Shell
Install
# TypeScript / Node 18+ pnpm add @moniaamoi/verify-client # Python 3.10+ pip install moniaamoi-verify
Integrations -- verify-client SDK
Verifie nos engagements en 3 lignes.
Deux SDKs publics (TypeScript + Python) wrappent l'endpoint /api/verify/* et executent localement la verification Ed25519. Aucun secret partage. Toute modification de la preuve casse la signature.
Quickstart
TypeScript
TypeScript -- verify a single claim
import { VerifyClient, TamperingDetectedError } from '@moniaamoi/verify-client'
const client = new VerifyClient()
try {
const detail = await client.getClaimVerified('data-region')
// detail.proof, detail.proof_ed25519_signature, detail.public_key_b64
console.log(detail.proof.country) // -> 'Canada'
} catch (err) {
if (err instanceof TamperingDetectedError) {
console.error('proof was tampered:', err.message)
}
}TypeScript
TypeScript -- verify all claims in one round-trip
const { snapshot, verified, tampered } = await client.verifyAllSigned()
console.log(`${verified.length}/${snapshot.total_claims} valid`)
for (const t of tampered) {
console.warn('failed:', t.claimId, t.message)
}Python
Python -- verify a single claim
from moniaamoi_verify import VerifyClient, TamperingDetected
with VerifyClient() as client:
try:
detail = client.get_claim_verified("data-region")
print(detail.proof["country"]) # -> "Canada"
except TamperingDetected as exc:
print(f"tampered: {exc.claim_id}")Python
Python -- verify all claims
with VerifyClient() as client:
result = client.verify_all_signed()
print(f"{len(result['verified'])}/{result['snapshot'].total_claims} valid")
for tampered in result["tampered"]:
print("failed:", tampered.claim_id)Endpoints couverts
| Methode | Chemin | Auth | Cache | Description |
|---|---|---|---|---|
| GET | /api/verify/list | public | 60s | Liste les 6 claims publics verifiables. |
| GET | /api/verify/{claim_id} | public | no-cache | Detail signe Ed25519 + HMAC + timestamp UTC. |
| GET | /api/verify/snapshot | public | 30s + swr | Aggregation 1 round-trip de tous les claims. |
| GET | /api/verify/public-key | public | 600s | Cle publique Ed25519 raw 32B base64. |
| GET | /api/verify/snapshot/history?days=30 | public | 60s | Historique snapshots cron horaire (30-90 jours). |
| GET | /api/verify/badge.svg | public | 300s + swr | Badge SVG embeddable (180x20px). |
| GET | /api/verify/og-image.svg | public | 300s | OG image 1200x630 (Twitter / LinkedIn / Slack). |
Verification Ed25519 -- comment ca marche
- Le backend signe canonique JSON
json.dumps(proof, sort_keys=True, separators=(",", ":"))du champproofavec sa cle privee Ed25519. - Le client telecharge la cle publique via
/api/verify/public-keyune fois. - A chaque appel
/api/verify/{claim_id}, le SDK re-canonicalise localement le proof recu et appelleed25519.verify(signature, canonical, public_key). - Toute mutation du proof casse la signature -- le SDK leve
TamperingDetectedError(TS) ouTamperingDetected(Python).
Live preview
Endpoint backend de production : https://nexus-api-119389939581.northamerica-northeast1.run.app/api/verify/list
Snapshot signe : https://nexus-api-119389939581.northamerica-northeast1.run.app/api/verify/snapshot
Cle publique Ed25519 : https://nexus-api-119389939581.northamerica-northeast1.run.app/api/verify/public-key
Embed le badge
Badge SVG live (couleur color-codee selon le score). Utilisable dans un README ou une page partenaire :
<img src="https://nexus-api-119389939581.northamerica-northeast1.run.app/api/verify/badge.svg" alt="MonIAaMoi verify badge -- ratio claims signes Ed25519" width="180" height="20" />
