Skip to main content

What it does

verify checks whether the payload inside the .fpk file still matches the manifest. Use it before you upload an artifact, hand it to someone else, or use it as a baseline.

Usage

When to use it

  • before treating an artifact as evidence
  • before comparing against another artifact
  • when you suspect corruption or malformed input
  • when you received the artifact from somewhere else

What verify checks

verify reads the artifact, validates the manifest, and checks the payload against it. That includes:
  • archive structure
  • manifest validity
  • expected payload paths
  • file sizes
  • file hashes
  • the aggregate payload_digest

Minimal example

Expected output shape

Successful output:
Failure output: On failure, the CLI exits non-zero and prints mismatch lines such as:

Exit behavior

  • exit 0: artifact is valid
  • exit 1: artifact is invalid or the command was used incorrectly

Common mismatch codes

The current verifier can report:
  • archive_malformed
  • digest_mismatch
  • hash_mismatch
  • manifest_invalid
  • missing_payload_file
  • size_mismatch
  • unexpected_payload_file

Common mistakes

  • skipping verify and assuming inspect is enough
  • treating ok=false as a semantic judgment instead of an integrity failure
  • comparing against an artifact that has never been verified
  • inspect for a quick summary
  • compare after integrity has been confirmed
  • pack to recreate a trusted artifact from the original directory

Core API