Security & verification

Raven's trust model is "don't trust us — check". Everything needed to verify a verdict independently is public.

ed25519 signatures, domain-separated

Every successful verification is signed with an ed25519 key whose only job is attestation. The signature covers "raven-official-attestation" || officialAttestationHash — domain separation means a Raven signature can never be confused with any other protocol's.

The published key

GET https://raven-hosted-verifier.onrender.com/pubkey
{"keys":[{"keyId":"rvk_c2997e90215279c2",
  "publicKeyBase64":"MCowBQYDK2VwAyEASGJt4Ilx2Z6g0BVC1VQIfaUcV0nr8WB1J45/8vfje6w=",
  "alg":"ed25519"}],
 "domain":"raven-official-attestation","version":"v2"}

The key id is also published in the repo README and this site's footer — cross-check sources if you're being careful.

Replay hash: what exactly was signed

The signed hash commits to the full claim: the request (mint, token program, metadata, pool, commitment), engine version, observed slot, the verdict surface (verdict, engineOutcome, reason, finding codes, findings) and the coverage gaps. Recompute it from the response fields via canonical JSON (recipe + exact preimage example in the public test vector), compare to replayHash, then verify the signature. Four steps, no trust required.

Fail-closed behavior

A verifier that cannot sign refuses to serve (503 signer_unavailable) — never an unsigned "trust me".
Unfetchable accounts, undecodable layouts, unknown Token-2022 extensions: explicit findings or unknowable, never a silent pass.
Informational evidence (e.g. well-distributed holders) can never upgrade a verdict toward pass while other surfaces remain unevaluated.
Holder exclusions happen ONLY with decoded venue evidence (pump.fun curve, PumpSwap pool registration) — no address lists, no heuristics.

Coverage gaps

Every response carries coverageGaps — what was NOT checked. New engine versions are tracked explicitly: when coverage expands, history is segmented as coverage expansion, never silently rewritten as a verdict change.

Quality Ledger

Every hosted verification — success or failure — appends one sanitized entry to an append-only ledger (timestamp, mint, verdict, latency, error code; never keys, never signatures' private material). It's our own audit trail: verdict-to-outcome tracking across 2,000+ baselined launches and hourly revisits backs the published zero-flip record.

Cryptographic posture

Raven receipts are currently signed with ed25519 key rvk_c2997e90215279c2; the public key is served at /pubkey. Key IDs are explicit so agents can detect rotation. Receipts include engine version, replayHash, and officialAttestationHash, so past outputs remain auditable. If Raven rotates keys, old receipts remain verifiable under their original keyId. Raven does not claim quantum resistance today; future signing schemes arrive through a new keyId and verification domain (/key-policy.json).

Cryptographic agility (checklist for verifying agents)

keyId required on every receipt — match it against /pubkey, don't assume.
Signature algorithm documented per key (today: ed25519); check signatureAlg.
replayHash recomputed and checked; officialAttestationHash checked.
Public key fetched from /pubkey, never hardcoded blindly.
Old receipts remain tied to their signing key; rotation never silently rewrites them.
Operationally: no private keys in logs, no API keys in browser code, no secret-bearing fields in static files (enforced by the test suite and change-review gate).

Unit-test your verifier against a real receipt: /receipt-test-vector.json. Full policy, key states, and rotation rules: /key-policy.json and RAVEN_CRYPTO_AGILITY.md. No post-quantum guarantee is claimed; algorithm agility is a design principle.

What Raven is not

Raven verifies launch state from on-chain evidence. It does not predict price, does not guarantee safety, and is not financial advice. A pass means "no risk findings on the surfaces we checked, gaps listed" — your agent's policy decides what to do with that.