client.verify()
Confirm that a recorded manifest hash is reproducible from the same
inputs. Returns a plain boolean: True on match,
False on drift.
Signature
client.verify(
manifest_hash: str,
payload: str | bytes,
program_id: str,
route_id: str,
registry_record_hash: str,
) -> bool
| Argument | Type | Notes |
|---|---|---|
manifest_hash | str | The previously-recorded hash to verify against (64-char hex) |
payload | str or bytes | Same as attest() |
program_id, route_id, registry_record_hash | str | Same as attest() |
Return value
True if the recorded hash matches the freshly-computed one; False otherwise.
Raises
Same as attest() — ValidationError, StageError, APIError, ConnectionError.
Example
from verdifax import VerdifaxClient
with VerdifaxClient() as client:
ok = client.verify(
manifest_hash="6c1428f81519c5bb...",
payload="hello verdifax",
program_id="a" * 64,
route_id="route-test",
registry_record_hash="b" * 64,
)
assert ok is True
What this proves
If verify() returns True, the recorded hash is consistent with the inputs you provided — meaning anyone with those inputs can re-derive the hash, which is the integrity guarantee Verdifax offers. If it returns False, either the recorded hash is wrong, the recorded inputs differed from the ones you supplied, or the program registry record changed.
What this is not
Calling verify() does not check that your saved hash matches the orchestrator's stored hash. It only checks that re-deriving from inputs reproduces the supplied hash. For end-to-end "is this run still in the database the way I recorded it?" use GET /runs/{id}/verify.