uri
chittycanon://docs/tech/policy/chittyproof-charter
namespace
chittycanon://docs/tech
type
policy
version
1.0.0
status
PENDING
registered_with
chittycanon://core/services/canon
title
ChittyProof Charter
certifier
chittycanon://core/services/chittycertify
visibility
PUBLIC
author
ChittyOS Infrastructure
created
2026-03-01 00:00:00 UTC
modified
2026-03-01 00:00:00 UTC
tags
cryptography
canonicalization
integrity
tier-0
category
infrastructure
Canonical URI : chittycanon://core/services/chittyproofTier : 0 (Trust Anchors)Organization : CHITTYOSDomain : proof.chitty.ccArtifact Type : Library + Service (dual-export at proof.chitty.cc)
Provide deterministic, court-grade cryptographic integrity primitives for the ChittyOS ecosystem — canonicalization, hashing, and ECDSA signature verification of FACT v2 bundles.
Deterministic JSON canonicalization (sorted keys, minified, null-stripped)
Half-up rounding of score and pillar numeric fields for reproducible hashes
SHA-256 hashing of canonical payloads (sha256:<hex> format)
ECDSA P-256 signature verification over signed_fields_hash
JWKS key resolution with KV caching (kid-based lookup via ChittyCert)
Defining the authoritative FACT v2 bundle JSON Schema
Providing normalizeBundle / canonicalSignedPayload / verifyBundle / verifyECDSA exports
Serving HTTP verification endpoints at proof.chitty.cc for ecosystem consumers
Signing bundles (signing authority lives in the minting service)
Key generation or rotation (ChittyCert)
JWKS hosting (ChittyCert at cert.chitty.cc/.well-known/jwks.json)
FACT scoring logic (ChittyScore)
Ledger sealing or chain anchoring (ChittyLedger / ChittyChain)
Identity generation (ChittyID)
Type
Service
Purpose
Upstream
ChittyCert
JWKS endpoint for public key resolution
Upstream
ChittyAuth
Shared-secret Bearer token validation
Runtime
Web Crypto API
SHA-256 digest, ECDSA verify, key import
Runtime
Hono
HTTP framework for Cloudflare Workers
Optional
Cloudflare KV
JWKS key caching (PROOF_KEY_CACHE binding)
Downstream
ChittyTrack
Automatic log/trace aggregation (tail_consumers)
Downstream
ChittyBeacon
Health monitoring (probes /health)
ChittyProof is both a library (SDK exports) and a deployed service (HTTP endpoints at proof.chitty.cc).
Exports (lib/chittyproof-v2-canonical.js)
Export
Signature
Purpose
roundN(value, decimals) => numberDeterministic half-up rounding
normalizeBundle(bundle) => objectNormalize score/pillar precision, compute score_100
canonicalize(value) => stringSorted-key minified JSON
canonicalSignedPayload(bundle, opts?) => stringCanonical JSON for signing (excludes signature/artifacts)
sha256Hex(inputUtf8) => Promise<string>SHA-256 as sha256:<hex>
hashSignedPayload(bundle) => Promise<string>Hash of canonical signed payload
verifyBundle(bundle) => Promise<{ok, ...}>Hash-only integrity check
Exports (lib/chittyproof-verify-ecdsa.js)
Export
Signature
Purpose
b64urlToBytes(value) => Uint8ArrayBase64url decode
bytesToB64url(bytes) => stringBase64url encode
hexToBytes(value) => Uint8ArraySHA-256 hex to bytes
importP256Jwk(jwk) => Promise<CryptoKey>Import ECDSA P-256 public key
getPublicKeyByKid(kid, env, opts?) => Promise<CryptoKey>KV-cached JWKS key resolution
verifyECDSA(bundle, env, opts?) => Promise<{ok, reason, ...}>Full ECDSA signature verification
HTTP Endpoints (proof.chitty.cc)
Method
Path
Auth
Purpose
GET
/healthNone
Health probe
GET
/api/v1/statusNone
Service metadata
POST
/api/v1/verifyBearer
Hash integrity + ECDSA verification
POST
/api/v1/canonicalizeBearer
Deterministic JSON canonicalization
POST
/api/v1/hashBearer
SHA-256 of canonical signed payload
POST
/api/v1/validateBearer
FACT v2 bundle schema validation
etc/authority/schema/chittyproof-v2-fact-bundle.schema.json$id: chittycanon://schemas/chittyproof/v2/fact-bundle
Charter Version: 1.0.0 | Last Updated: 2026-03-01