Skip to content

v5.10.0 — ClaimVerifier: Tier 1 Agent Honesty / Lie Detector

Choose a tag to compare

View all tags
@Jovancoding Jovancoding released this 08 Jun 20:48
· 4 commits to main since this release
v5.10.0
b5d30c3

ClaimVerifier — Tier 1 Agent Honesty / Lie Detector

Network-AI v5.10.0 ships ClaimVerifier, a new subsystem that lets the orchestrator independently verify whether an agent's claimed actions actually happened — catching fabricated results, exaggerated outcomes, and undisclosed side-effects.

How it works

AgentRuntime now issues an HMAC-signed ExecutionReceipt for every exec() and writeFile() call, committing to { agentId, action, target, exitCode, outputHash }. The runtime — not the agent — is the sole outcome authority. Tampering with any field (including exitCode or outputHash) invalidates the signature.

ClaimVerifier.verify(manifests, agentId, windowMs) reconciles agent-declared ActionManifest[] against the in-memory RuntimeAuditEntry log:

  • UNSUPPORTED_CLAIM — agent declared an action that has no matching runtime witness (forged or imagined)
  • UNDISCLOSED_ACTION — runtime witnessed an action the agent did not declare

Both violation types surface through ComplianceMonitor and can trigger AuthGuardian trust decay.

Trust decay

AuthGuardian.recordClaimViolation() increments a per-agent counter on each UNSUPPORTED_CLAIM. After N consecutive violations (default 3) trust drops by 0.1. Below 0.4 trust, the agent is forced into ApprovalGate supervised execution.
esetClaimViolations() resets the counter on a corroborated turn.

New exports

ypescript import { ClaimVerifier, ActionManifest, VerificationOutcome, VerificationResult } from 'network-ai' import { ExecutionReceipt } from 'network-ai'

Scope (Tier 1)

ClaimVerifier operates on AgentRuntime-mediated actions only. Unmediated BYOC adapter network calls, per-session audit log boundaries, and the interpretive gap between "ran" and "succeeded semantically" are documented in THREAT_MODEL.md section 8 as Tier 2 hardening candidates (capability broker + process isolation + egress-deny).

Changes

  • New: lib/claim-verifier.ts — ClaimVerifier, ActionManifest, VerificationOutcome, VerificationResult, ClaimVerifierOptions
  • New: est-claim-verifier.ts — 50 tests (Phase 1: receipt, Phase 2: reconciliation, Phase 3: trust decay)
  • Modified: security.ts — ExecutionReceipt interface; SecureTokenManager.generateReceipt() / �alidateReceipt()
  • Modified: lib/agent-runtime.ts — ShellResult.receipt?, FileResult.receipt?, receipt emission after exec/write
  • Modified: lib/auth-guardian.ts —
    ecordClaimViolation(),
    esetClaimViolations(), getClaimViolationCount(), getTrustLevel()
  • Modified: lib/compliance-monitor.ts — ViolationType extended with UNSUPPORTED_CLAIM, UNDISCLOSED_ACTION
  • Modified: ypes/agent-adapter.d.ts — AgentResult.metadata.receipts?
  • Modified: index.ts — exports for all new types
  • Modified: THREAT_MODEL.md — section 8 Tier 1 scope ceiling + Tier 2 hardening path
  • Docs: README, SECURITY, .github/SECURITY, SKILL.md, CONTRIBUTING, AUDIT_LOG_SCHEMA, CHANGELOG, ARCHITECTURE — all updated for v5.10.0

Test suite

3211 tests across 32 suites (50 new + 3161 existing), 0 failures.

Full changelog

See CHANGELOG.md.

Assets 2
Loading