You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When chain verification fails, the verifier returns a structured VerificationResult with error code, message, and suggestion. But for developers and operators who are new to DRS, the error codes and messages are not always immediately clear. There is no tool that explains WHY verification failed in plain language with contextual help.
Proposed Solution
Build a drs verify-explain CLI command and/or SDK function that takes a VerificationResult and produces a detailed, human-readable explanation.
Acceptance Criteria
CLI command: drs verify-explain <bundle.json> — runs verification and outputs a detailed explanation of the result
On success: shows the verified context (root principal, chain depth, leaf policy, consent record if present)
On failure: shows the error code, which block (A-F) failed, what the verifier expected vs what it found, and a concrete fix suggestion
SDK function: explainVerificationResult(result: VerificationResult): string — can be used programmatically
Tests cover: all error codes from the verifier (EMPTY_CHAIN, MALFORMED_RECEIPT, CHAIN_BREAK, INVALID_SIGNATURE, POLICY_ESCALATION, EXPIRED, REVOKED, etc.)
No hardcoded error messages in tests — load error codes from a fixture or enum
Relevant Files
drs-verify/pkg/verify/chain.go — all error codes defined here
Map each error code to a verification block (A-F) and provide block-specific context. The explainer should be useful for both developers debugging integration issues and operators investigating verification failures in production.
Problem
When chain verification fails, the verifier returns a structured VerificationResult with error code, message, and suggestion. But for developers and operators who are new to DRS, the error codes and messages are not always immediately clear. There is no tool that explains WHY verification failed in plain language with contextual help.
Proposed Solution
Build a
drs verify-explainCLI command and/or SDK function that takes a VerificationResult and produces a detailed, human-readable explanation.Acceptance Criteria
drs verify-explain <bundle.json>— runs verification and outputs a detailed explanation of the resultexplainVerificationResult(result: VerificationResult): string— can be used programmaticallyRelevant Files
drs-verify/pkg/verify/chain.go— all error codes defined heredrs-verify/pkg/types/types.go— VerificationResult, VerificationError typesdrs-sdk/src/sdk/types.ts— TypeScript mirror of the same typesdrs-sdk/src/cli/commands/verify.ts— existing verify CLI commandImplementation Notes
Map each error code to a verification block (A-F) and provide block-specific context. The explainer should be useful for both developers debugging integration issues and operators investigating verification failures in production.