usertrust
Verify

usertrust-verify

Zero-dependency standalone vault verifier with Merkle proof support.

Purpose

usertrust-verify is an intentionally standalone package with zero dependencies (Node built-ins only). It duplicates canonicalization, chain verification, and Merkle proof functions from usertrust by design — so it can verify vaults independently of the main SDK.

Installation

npm install usertrust-verify

CLI Usage

npx usertrust-verify .usertrust

Verifies the entire vault: hash chain integrity, event sequence, and Merkle root.

Programmatic API

verifyVault

import { verifyVault } from "usertrust-verify";

const result = verifyVault(".usertrust");
interface VaultVerificationResult {
  valid: boolean;
  errors: string[];
  chainLength: number;
  validHashes: number;
  merkleRoot: string | null;
  firstEvent: string | null;
  lastEvent: string | null;
}

verifyTransaction

import { verifyTransaction } from "usertrust-verify";

const result = verifyTransaction(".usertrust", "tx_m4k7z_a1b2c3");
interface TransactionVerificationResult {
  found: boolean;
  valid: boolean;
  receipt: string;
  errors: string[];
}

Re-exported Functions

All Merkle proof functions are also available:

import {
  verifyChain,
  buildMerkleTree,
  hashLeaf,
  hashInternal,
  generateInclusionProof,
  verifyInclusionProof,
  generateConsistencyProof,
  verifyConsistencyProof,
  canonicalize,
  GENESIS_HASH,
} from "usertrust-verify";

Why Zero Dependencies?

The verifier must be trustworthy independently of the SDK it verifies. Adding dependencies would create a supply-chain attack surface and defeat the purpose of independent verification.

This package intentionally duplicates code from usertrust. Do not refactor into shared imports — the duplication is a security feature.

PII Detection

Automatic detection of email, phone, SSN, credit card, and IP address patterns.

On this page

PurposeInstallationCLI UsageProgrammatic APIverifyVaultverifyTransactionRe-exported FunctionsWhy Zero Dependencies?