Final CLAS Trust Verification v1 artifact audit

[GsCommand]

Run a final audit of CLAS Trust Verification v1 before moving back to website polish.

Scope:
Do not modify files unless the audit finds a trivial path/reference typo that blocks validation. Prefer reporting first.

Audit every Trust Verification verb:

• verify
• authenticate
• authorize
• attest
• sign
• permit
• grant
• approve
• reject
• endorse

For each verb, verify these exist:

• schemas/trust-verification//.request.schema.json
• schemas/trust-verification//.receipt.schema.json
• schemas/trust-verification//.openapi.yaml
• schemas/trust-verification//.mcp.tool.schema.json
• schemas/trust-verification//examples/valid.request.json
• schemas/trust-verification//examples/valid.receipt.json
• schemas/trust-verification//examples/tampered.receipt.json
• schemas/trust-verification//examples/invalid.receipt.json

Also verify:

1. schemas/trust-verification/manifest.json has correct paths for request, receipt, OpenAPI, MCP, and examples for all 10 verbs.
2. schemas/trust-verification/capabilities.json has one entry per verb and all referenced paths exist.
3. schemas/trust-verification/discovery/*.discovery.json files parse and referenced paths exist where applicable.
4. Every MCP tool schema parses as JSON.
5. No inputSchema/outputSchema $ref object in any MCP tool schema has sibling fields such as description.
6. OpenAPI files exist and are parseable if a YAML parser is available.
7. Shared proof schema exists and every receipt schema references ../_shared/proof.schema.json.
8. npm run validate:trust-verification passes, or if it fails, report the exact failure and whether it is pre-existing.

Report a table:
verb | request | receipt | examples | OpenAPI | MCP | manifest | catalog | status

Then report:

• missing files
• bad paths
• MCP ref-sibling issues
• validation results
• recommended fixes, if any

Do not add new verbs.
Do not change schema semantics.
Do not touch website files.