nexart.iodocs

    Verification Reports

    The result of validating a CER bundle and its attestation data.

    What is a Verification Report?

    A verification report summarizes the integrity and attestation state of a CER. It is the result of validating the bundle structure, the node signature, and the consistency between the receipt and the record.

    Verification may be performed locally using the CER bundle and the node's published keys, or through the public verifier at verify.nexart.io.

    Verification Checks

    Each check returns PASS, FAIL, or SKIPPED:

    1. Bundle Integrity. Confirm that the CER bundle hashes are internally consistent and that the computed certificateHash matches the bundle contents.
    2. Node Signature. Verify that the receipt signature is valid using the attestation node's published Ed25519 public key, matched by the kid in the receipt. SKIPPED if no attestation is present.
    3. Receipt Consistency. Confirm that the receipt at meta.attestation.receipt references the same certificateHash as the CER bundle. SKIPPED if no attestation is present.

    Verification Statuses

    The status field indicates the overall verification outcome, as defined by the CER Protocol:

    • VERIFIED. All applicable verification checks pass.
    • FAILED. One or more verification checks fail. This may indicate tampering, mismatched hashes, or an invalid signature.
    • NOT_FOUND. The requested execution record was not located.

    Example Report

    Verification Report (VERIFIED)
    {
  "status": "VERIFIED",
  "checks": {
    "bundleIntegrity": "PASS",
    "nodeSignature": "PASS",
    "receiptConsistency": "PASS"
  },
  "reasonCodes": [],
  "certificateHash": "sha256:...",
  "bundleType": "cer.ai.execution.v1",
  "verifiedAt": "2026-03-06T12:05:00.000Z",
  "verifier": "nexart-verifier/1.0.0"
}

    When Checks Are SKIPPED

    If a CER bundle has no attestation, the Node Signature and Receipt Consistency checks are SKIPPED. This is expected for unattested bundles created via POST /v1/cer/ai/create.

    Verification Report (No Attestation)
    {
  "status": "VERIFIED",
  "checks": {
    "bundleIntegrity": "PASS",
    "nodeSignature": "SKIPPED",
    "receiptConsistency": "SKIPPED"
  },
  "reasonCodes": [],
  "certificateHash": "sha256:...",
  "bundleType": "cer.ai.execution.v1",
  "verifiedAt": "2026-03-06T12:05:00.000Z",
  "verifier": "nexart-verifier/1.0.0"
}

    When You Get FAILED

    A FAILED result means one or more checks did not pass. Common causes:

    • Bundle contents were modified after attestation
    • Signature does not match the node's published key
    • Receipt references a different certificateHash than the bundle
    • Corrupted or malformed bundle