← Back to Holistic Quality

How to verify a Holistic Quality signed manifest

Version 0.1 (pre-board-ratification) · Last updated: 2026-05-27

v0.1 — pre-board-ratification. Substantive commitments below will not weaken between v0.1 and v1.0 of this page; ratification by the advisory board is procedural. Bill of Rights Article IX — Falsifiability commits Holistic Quality to making every regulator-tier claim independently testable. Manifest verification is the operational form of that commitment — a regulator can run a command on their own machine and confirm that a NOMOS interpretation's cited manifest hash matches a real, dual-signed manifest, without trusting Holistic Quality's infrastructure.

What it does

Every NOMOS corpus version ships with a manifest (manifest.json) describing what is in the corpus, plus a signature bundle (signatures/v{N}.sig.json) containing GPG-detached signatures over the canonical hash of the manifest. Verification has two layers:

  1. Canonical-hash check. Recompute SHA-256 over the manifest's canonical-JSON form (signatures stripped) and confirm it matches the hash inside the signature bundle. Catches post-hoc tampering with the manifest payload.
  2. GPG signature check. Every signature in the bundle is detached-verified against the canonical-hash bytes. Catches forged or broken signatures.

Plus a two-person rule: at least 2 distinct GPG fingerprints with valid signatures are required for PASS. If all three pass, the manifest is authentic — not tampered with, signed by two distinct authorized humans, and matches the version Holistic Quality says it is.

Why it matters

This converts "we sign our manifests" from a marketing claim into a falsifiable property. A regulator who cites a NOMOS interpretation in an official proceeding can independently confirm that the manifest behind that interpretation is the one Holistic Quality published. If Holistic Quality ever issues an interpretation under a manifest that does not verify, the regulator has cryptographic proof and — per Bill of Rights Article IX — can publish the violation without legal exposure.

Installation

Requires: Python 3.9 or newer, plus the gpg system binary (preinstalled on most Linux distributions and macOS).

Install from PyPI — the verifier is a standalone, zero-dependency package (the only runtime requirement is the gpg binary):

# (optional but recommended) a fresh virtual environment
python3 -m venv /tmp/hq-verify && source /tmp/hq-verify/bin/activate

# Install the verifier — exposes the `verify-manifest` command
pip install holisticquality-verify-manifest

# Confirm the install worked
verify-manifest --help

The package is holisticquality-verify-manifest v0.1.0 (Apache-2.0). It contains only the verification path — no Holistic Quality infrastructure, no network access — so the whole thing is auditable in minutes.

Usage

Point verify-manifest at a manifest and its signature bundle, after importing the signers' public keys into your GPG keyring:

verify-manifest \
    --manifest path/to/manifest.json \
    --bundle   path/to/signatures.sig.json

Worked example (publicly runnable)

Holistic Quality publishes a small sample manifest — the same golden fixture the package's own test suite verifies — so you can run the full check end-to-end on your own machine, against public files, before trusting it on a real NOMOS manifest. The sample commits to this canonical payload hash:

dfe6f1ef393cf9838fd9559dcd4ea428c8a3cf0bcf987b800d364468c181c2ed
# 1. Download the sample manifest, its signature bundle, and the two signer public keys
curl -sO https://holisticquality.io/receipts/verify-manifest-sample/manifest.json
curl -sO https://holisticquality.io/receipts/verify-manifest-sample/v0.sig.json
curl -sO https://holisticquality.io/receipts/verify-manifest-sample/signer1.pub.asc
curl -sO https://holisticquality.io/receipts/verify-manifest-sample/signer2.pub.asc

# 2. Import the signers' PUBLIC keys (verification never needs a private key)
gpg --import signer1.pub.asc signer2.pub.asc

# 3. Verify
verify-manifest --manifest manifest.json --bundle v0.sig.json

This produces:

PASS: manifest is valid, signatures verified, two-person rule satisfied.
  manifest:               manifest.json
  signature bundle:       v0.sig.json
  canonical payload hash: matches
  signatures verified:    2 (2 distinct GPG fingerprint(s))

With --verbose:

PASS: manifest is valid, signatures verified, two-person rule satisfied.
  manifest:               manifest.json
  signature bundle:       v0.sig.json
  canonical payload hash: matches
  signatures verified:    2 (2 distinct GPG fingerprint(s))

per-signature detail:
  [0] OK  signer=HQVM Golden Fixture Signer 1  fingerprint=16BBEC2A543D29BD72AD34419AD9B1E312DC1141  intent=authorship
  [1] OK  signer=HQVM Golden Fixture Signer 2  fingerprint=C842057F10A39645AF230592C4F4E7D0DB2A4C35  intent=review_approval

Exit code 0 = PASS. The same verifier runs against Holistic Quality's production NOMOS manifests; this sample lets you confirm the tool behaves before you point it at one.

Output interpretation

The first line of output is always PASS or FAIL. The exit code tells you what kind of failure (so you can branch in a shell script without parsing stdout):

Exit codeMeaning
0PASS — manifest verified, all signatures valid, two-person rule satisfied
1FAIL — general (hash mismatch, multi-cause failure, or two-person rule violation)
2FAIL — manifest or signature-bundle file not found
3FAIL — signature verification failed and was the sole cause (hash matched but at least one signature did not verify)

A FAIL response includes diagnostic lines under errors: explaining exactly what went wrong (e.g. canonical_payload_hash mismatch: bundle expected X, manifest recomputed to Y).

Optional flags

Independent public-key verification

Verifying signatures means nothing if you can't independently confirm whose keys you are trusting. Two layers of independence:

  1. Operator-key fingerprints are published. The Holistic Quality operator's GPG fingerprint and the technical reviewer's GPG fingerprint are both published — in the Bill of Rights Article IX context, in the corpus manifest's signers field, and in the advisory board roster when board-rotation lands. You can gpg --recv-keys <fingerprint> from a public keyserver and compare against the published fingerprint.
  2. The verification flow makes key trust explicit. verify-manifest shells out to your local gpg binary; it uses your GPG keyring, your trust settings, your assumptions. If you want to be paranoid, set up an isolated keyring with only the explicitly-imported Holistic Quality keys and pass --gpg-homedir so the verification cannot be spoofed by other keys in your system keyring:
    mkdir -m 700 /tmp/hq-isolated-gpg
    gpg --homedir /tmp/hq-isolated-gpg --recv-keys <operator-fingerprint> <reviewer-fingerprint>
    verify-manifest --manifest ... --bundle ... --gpg-homedir /tmp/hq-isolated-gpg

If the two-person fingerprints you receive from keyservers don't match what Holistic Quality publishes on this site, don't trust the manifest and publish the discrepancy per Bill of Rights Article IX.

Source code

The verifier is published as the open-source holisticquality-verify-manifest package (Apache-2.0). The source distribution — pip download holisticquality-verify-manifest --no-binary :all:, or the “Download files” tab on PyPI — contains the full CLI, the verifier, and its test suite (including the golden fixture used in the worked example above). It is the same code that signs Holistic Quality's production NOMOS manifests: you are running, on your machine, the same verification Holistic Quality runs internally.

Related pages

Contact

Verification questions, key-fingerprint discrepancies, or any feedback about the CLI — email verify@holisticquality.io. For regulator-tier engagement inquiries, fill out our intake form or email regulator@holisticquality.io. Per Bill of Rights Article IX, you are not required to use this channel before publishing a verification discrepancy — it is provided as a courtesy, not a prerequisite.