Skip to content

feat(attest): local ZK run attestation + wire into zero exec#2

Merged
Solizardking merged 1 commit into
mainfrom
claude/pr-474-feedback-10hac2
Jul 5, 2026
Merged

feat(attest): local ZK run attestation + wire into zero exec#2
Solizardking merged 1 commit into
mainfrom
claude/pr-474-feedback-10hac2

Conversation

@Solizardking

Copy link
Copy Markdown
Owner

Summary

  • Adds internal/attest: a stdlib-only, zero-dependency package that folds an agent run's events into a SHA-256 hash chain (a 32-byte payload commitment) and computes a nullifier bit-compatible with clawd-zk's @clawd/zk-client, so a run can be proven to have happened — exactly once, by a given model set — without revealing prompts, tool calls, or outputs.
  • Includes norecursion_test.go, a static call-graph test that fails the build on any direct or mutual recursion in the package.
  • Wires it in as an opt-in --attest flag on zero exec: agent.Options gains a nil-by-default Transcript field the loop folds task_start/tool_call/tool_result/run_done events into; the CLI writes the transcript + attestation summary under .zero/attest/ in the workspace and prints the commitment to stderr. Off by default, the agent loop and exec run are byte-identical to before.
  • internal/attest makes no network calls itself — publishing an attestation on-chain via clawd-zk remains a separate, external step.
  • Adds docs/ATTESTATION.md and a README documentation-index entry.

This picks up the internal/attest package from PR #1 in this fork (mirrors upstream Gitlawb/zero#474) and completes its stated follow-up: wiring the transcript into internal/agent's loop and zero exec.

Linked issue

Fixes #

No approved issue exists for this change yet — this PR follows up on existing PR #1 / upstream Gitlawb#474 rather than a new issue. Flagging per the checklist below rather than skipping it silently.

Checklist

  • The linked issue already has the issue-approved label. (no linked issue — see note above)
  • go build ./..., go vet ./..., and go test ./... pass locally (one pre-existing, unrelated failure in internal/background's TestTerminateProcessEscalatesToSIGKILL, reproduced identically on main without this change — a sandboxed-container SIGKILL-delivery flake).
  • gofmt clean.
  • Tests added/updated for the change: internal/attest/attest_test.go, internal/attest/norecursion_test.go, internal/cli/exec_attest_test.go (flag parsing, help text, and a full runExec round-trip that writes and re-verifies the transcript/attestation files on disk).
  • UI changes include screenshots or a short recording where possible. (no UI changes)

Generated by Claude Code

…ro exec

Adds internal/attest: a stdlib-only, zero-dependency package that folds an
agent run's events into a SHA-256 hash chain (a 32-byte payload commitment)
and computes a nullifier bit-compatible with clawd-zk's @clawd/zk-client, so
a run can be proven to have happened — exactly once, by a given model set —
without revealing prompts, tool calls, or outputs. Includes a static
call-graph test that fails the build on any recursion in the package.

Wires it in as an opt-in `--attest` flag on `zero exec`: agent.Options grows
a nil-by-default Transcript field that the loop folds task_start/tool_call/
tool_result/run_done events into, and the CLI writes the resulting
transcript + attestation summary under .zero/attest/ in the workspace and
prints the commitment to stderr. Off by default, the agent loop and exec
run are byte-identical to before. internal/attest makes no network calls
itself; publishing an attestation on-chain via clawd-zk remains a separate,
external step.
@Solizardking Solizardking marked this pull request as ready for review July 5, 2026 06:06
@Solizardking Solizardking merged commit 1c91bda into main Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants