feat(attest): local ZK run attestation + wire into zero exec#2
Merged
Conversation
…ro exec Adds internal/attest: a stdlib-only, zero-dependency package that folds an agent run's events into a SHA-256 hash chain (a 32-byte payload commitment) and computes a nullifier bit-compatible with clawd-zk's @clawd/zk-client, so a run can be proven to have happened — exactly once, by a given model set — without revealing prompts, tool calls, or outputs. Includes a static call-graph test that fails the build on any recursion in the package. Wires it in as an opt-in `--attest` flag on `zero exec`: agent.Options grows a nil-by-default Transcript field that the loop folds task_start/tool_call/ tool_result/run_done events into, and the CLI writes the resulting transcript + attestation summary under .zero/attest/ in the workspace and prints the commitment to stderr. Off by default, the agent loop and exec run are byte-identical to before. internal/attest makes no network calls itself; publishing an attestation on-chain via clawd-zk remains a separate, external step.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
internal/attest: a stdlib-only, zero-dependency package that folds an agent run's events into a SHA-256 hash chain (a 32-byte payload commitment) and computes a nullifier bit-compatible with clawd-zk's@clawd/zk-client, so a run can be proven to have happened — exactly once, by a given model set — without revealing prompts, tool calls, or outputs.norecursion_test.go, a static call-graph test that fails the build on any direct or mutual recursion in the package.--attestflag onzero exec:agent.Optionsgains a nil-by-defaultTranscriptfield the loop foldstask_start/tool_call/tool_result/run_doneevents into; the CLI writes the transcript + attestation summary under.zero/attest/in the workspace and prints the commitment to stderr. Off by default, the agent loop and exec run are byte-identical to before.internal/attestmakes no network calls itself — publishing an attestation on-chain via clawd-zk remains a separate, external step.docs/ATTESTATION.mdand a README documentation-index entry.This picks up the
internal/attestpackage from PR #1 in this fork (mirrors upstreamGitlawb/zero#474) and completes its stated follow-up: wiring the transcript intointernal/agent's loop andzero exec.Linked issue
Fixes #
No approved issue exists for this change yet — this PR follows up on existing PR #1 / upstream Gitlawb#474 rather than a new issue. Flagging per the checklist below rather than skipping it silently.
Checklist
issue-approvedlabel. (no linked issue — see note above)go build ./...,go vet ./..., andgo test ./...pass locally (one pre-existing, unrelated failure ininternal/background'sTestTerminateProcessEscalatesToSIGKILL, reproduced identically onmainwithout this change — a sandboxed-container SIGKILL-delivery flake).gofmtclean.internal/attest/attest_test.go,internal/attest/norecursion_test.go,internal/cli/exec_attest_test.go(flag parsing, help text, and a fullrunExecround-trip that writes and re-verifies the transcript/attestation files on disk).Generated by Claude Code