Acceptance test report flagged three cosmetic JSON-schema gaps:
1. 'list -json' had no top-level 'count' — caller had to use .snapshots|length.
Added 'count' alongside 'snapshots'.
2. 'verify -json chain' top-level 'kind' was reported null — actually a
missing field rather than null. Chain results have per-step kind in
.steps[]; chain-level kind would be misleading. Documented intent
in README rather than adding the field.
3. MCP 'mithril_verify_certificate' returned 'cert_hash' but agents
often look for 'hash'. Added 'hash' alias alongside 'cert_hash' in
both genesis and STM result paths so either lookup works.
End-to-end loop test on mainnet+preprod: full PASS (89-cert mainnet
chain + 90-cert preprod chain both verified, MCP all 8 tools work,
exit codes correct, manifest detection clean). v1-tag-able now.
Implemented the remaining STM verification layers:
- internal/stm/lottery.go: EvaluateSigma (Blake2b-512 lottery draw) +
IsLotteryWon with Taylor-series threshold comparison (ported from
mithril-stm::eligibility), big.Rat-based to match Rust's num_bigint/
num_rational path
- internal/stm/merkle.go: Blake2b-256 Merkle batch-proof verification,
faithful port of mithril-stm's verify_leaves_membership_from_batch_path
including the 'current is left/right child' branch logic and the
1-byte zero pad for missing siblings
- internal/stm/verify.go: top-level stm.Verify(msg, ms, avk, params)
glues all four checks: k-threshold, lottery, Merkle, BLS aggregate
- cmd: 'verify head' now runs full STM verification; JSON output shows
signers, wins, params, verified flag
- MCP: new 'mithril_verify_certificate' tool dispatches genesis Ed25519
vs STM by cert kind
Verified against live networks:
mainnet head cert bc00b551… epoch=626 59 signers 1972/16948 wins ✓
mainnet genesis 25acfcfe… epoch=539 Ed25519 ✓
preprod head dd9c4fcb… epoch=284 2 signers 11/100 wins ✓
preprod genesis 69bc3bdf… epoch=196 Ed25519 ✓
This is a consensus-correct pure-Go Mithril client. Single binary,
CGo-free, no upstream Rust dependency.
Next: full chain verification (walk head → genesis, check continuity).
- internal/mcp: minimal JSON-RPC 2.0 over newline-delimited JSON, stdio
transport. Handles initialize / tools/list / tools/call / ping /
notifications. No deps — stdlib only.
- cmd: 'mithril-go mcp' subcommand brings up the server. Tools:
mithril_info
mithril_list_snapshots
mithril_show_snapshot
mithril_get_certificate
mithril_walk_cert_chain
mithril_verify_genesis
- verified end-to-end against mainnet via tools/call: verify_genesis walks
the 89-cert chain and returns verified=true
Any MCP client (Claude Code, Cursor, Zed, etc.) can now point at this
binary and get a discoverable, typed tool surface.
Read the upstream Rust (mithril-stm) end to end for STM-side types,
wrote up what we need to port, library choices, gotchas to watch,
and milestone breakdown (A: decoder, B: BLS single verify, C: Merkle,
D: lottery threshold, E: full aggregate verify, F: chain verify).
Ready for a focused crypto sprint — genesis Ed25519 + M2M plumbing
are done and shipping.
- -json on info, list, show, cert (+ -chain): emit structured JSON ready
for jq / agent consumption
- exit codes are now stable + documented: 0/1/2/3/4/5/130 with distinct
meanings for network vs integrity vs signature failures
- help text enumerates the contract
- readme: machine-usage section explains both
MCP stdio server (for Claude Code / Cursor etc.) planned, not wired yet
- status table: what's working vs what's next
- sprint plan for genesis Ed25519 (wiring) and STM BLS (the real work)
- concrete pointers: upstream mithril-common for signed_message derivation,
blst Go bindings for BLS12-381
- aggregator.CertChain: walks previous_hash from head until genesis_signature
- cmd: 'cert' subcommand, -chain flag for full walk, 'head' shortcut resolves
latest snapshot's certificate_hash
- ProgressFn now signals both bytes-read and total-from-Content-Length so
percent is computed against the actual transfer size, not the uncompressed
target
- verified against preprod: 90-cert chain head→genesis, Ed25519 genesis cert
shape (64-byte sig over 32-byte signed_message, protocol_message carries
next_aggregate_verification_key for BLS), STM-signed non-genesis certs
pipeline is now verification-sprint ready
- module layout: cmd/mithril-go, internal/{aggregator,artifact,verify,networks}
- aggregator REST client, list command working against mainnet
- download/extract/verify stubbed
- no deps yet, pure stdlib
