EVE Proof — Sample Evidence
===========================

These files let you verify an EVE Proof decision certificate yourself, offline,
with no dependency on EVE infrastructure. That is the entire premise of the
product: trust the math, not the vendor.

Files
-----
  eve-proof-sample-certificate.json   A signed Governed Decision Certificate.
  eve-proof-evidence-pack.json        A small evidence pack: two certificates, a
                                      real 2-leaf Merkle tree with a signed root,
                                      inclusion proofs, and the public key.
  eve-proof-public-key.txt            The Ed25519 public key that signed them.
  verify_sample.py                    A standalone verifier (uses `cryptography`).

Verify the certificate
----------------------
  pip install cryptography
  python verify_sample.py eve-proof-sample-certificate.json
  # -> ✓ signature is authentic and the payload is intact.

Then tamper with it: change one character anywhere in the JSON and re-run.
Verification fails with a BadSignatureError — exactly what an examiner wants.

How it works
------------
  * Signature: Ed25519 (RFC 8032) over the JCS-canonical (RFC 8785) certificate
    payload, excluding the `signature` field.
  * Integrity: cert_hash = sha256(JCS(certificate)); each certificate links to the
    prior one via prev_hash, forming a tamper-evident chain.
  * Aggregation: merkle leaf = sha256(cert_hash); leaves are batched into a Merkle
    tree whose signed root is published in the evidence pack.

Note
----
This is a demonstration key and demonstration data. Production EVE Proof uses a
distinct signing key (KMS-ready) and your own tenant's certificates. The
verification procedure is identical.

Verify a real certificate from your own decisions:
  https://eveaicore.com/verify   (Verification Portal)
  https://eveaicore.com/agent-proof   (offline verifier)