actx verify

actx verify

Cryptographically verify that sidecar translations haven’t been tampered with and that the content-addressed store maintains integrity.

Usage

actx verify [file] [options]

Arguments

Argument	Required	Description
file	❌	Specific translation file to verify. If omitted, verifies all translations

Options

Option	Description
--all	Verify all .context/translations/ signatures
--cas	Verify CAS digest integrity (recompute digests vs filenames)

What It Does

Translation Verification (default)

1. Reads .json files from .context/translations/
2. For each translation:
   • Extracts the stored CTX statement, human translation, and signature
   • Re-computes the Ed25519 signature from the raw data
   • Compares against the stored signature
3. Reports any mismatches (indicating tampering)

CAS Verification (--cas)

1. Reads all files from .context/objects/
2. Recomputes the SHA-256 hash of each file’s content
3. Compares against the filename (which IS the hash)
4. Reports any files whose content doesn’t match their name

Examples

Verify all translations

$ actx verify
🔍 Verifying 42 translations...
  ✅ a1b2c3d4... valid
  ✅ e5f6g7h8... valid
  ✅ i9j0k1l2... valid
  ...
✅ All 42 signatures verified

Verify CAS integrity

$ actx verify --cas
🔍 Verifying CAS object integrity...
  ✅ 147 objects verified

Verify a specific translation

$ actx verify .context/translations/a1b2c3d4.json
✅ Signature valid

Why This Matters

The verify command provides cryptographic proof that:

• Agent actions match what was reported to humans
• No one has modified translation records after the fact
• The content-addressed store hasn’t been corrupted

This is the foundation of AgentCTX’s trust model.

See Also

• Sidecar — how translations are signed
• Security Model — the 8-layer defense