Proofspec turns material software claims into versioned evidence contracts.
What ships
- all, any, and at_least evidence policies
- acyclic claim dependencies with honest blocked state
- constrained file, HTTP, Git, npm, and manual observations through Postcondition
- hash-chained local evidence receipts and end-of-run ledger verification
- JSON, Markdown, standalone HTML, Mermaid, and SARIF reports
- CLI, TypeScript SDK, JSON Schema, and stdio MCP server
- a self-spec checked in CI
Verification
- 70 automated tests
- 98.05% line coverage in the local coverage run
- clean packed-artifact installation and public API import smoke test
- real MCP client handshake
- CI on Node.js 20, 22, and 24
- zero known npm audit vulnerabilities at release time
Install now
The attached proofspec-0.1.0.tgz is the exact smoke-tested npm package artifact. Registry publication is prepared but awaiting maintainer account re-authentication; no npm availability is claimed yet.
SHA-256
5183f552480458ef42ff1da160354465f8f7df9dbcea1e34ae132348e10001b5
Boundary
A satisfied verifier proves only its configured observation. Manual evidence remains unknown, and the local receipt chain is not an externally signed transparency log.