Hyphae documentation

Carry evidence with the result.

Understand what a portable Hyphae result proof establishes, what material offline verification requires, and which trust decisions remain with the caller.

A proof is attached to one result

Hyphae produces portable proof material for successful get and query operations. The proof binds the request, result, snapshot, and expected anchor.

  • Server reads are always proof-bearing.
  • Embedded and CLI surfaces can request explicit proof files.
  • A proof does not convert an untrusted anchor into a trusted one.

Verification needs a complete witness

Offline verification reexecutes the result against a complete logical snapshot witness. A caller pins the anchor rather than accepting whichever head the proof presents.

  • Snapshot bytes are canonical.
  • Checksums detect accidental corruption.
  • Anchor policy remains the caller's trust decision.

Verify outside the serving process

Move the proof and witness across the trust boundary, then run the verifier without the original server or data directory.

consolecopy-safe example
hyphae verify \
+  --proof result.hyproof \
+  --snapshot ./witness.snapshot \
+  --anchor sha256:<expected-anchor>

Failure is specific

Verification distinguishes malformed proof material, an unsupported version, a snapshot mismatch, an anchor mismatch, and a reexecution mismatch.

  • Unsupported formats do not downgrade silently.
  • The verifier does not fetch missing trust material from a network.
  • A failed proof never returns a verified result.

Know what the proof establishes

A valid result proof establishes that the result reexecutes against the supplied witness and pinned anchor under the versioned semantics. It does not establish who should trust that anchor or whether the host protected its backup media.

  • Proof is not identity.
  • Checksum is not signature.
  • Applications own anchor distribution and retention policy.
Next guideAPI v1