Verify an OVERT proof — the AI attestation verifier

The whole point of an OVERT receipt is that you don’t have to trust the party who gave it to you. A verifier checks the cryptographic claims yourself — offline, with no call back to Glacis.

Status: verifier in development

A standalone, vendor-neutral overt-verify tool (Apache-2.0) is in active development; the Python SDK will ship as its binding. Today, the Python SDK handles offline receipts — and we are upgrading verify from structural checks to full Ed25519 signature verification. This page describes the target capability; we’ll mark it generally available when the signature path lands. We document what verifies today and won’t claim more.

What a verifier checks

A complete OVERT receipt verification confirms:

1. Signature — the receipt is an Ed25519 signature over RFC 8785 canonical bytes, made by the claimed key.
2. Canonical hashing — the content hashes match, recomputed independently (cross-runtime: the same bytes verify from Rust, TypeScript, or Python).
3. Chain inclusion — the receipt is included in the notary’s RFC 6962-shaped transparency log, with a valid inclusion proof.
4. Non-egress — the receipt carries only hashes and line-ranges, never raw prompt or response text.

If any check fails, verification fails closed.

Verify today (offline receipts)

pip install glacis
python -m glacis verify receipt.json

Note

Offline receipts are deliberately marked UNVERIFIED for third-party purposes — they prove integrity against tampering, but a single operator-controlled signer caps assurance at AAL-3. Independent (AAL-4) verification requires a notary outside the operator’s trust boundary. See the conformance ladder.

Why a neutral verifier matters

A “system of proof” only works if the proof is checkable by someone who distrusts the vendor. That’s why the verifier is being built as a vendor-neutral, Apache-2.0 tool referenced by the OVERT standard itself — independence of verification never requires trusting Glacis.

Python SDK quickstart Install the client and verify offline receipts today.

AI attestation, explained What attestation is, and how it differs from TEE/hardware attestation and model signing.