Japanese version: IPromptVerifier (インターフェース仕様)
IPromptVerifier (Interface Specification)
1. Responsibility Boundary
IPromptVerifier is the boundary interface that validates integrity of signed prompt artifacts at runtime.
- Role:
- Non-role:
Evaluate a SignedPromptArtifactDto and return tamper/missing/mismatch outcomes through PromptVerificationResult.
Signature generation is owned by IPromptSignatureProvider; IPromptVerifier focuses only on verification.
2. Contract Signature
namespace AIKernel.Abstractions.Prompt;\n\n/// <summary>\n/// Defines the IPromptVerifier contract based on UC-11/UC-12/UC-13.\n/// </summary>\npublic interface IPromptVerifier\n{\n Task<PromptVerificationResult> VerifyAsync(\n SignedPromptArtifactDto artifact,\n CancellationToken ct = default);\n}
3. Related Use Cases
UC-13Runtime signature verification:UC-20Deterministic replay and audit trail:
Core component for signature and hash validation during prompt load.
Contributes to verifying replay artifacts against historical execution conditions.
4. Governance & Determinism
- Enforce Fail-Closed:
- Canonicalization precondition:
Execution must not continue when PromptVerificationResult.Decision does not satisfy permit criteria.
Signature/hash validation assumes the same canonicalization rules (IRomCanonicalizer) used at signing time.
5. Implementation Notes
- Trust-store integration:
- Semantic hash validation:
Integrating with ISignatureTrustStore is recommended to reject revoked or untrusted keys.
Prefer semantic-equivalence checks aligned with ISemanticHasher over superficial string equality.
Changelog
- v0.0.0 / v0.0.0.0: Initial draft
- v0.0.1 (2026-05-06): Version upgrade aligned with documentation guidelines
architecture/interfaces/prompt/IPromptVerifier.md