Module verify 

Cross-verification: check a Session Receipt against an Agent Certificate.

Answers a single question: did the session stay inside the certificate’s authorized envelope? Specifically:

1. Do the receipt and certificate reference the same ship?
2. Was the certificate valid (not expired, not pre-dated) at session time?
3. Was every tool called during the session present in the certificate’s authorized tool list?

This function is the reusable library primitive. The treeship verify --certificate CLI calls it, @treeship/verify will call it through WASM in v0.9.1, and third-party dashboards embedding Treeship verification call it directly. All of them get the same semantics.

Structs

CrossVerifyResult

Result of cross-verifying a receipt against a certificate.

Enums

CertificateStatus

Certificate validity at the cross-verify time.

ShipIdStatus

Ship ID comparison outcome.

Functions

checks_ok

Convenience: true iff every check in the list is Pass or Warn.

cross_verify_receipt_and_certificate

Cross-verify a receipt against an agent certificate.

verify_receipt_json_checks

Receipt-level checks derivable from the receipt JSON alone (no on-disk package). Runs Merkle root recomputation, inclusion proof verification, leaf-count parity, timeline ordering, and receipt-level chain linkage. Shared between the CLI’s URL-fetch path and the WASM verify_receipt export so both surfaces apply the same rules.