Reports verified, attested, Merkle root, file count, and public verify URL.
Docs · Verify
Verify & attest.
Verification and attestation reference.
Use this page to choose the correct verification path: storage state, on-chain attestation, per-file Merkle proof, receipt hash verification, or the full verification bundle. Each surface is available through PyNukez and the underlying gateway endpoints.
Computes the file-set Merkle root and records the attestation result.
Returns a per-file proof path that can be recomputed independently.
Normative algorithm and test vectors for external verifiers. Open spec →
Storage state
Verify the receipt's storage state
Use this first to understand whether a receipt is attested and whether the current file set verifies.
from pynukez import Nukez client = Nukez(keypair_path="~/.config/solana/id.json")receipt_id = "9494f0778940d18e" v = client.verify_storage(receipt_id)print("verified: ", v.verified)print("attested: ", v.attested)print("merkle_root:", v.merkle_root)print("verify_url: ", v.verify_url) # HTTP equivalent:# POST https://api.nukez.xyz/v1/storage/verify# body: {"receipt_id": receipt_id}
Code notes
Storage verification reports whether a receipt has an attested Merkle root and whether the stored file set currently verifies. On confirmed lockers the gateway runs an attestation automatically after every successful file confirm via Cloud Tasks — by the time you fetch the verification bundle for a freshly-confirmed locker, content_proof and on_chain_anchor are already populated. The explicit POST /v1/storage/attest endpoint (signed envelope, op locker:attest) exists for two cases only: forcing a fresh anchor right now, and clients that want a synchronous result instead of polling verify. Before any files are uploaded, verified and attested are false with no Merkle root — this is the steady-state for empty lockers, not a failure.
Use verify_storage for storage/content attestation state. Use verify_receipt_hash when you specifically want to verify the receipt object hash.
Attestation
Anchor the file-set Merkle root
Attestation computes the proof root and records the result through the gateway's Switchboard flow.
att = client.attest(receipt_id=receipt_id, sync=True)print("status: ", att.status)print("push_ok: ", att.push_ok)print("merkle_root: ", att.merkle_root)print("tx_signature:", att.tx_signature)print("slot: ", att.switchboard_slot) # HTTP equivalent:# POST /v1/storage/attest is a signed-envelope endpoint (op locker:attest);# see /docs/http/helpers for a portable signer (signed_call) that wraps it.# GET https://api.nukez.xyz/v1/attest-code?receipt_id=$RECEIPT_ID## Note: the gateway auto-attests after every file confirm (Cloud Tasks),# so on freshly-confirmed lockers the attestation is already populated by# the time you fetch /v1/storage/verification-bundle. Explicit attest calls# are only needed to force an anchor immediately (sync result).
Code notes
Attestation builds the file-set Merkle root and anchors the result. The SDK can block until completion with sync=True. The raw gateway endpoint may return while the on-chain push is still settling; callers should poll verification or attest-code status.
A computed local Merkle root can exist before the Switchboard anchor is complete. Retry or poll rather than treating that transient state as proof failure.
Inclusion proof
Recompute a file's Merkle path
Use this when a verifier needs to prove that a specific file is included in the attested root.
import hashlib proof = client.get_merkle_proof(receipt_id=receipt_id, filename="Anza.pdf") entry = proof["file_entry"]content_hash = entry["content_hash"].removeprefix("sha256:")leaf_material = f'{proof["filename"]}:{entry["size_bytes"]}:{content_hash}'current = hashlib.sha256(leaf_material.encode("utf-8")).hexdigest() for step in proof["proof"]: sibling = step["hash"].removeprefix("sha256:") if step["position"] == "right": current = hashlib.sha256((current + sibling).encode("utf-8")).hexdigest() else: current = hashlib.sha256((sibling + current).encode("utf-8")).hexdigest() assert "sha256:" + current == proof["merkle_root"]
Code notes
Merkle proof verification is the core independent check: recompute the leaf from filename, size, and content hash, walk the proof path in order, and compare the final hash to the attested Merkle root.
Raw HTTP endpoint: GET /v1/storage/merkle-proof?receipt_id={id}&filename={filename}.
Receipt object
Compare stored and computed receipt hashes
Use receipt hash verification to check the receipt object itself.
check = client.verify_receipt_hash(receipt_id) print("stored: ", check.stored_hash)print("computed:", check.computed_hash)print("matches: ", check.matches) # HTTP equivalent:# GET https://api.nukez.xyz/v1/receipts/{receipt_id}# GET https://api.nukez.xyz/v1/receipts/{receipt_id}/verify
Code notes
Receipt-hash verification is separate from storage verification. It checks whether the stored receipt hash matches the receipt object as recomputed by the gateway/client.
Receipt hash verification proves the receipt object. It does not replace per-file content hash or Merkle inclusion checks.
Proof bundle
Export a full verification package
Use the bundle endpoint when another system needs enough data to verify independently.
curl -sS \ "https://api.nukez.xyz/v1/storage/verification-bundle?receipt_id=$RECEIPT_ID" \ | jq . # Useful fields:# receipt_id# content_proof.merkle_root# merkle_algorithm.leaf_formula# verify_yourself.steps# verify_page_url
Code notes
The verification bundle is the high-level package for independent verification. It includes the receipt, content proof, Merkle algorithm details, and a verify-yourself checklist so another system can recompute the result without trusting the UI.
Use the bundle when exporting proof data to another verifier, model, agent, or audit workflow.
For the narrative walkthrough, open the verification guide.