comment: ${e.message}`);

.github/workflows/ci.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ on:
44
push:
55
branches: [main, develop, "feat/**"]
66
pull_request:
7-
# Run on every PR regardless of base, so stacked PRs (e.g. goldseal → phase2)
7+
# Run on every PR regardless of base, so stacked PRs (e.g. korgcert → phase2)
88
# get the full cargo + pytest + cross-language conformance gate too.
99

1010
env:
@@ -53,7 +53,7 @@ jobs:
5353
run: cargo build --workspace --verbose
5454

5555
# --workspace tests every member (root korg package + korg-verify/-ledger
56-
# goldseal+fuzz suites + korg-registry journal/rewind, etc.). The root being
56+
# korgcert+fuzz suites + korg-registry journal/rewind, etc.). The root being
5757
# both a [workspace] and a [package] means a bare `cargo test` would only run
5858
# the root package — verified `cargo test --workspace` is green.
5959
- name: Run tests (workspace)
@@ -122,7 +122,7 @@ jobs:
122122
- name: Install test deps
123123
# pytest + the optional-extra deps so the FULL suite runs in CI rather
124124
# than skipping: hypothesis (property tests) and cryptography (Ed25519
125-
# signing / goldseal mint+verify / korg-seal).
125+
# signing / korgcert mint+verify / korg-seal).
126126
run: python3 -m pip install --quiet pytest hypothesis cryptography
127127

128128
- name: Producer + capture + setup + reader test suites
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,32 @@
1-
name: Gold Seal demo — mint → verify in CI
1+
name: Certificate demo — mint → verify in CI
22

33
# Dogfoods the whole loop in GitHub Actions: build a session ledger, mint a
4-
# goldseal@v1 with korg-seal, verify it with the independent verifier (pinned to
4+
# korgcert@v1 with korg-seal, verify it with the independent verifier (pinned to
55
# the issuer), and prove a tampered copy is rejected. This is what "verified
66
# agent work in CI" looks like.
77
on:
88
workflow_dispatch:
9-
# On PRs: mint + verify and post a sticky Gold Seal check comment (the demo).
9+
# On PRs: mint + verify and post a sticky Certificate check comment (the demo).
1010
pull_request:
1111
paths:
1212
- "adapters/korg-seal/**"
1313
- "adapters/korg-ledger-py/**"
1414
- "spec/korg-ledger-v1/**"
15-
- ".github/actions/verify-goldseal/**"
16-
- ".github/workflows/goldseal-demo.yml"
15+
- ".github/actions/verify-korgcert/**"
16+
- ".github/workflows/korgcert-demo.yml"
1717
# On main (post-merge): dogfood without commenting.
1818
push:
1919
branches: [main]
2020
paths:
2121
- "adapters/korg-seal/**"
2222
- "adapters/korg-ledger-py/**"
2323
- "spec/korg-ledger-v1/**"
24-
- ".github/actions/verify-goldseal/**"
25-
- ".github/workflows/goldseal-demo.yml"
24+
- ".github/actions/verify-korgcert/**"
25+
- ".github/workflows/korgcert-demo.yml"
2626

2727
permissions:
2828
contents: read
29-
pull-requests: write # so the Action can post the sticky Gold Seal comment
29+
pull-requests: write # so the Action can post the sticky Certificate comment
3030

3131
jobs:
3232
mint-and-verify:
@@ -48,41 +48,41 @@ jobs:
4848
- name: Build a session ledger
4949
run: python spec/korg-ledger-v1/tools/make_demo_session.py demo-session.jsonl
5050

51-
- name: Mint a Gold Seal (capture the issuer key)
51+
- name: Mint a Certificate (capture the issuer key)
5252
id: mint
5353
run: |
5454
python -m korg_seal mint demo-session.jsonl \
5555
--claim "CI demo: agent added a /healthz endpoint with a passing test" \
56-
--key issuer.ed25519 -o demo.goldseal.json
56+
--key issuer.ed25519 -o demo.korgcert.json
5757
echo "pub=$(python -m korg_seal key --key issuer.ed25519)" >> "$GITHUB_OUTPUT"
5858
59-
- name: Verify the Gold Seal — pinned to the issuer (must PASS)
60-
uses: ./.github/actions/verify-goldseal
59+
- name: Verify the Certificate — pinned to the issuer (must PASS)
60+
uses: ./.github/actions/verify-korgcert
6161
with:
62-
path: demo.goldseal.json
62+
path: demo.korgcert.json
6363
pin-pubkey: ${{ steps.mint.outputs.pub }}
6464

6565
- name: A tampered seal must FAIL (negative test)
6666
run: |
6767
python - <<'PY'
6868
import json
69-
e = json.load(open("demo.goldseal.json"))
69+
e = json.load(open("demo.korgcert.json"))
7070
e["claim"] = "CI demo: agent fixed an unrelated critical security bug" # move the claim
71-
json.dump(e, open("tampered.goldseal.json", "w"))
71+
json.dump(e, open("tampered.korgcert.json", "w"))
7272
PY
73-
if node spec/korg-ledger-v1/js/verify.mjs tampered.goldseal.json; then
74-
echo "::error::a tampered Gold Seal verified — this must never happen"
73+
if node spec/korg-ledger-v1/js/verify.mjs tampered.korgcert.json; then
74+
echo "::error::a tampered Certificate verified — this must never happen"
7575
exit 1
7676
fi
77-
echo "✓ tampered Gold Seal correctly rejected"
77+
echo "✓ tampered Certificate correctly rejected"
7878
7979
- name: Job summary
8080
if: always()
8181
run: |
8282
{
83-
echo "### 🛡️ korg Gold Seal — verified in CI"
83+
echo "### 🛡️ korg Certificate — verified in CI"
8484
echo ""
85-
echo "Minted a Gold Seal from a session ledger and verified it with the independent"
85+
echo "Minted a Certificate from a session ledger and verified it with the independent"
8686
echo "verifier, pinned to issuer \`${{ steps.mint.outputs.pub }}\`. A tampered copy was"
8787
echo "correctly rejected. Re-verify in a browser: <https://new1direction.github.io/korg/web/seal.html>"
8888
} >> "$GITHUB_STEP_SUMMARY"

.github/workflows/pages.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
name: Deploy verifier to GitHub Pages
22

33
# Publishes the zero-install, client-side verifiers + the korg-ledger@v1 /
4-
# goldseal@v1 specs. The Pages root is spec/korg-ledger-v1/, so:
4+
# korgcert@v1 specs. The Pages root is spec/korg-ledger-v1/, so:
55
# / → landing page (index.html)
6-
# /web/seal.html → the Gold Seal verifier
6+
# /web/seal.html → the Certificate verifier
77
# /web/index.html → the raw-ledger verifier
88
# /js/verify.mjs → the conformance-pinned engine the pages import
99
on:
1010
push:
11-
branches: [main, feat/goldseal-certificate]
11+
branches: [main, feat/korgcert-certificate]
1212
paths: ["spec/korg-ledger-v1/**", ".github/workflows/pages.yml"]
1313
workflow_dispatch:
1414

ARCHITECTURE.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ Korg maintains a tamper-proof audit trail of every significant action using a cr
152152
Beyond the in-process provenance chain above, Korg ships a set of independently-verifiable, "flight-recorder" capabilities that let third parties check an agent's work without trusting Korg itself:
153153

154154
- **`korg-ledger@v1`**: A frozen, hash-chained, HLC-ordered, tamper-evident event ledger with cross-language conformance (Rust/Python/JS). Each event carries an Ed25519 per-event signature, and the ledger supports git-tip structural anchoring for offline structural verification.
155-
- **Gold Seal (`goldseal@v1`)**: A public, independently-verifiable certificate of agent work, produced by the `korg-seal` CLI (mint/anchor/resolve/verify) and checkable by three conformant verifiers (`korg-verify` in Rust, plus Python and JS) as well as zero-install in-browser verifiers hosted on GitHub Pages.
155+
- **Certificate (`korgcert@v1`)**: A public, independently-verifiable certificate of agent work, produced by the `korg-seal` CLI (mint/anchor/resolve/verify) and checkable by three conformant verifiers (`korg-verify` in Rust, plus Python and JS) as well as zero-install in-browser verifiers hosted on GitHub Pages.
156156
- **Honest `korg run-once` pipeline**: Runs a real patch through a real `cargo check` and attests a mutation count that *equals* the real `git diff` (file count + changed paths). When it cannot produce a real result, it reports an honest null rather than fabricating one.
157157
- **Provider model**: The default is a hermetic `DeterministicProvider` (fixture-only); `--provider ollama` runs a live local model on arbitrary tasks.
158158

0 commit comments

Comments
 (0)