Conformance
How to build and verify a conforming AIIR implementation.
What conformance means
A conforming AIIR implementation produces receipts that any other conforming
implementation can verify — byte-for-byte. This is possible because the format
is fully deterministic: given the same 6 core fields, every implementation
must compute the same content_hash and receipt_id.
There are three conformance levels. Implementations may claim any level they pass:
| Level | Requirement | Test suite |
|---|---|---|
| Level 1 — Verify | Can verify an existing receipt's content_hash and receipt_id |
25 JSON test vectors |
| Level 2 — Generate | Level 1 + can produce valid receipts with correct canonical JSON encoding | 25 JSON vectors + schema validation |
| Level 3 — Full | Level 2 + CBOR round-trip: JSON → CBOR → JSON produces identical hashes | 25 JSON vectors + 24 CBOR vectors |
Test vectors
All test vectors are published in the AIIR repository under schemas/.
They are the normative conformance suite — if your implementation passes all vectors,
it is conforming.
| File | Format | Vectors | Purpose |
|---|---|---|---|
| test_vectors.json | JSON | 25 | Receipt structure, content hash, receipt ID, tamper detection |
| cbor_test_vectors.json | JSON (hex-encoded CBOR) | 24 | CBOR canonical encoding, envelope structure, round-trip determinism |
| commit_receipt.v1.schema.json | JSON Schema (draft 2020-12) | — | Structural validation of v1 receipt fields and types |
| commit_receipt.v2.schema.json | JSON Schema (draft 2020-12) | — | Structural validation of v2 receipt fields and types (current) |
Verification procedure
This is the algorithm every conforming verifier must implement:
- Parse the receipt as JSON. Reject if not a valid JSON object.
- Validate that
typeequals"aiir.commit_receipt". - Extract the 6 core keys:
type,schema,version,commit,ai_attestation,provenance. - Build a new object containing only those 6 keys.
- Serialize to canonical JSON: sorted keys (recursive), no whitespace (
,and:separators), ASCII-safe (\uXXXXescapes),allow_nan=False. - Compute
sha256_hex = hex(SHA-256(canonical_json_bytes)). -
Compare using constant-time comparison:
content_hashmust equal"sha256:" + sha256_hexreceipt_idmust equal"g1-" + sha256_hex[:32]
Constant-time comparison prevents timing side channels.
Python: hmac.compare_digest().
Rust: subtle::ConstantTimeEq.
JavaScript: iterate all bytes, accumulate XOR.
CBOR round-trip verification
For Level 3 (Full) conformance, implementations must also verify CBOR sidecars:
- Decode the
.cborfile using a strict canonical decoder (reject non-shortest integers, indefinite-length items, unsorted map keys, trailing bytes, NaN/Infinity). - Validate the Layer-0 envelope:
type,schema,kind,object_schema,core. - Extract the receipt from the
corefield. - Re-encode the receipt to canonical JSON (same rules as above).
- Compute SHA-256 over the canonical JSON bytes.
- Compare against the
content_hashembedded in the receipt — must match.
This proves the CBOR encoding is lossless and deterministic. The same receipt produces the same hash regardless of which encoding path was used.
Reference implementations
Three reference implementations are available, all passing the full test vector suite:
| Language | Package | Conformance level | Lines |
|---|---|---|---|
| Python | aiir (PyPI) |
Level 3 — Full | ~9,200 |
| Rust | aiir-cbor-verify |
Level 3 — Full | ~970 |
| JavaScript | aiir-verify |
Level 1 — Verify | ~400 |
Cross-language determinism is verified in CI on every push: the Python implementation encodes a receipt to CBOR, and the Rust crate independently decodes, re-encodes to JSON, and verifies the hash matches. This runs as a dedicated CI check.
Building a conforming implementation
- Start with Level 1. Download test_vectors.json and implement the verification algorithm above.
- Validate against the schema. Use commit_receipt.v2.schema.json to validate structural correctness.
- Run all 25 JSON vectors. Each vector includes
expected_content_hashandexpected_receipt_id. All must match. - To reach Level 3, implement CBOR decoding following RFC 8949 §4.2 deterministic encoding rules, and run all 24 CBOR vectors.
If any vector fails, the implementation is non-conforming at that level. There are no optional vectors — all are required.
Claiming conformance
Third-party implementations claiming AIIR compatibility should:
- State the spec version they conform to (currently 2.0.0)
- State the conformance level (1, 2, or 3)
- Pass all published test vectors for that level
- Reference these test vectors in their own CI
See TRADEMARK.md for badge usage guidelines.
Get started
Download the test vectors and start building.
Test vectors → Read the spec →