← Back to Holistic Quality

How to verify a Holistic Quality signed manifest

Version 0.1 (pre-board-ratification) · Last updated: 2026-05-27

v0.1 — pre-board-ratification. Substantive commitments below will not weaken between v0.1 and v1.0 of this page; ratification by the advisory board is procedural. Bill of Rights Article IX — Falsifiability commits Holistic Quality to making every regulator-tier claim independently testable. Manifest verification is the operational form of that commitment — a regulator can run a command on their own machine and confirm that a NOMOS interpretation's cited manifest hash matches a real, dual-signed manifest, without trusting Holistic Quality's infrastructure. The canonical source is the markdown file at FTP/_shared/regulator-facing/verify-manifest-howto.md in the public repository; this page is rendered from it.

What it does

Every NOMOS corpus version ships with a manifest (manifest.json) describing what is in the corpus, plus a signature bundle (signatures/v{N}.sig.json) containing GPG-detached signatures over the canonical hash of the manifest. Verification has two layers:

  1. Canonical-hash check. Recompute SHA-256 over the manifest's canonical-JSON form (signatures stripped) and confirm it matches the hash inside the signature bundle. Catches post-hoc tampering with the manifest payload.
  2. GPG signature check. Every signature in the bundle is detached-verified against the canonical-hash bytes. Catches forged or broken signatures.

Plus a two-person rule: at least 2 distinct GPG fingerprints with valid signatures are required for PASS. If all three pass, the manifest is authentic — not tampered with, signed by two distinct authorized humans, and matches the version Holistic Quality says it is.

Why it matters

This converts "we sign our manifests" from a marketing claim into a falsifiable property. A regulator who cites a NOMOS interpretation in an official proceeding can independently confirm that the manifest behind that interpretation is the one Holistic Quality published. If Holistic Quality ever issues an interpretation under a manifest that does not verify, the regulator has cryptographic proof and — per Bill of Rights Article IX — can publish the violation without legal exposure.

Installation

Requires: Python 3.9 or newer, plus the gpg system binary (preinstalled on most Linux distributions and macOS).

Install from PyPI — the verifier is a standalone, zero-dependency package (the only runtime requirement is the gpg binary): 

# (optional but recommended) a fresh virtual environment
python3 -m venv /tmp/hq-verify && source /tmp/hq-verify/bin/activate

# Install the verifier — exposes the `verify-manifest` command
pip install holisticquality-verify-manifest

# Confirm the install worked
verify-manifest --help

The package is holisticquality-verify-manifest v0.1.0 (Apache-2.0). It contains only the verification path — no Holistic Quality infrastructure, no network access — so the whole thing is auditable in minutes.

Prefer to install from source (e.g. to audit before running)? The package source lives at OLYMPUS/nomos/packages/verify-manifest/ in the public repository:

git clone https://github.com/holisticquality/MK.git
pip install ./MK/OLYMPUS/nomos/packages/verify-manifest

Usage

verify-manifest \
    --manifest OLYMPUS/nomos/corpus/tier-1-schema-literacy/v1/manifest.json \
    --bundle   OLYMPUS/nomos/corpus/tier-1-schema-literacy/v1/signatures/v1.sig.json

Worked example: Sprint 1.7 (single-operator-test-production-v1)

Sprint 1.7 shipped 52,707 examples under a dual-signed manifest with canonical hash:

ddbbb524dac094575fbd1d8b03fa1a98b848470d8f377f540c2c607d0e0dc108

Running verify-manifest against it produces:

PASS: manifest is valid, signatures verified, two-person rule satisfied.
  manifest:               OLYMPUS/nomos/corpus/tier-1-schema-literacy/v1/manifest.json
  signature bundle:       OLYMPUS/nomos/corpus/tier-1-schema-literacy/v1/signatures/v1.sig.json
  canonical payload hash: matches
  signatures verified:    2 (2 distinct GPG fingerprint(s))

With --verbose:

PASS: manifest is valid, signatures verified, two-person rule satisfied.
  manifest:               OLYMPUS/nomos/corpus/tier-1-schema-literacy/v1/manifest.json
  signature bundle:       OLYMPUS/nomos/corpus/tier-1-schema-literacy/v1/signatures/v1.sig.json
  canonical payload hash: matches
  signatures verified:    2 (2 distinct GPG fingerprint(s))

per-signature detail:
  [0] ✓ OK  signer=Levi P Robey         fingerprint=57814183076394CC0C4CC12F209BBCB8B1409A8F  intent=authorship
  [1] ✓ OK  signer=NOMOS Test Reviewer  fingerprint=7FC415E0DA42E586EDA3739B449C2C7026EFBA34  intent=review_approval

Exit code 0 = PASS.

Output interpretation

The first line of output is always PASS or FAIL. The exit code tells you what kind of failure (so you can branch in a shell script without parsing stdout):

Exit codeMeaning
0PASS — manifest verified, all signatures valid, two-person rule satisfied
1FAIL — general (hash mismatch, multi-cause failure, or two-person rule violation)
2FAIL — manifest or signature-bundle file not found
3FAIL — signature verification failed and was the sole cause (hash matched but at least one signature did not verify)

A FAIL response includes diagnostic lines under errors: explaining exactly what went wrong (e.g. canonical_payload_hash mismatch: bundle expected X, manifest recomputed to Y).

Optional flags

Independent public-key verification

Verifying signatures means nothing if you can't independently confirm whose keys you are trusting. Two layers of independence:

  1. Operator-key fingerprints are published. The Holistic Quality operator's GPG fingerprint and the technical reviewer's GPG fingerprint are both published — in the Bill of Rights Article IX context, in the corpus manifest's signers field, and in the advisory board roster when board-rotation lands. You can gpg --recv-keys <fingerprint> from a public keyserver and compare against the published fingerprint.
  2. The verification flow makes key trust explicit. verify-manifest shells out to your local gpg binary; it uses your GPG keyring, your trust settings, your assumptions. If you want to be paranoid, set up an isolated keyring with only the explicitly-imported Holistic Quality keys and pass --gpg-homedir so the verification cannot be spoofed by other keys in your system keyring: 
    mkdir -m 700 /tmp/hq-isolated-gpg
gpg --homedir /tmp/hq-isolated-gpg --recv-keys <operator-fingerprint> <reviewer-fingerprint>
verify-manifest --manifest ... --bundle ... --gpg-homedir /tmp/hq-isolated-gpg

If the two-person fingerprints you receive from keyservers don't match what Holistic Quality publishes on this site, don't trust the manifest and publish the discrepancy per Bill of Rights Article IX.

Source code

All of these are in the public Holistic Quality repository; the underlying logic is the same code that signs Holistic Quality's production manifests. You are running, on your machine, the same verification that Holistic Quality runs internally.

Related pages

Contact

Verification questions, key-fingerprint discrepancies, or any feedback about the CLI — email verify@holisticquality.io. For regulator-tier engagement inquiries, fill out our intake form or email regulator@holisticquality.io. Per Bill of Rights Article IX, you are not required to use this channel before publishing a verification discrepancy — it is provided as a courtesy, not a prerequisite.

#FTP — For The People, Always

Holistic Quality LLC · Ohio, USA