AIKernel.NET
version: 0.0.2 / status: Refactor / edition: Draft / published: 2026-05-16 / updated: 2026-05-16

Japanese version: IPromptVerifier (インターフェース仕様)

IPromptVerifier (Interface Specification)

1. Responsibility Boundary

IPromptVerifier is the boundary interface that validates integrity of signed prompt artifacts at runtime.

  • Role:
  • Evaluate a SignedPromptArtifactDto and return tamper/missing/mismatch outcomes through PromptVerificationResult.

  • Non-role:
  • Signature generation is owned by IPromptSignatureProvider; IPromptVerifier focuses only on verification.

2. Contract Signature

namespace AIKernel.Abstractions.Prompt;\n\n/// <summary>\n/// Defines the IPromptVerifier contract based on UC-11/UC-12/UC-13.\n/// </summary>\npublic interface IPromptVerifier\n{\n    Task<PromptVerificationResult> VerifyAsync(\n        SignedPromptArtifactDto artifact,\n        CancellationToken ct = default);\n}
  • UC-13 Runtime signature verification:
  • Core component for signature and hash validation during prompt load.

  • UC-20 Deterministic replay and audit trail:
  • Contributes to verifying replay artifacts against historical execution conditions.

4. Governance & Determinism

  • Enforce Fail-Closed:
  • Execution must not continue when PromptVerificationResult.Decision does not satisfy permit criteria.

  • Canonicalization precondition:
  • Signature/hash validation assumes the same canonicalization rules (IRomCanonicalizer) used at signing time.

5. Implementation Notes

  • Trust-store integration:
  • Integrating with ISignatureTrustStore is recommended to reject revoked or untrusted keys.

  • Semantic hash validation:
  • Prefer semantic-equivalence checks aligned with ISemanticHasher over superficial string equality.


Changelog

  • v0.0.0 / v0.0.0.0: Initial draft
  • v0.0.1 (2026-05-06): Version upgrade aligned with documentation guidelines
Source: architecture/interfaces/prompt/IPromptVerifier.md