How to Verify AI Run Identity

This page explains how to verify AI run identity using SCL. Verification confirms that a declaration produces the same SHA-256 identity when processed independently.

Verification operates on the canonical pipeline: input bytes → canonical JSON → SHA-256 identity.

SCL is the deterministic, cryptographic identity protocol for AI run declarations.

For the protocol definition, see SCL definition. For enforcement mechanics, see deterministic identity enforcement.

Verification vs Identity Derivation

Identity derivation and identity verification are separate processes. SCL defines how identity is derived from canonical JSON bytes using SHA-256. This page does not cover derivation. It focuses only on how to verify that a given identity matches a valid declaration.

Verification Scope

Verification confirms that canonical JSON bytes produce a specific SHA-256 identity. It does not interpret meaning, validate intent, or evaluate execution outcomes.

No normalization or interpretation is applied. Verification operates strictly on canonical representation defined by the SCL:V1 specification.

SCL verifies declared identity only. It does not verify runtime behavior.

Verification Process

Step 1: Parse the Declaration

Obtain the exact original declaration bytes and parse them under SCL:V1 rules. The parser validates structure and produces an abstract syntax tree. If parsing fails, the declaration is invalid and has no identity.

Step 2: Generate Canonical JSON

Serialize the parsed result into canonical JSON (single-line UTF-8, no extraneous whitespace, keys sorted by raw byte order).

Step 3: Compute SHA-256 Identity

Compute SHA-256 over the canonical JSON bytes (the sole input to hashing). The resulting digest is the declaration identity.

Step 4: Compare Identity

Compare the computed identity against the expected value. If the identities match, the declaration is verified. If they differ, the declaration bytes are not identical or the expected identity is incorrect.

Deterministic Verification Guarantees

Any system with a compliant SCL implementation can verify identity independently. No shared infrastructure, no central registry, and no coordination with the original system is required.

Verification is deterministic across all compliant implementations. The same input bytes always produce the same canonical JSON bytes and the same SHA-256 identity.

Two auditors in different environments processing the same declaration bytes will always produce the same identity. This is the verification guarantee provided by deterministic identity for AI run declarations.

Verification confirms byte-level equivalence of the declared content. It does not confirm that the declaration was executed, that outputs were correct, or that the system behaved as declared.

Verification Using the Reference Engine

The reference engine performs deterministic verification:

• Validates declaration structure
• Produces canonical JSON
• Computes SHA-256 identity

Compare the resulting identity against the expected value. A match confirms byte-level equivalence.

Verification Failure Conditions

If the computed identity does not match the expected identity:

• The declaration bytes are not identical to the original
• The expected identity may have been recorded incorrectly
• The implementation may be non-compliant

SCL does not diagnose the cause of mismatch. It reports only whether identities are equal or not equal.

Cross-implementation verification is the primary method for testing conformance. See the Golden Documents for fixed reference inputs and expected outputs. The complete rules are defined in the SCL:V1 specification.

Verification requires full compliance with SCL:V1. Partial parsing or non-canonical processing invalidates the result.

See also: SCL validation troubleshooting.