Verification

The verify function provides end-to-end integrity checking: decode a Vein binary, compute its fingerprint, and compare against an expected hash.


import { verify } from "@stacknet/lode";
 
const ok: boolean = verify(vein, expectedHash, schema);

How It Works

INPUTS

Vein Binary

.lode Schema

Expected Hash

STEP 1 — DECODE

decode(vein, schema)

Plain Object

STEP 2 — HASH

fingerprint(object)

Actual Hash

STEP 3 — COMPARE

actual === expected ?

true / false

verify never throws. If decoding fails or the hash doesn’t match, it returns false.

Example


import { compile, fingerprint, verify, loadLode } from "@stacknet/lode";
 
const schema = loadLode("model-layer-v1.lode");
 
// Producer
const layer = { name: "turbo", isDefault: false, models: ["devstral:24b"], defaultModel: "devstral:24b" };
const vein = compile(layer, schema);
const hash = fingerprint(layer);
 
// Consumer (receives vein + hash over the network)
const trusted = verify(vein, hash, schema);
console.log(trusted); // true

Tamper Detection

If any byte of the Vein binary is modified, verification fails:


const tampered = new Uint8Array(vein);
tampered[10] ^= 0xFF; // flip a byte
 
verify(tampered, hash, schema); // → false

Network Verification Pattern

When serving Vein binaries over HTTP, include the fingerprint in a header:


// Server
const vein = compile(layer, schema);
const fp = fingerprint(layer);
return new Response(vein, {
  headers: {
    "Content-Type": "application/x-vein",
    "X-Lode-Fingerprint": fp,
  },
});
 
// Client
const res = await fetch(url);
const vein = new Uint8Array(await res.arrayBuffer());
const expected = res.headers.get("X-Lode-Fingerprint");
const ok = verify(vein, expected, schema);

CLI Verification


$ lodec verify layer.vein a3f8c2e9... -s model-layer-v1.lode
✓ Verified
 
$ lodec verify tampered.vein a3f8c2e9... -s model-layer-v1.lode
✗ Verification failed

The CLI exits with code 0 on success, 1 on failure.