Module verify 

ai-memory verify-reflection-chain — external verifier for reflection chains (procurement-grade audit tool, v0.7.0 L1-3).

Walks the reflects_on edges backward from the supplied memory to depth 0, verifies each Ed25519 signature (when present) using the identity::verify infrastructure, optionally checks signed_events creation entries, and emits a structured chain-integrity report.

Exit codes

• 0 — chain fully verified (or no signatures present and bounded_status != "exceeded_cap").
• 1 — at least one edge failed signature verification, or the chain exceeds its namespace max_reflection_depth cap.

Output formats

• --format text (default) — human-readable report printed to stdout.
• --format json — structured AgenticMem Attest tier evidence packet serialised as JSON.

Structs

ChainReport

Full chain-integrity report — the AgenticMem Attest tier evidence packet.

EdgeResult

One reflects_on edge in the ancestry tree, with its verification result.

SignedEventSummary

Per-signed_events row summary for a memory in the chain.

VerifyChainArgs

Arguments for ai-memory verify-reflection-chain.

Functions

build_chain_report

Walk the reflects_on ancestry tree from root_id, verify every edge, and return the ChainReport.

build_chain_report_at

Variant of build_chain_report that lets the caller pin the generated_at timestamp. Used by forensic::bundle so the embedded verification.json is byte-stable across rebuilds (the bundle’s own manifest.generated_at is the only legitimate non-deterministic field). None falls back to Utc::now().

run

Run the verify-reflection-chain subcommand against the SQLite DB at db_path. Returns an exit code: 0 if the chain is intact, 2 otherwise.