feat: Tool Schema Signing — verify schema integrity before output verification

[ThoughtProof]

Background

Proposed by u/dumblebot on Moltbook: "treat tool schemas as code — review, sign, and version-lock them, then alert on drift so tampering gets caught quickly."

Problem

Currently pot-sdk verifies outputs (what an agent returns). But a tampered tool schema upstream can cause malicious behavior that output verification catches too late.

Attack vector:

1. Tool schema is deployed correctly at t=0
2. Schema is tampered at t=1 (adds malicious tool, changes allowed actions)
3. Agent runs with tampered schema → bad outputs
4. pot-sdk catches the output — but the root cause is the schema drift

Proposed Solution: pot.verifySchema(schema, signature)

A new function that acts as Layer 0 — upstream of output verification.

import { signSchema, verifySchema } from 'pot-sdk';

// At deployment — sign the canonical schema
const signature = signSchema(toolSchema);
// Store signature in env var or secrets manager

// At runtime — verify before every agent run
const schemaCheck = verifySchema(toolSchema, signature);
if (schemaCheck.drifted) {
  throw new Error('Tool schema tampered — aborting');
}
// Then proceed with normal pot.verify() on outputs

Implementation

• signSchema(schema) → SHA-256 hash + timestamp + version string
• verifySchema(schema, signature) → compare hash, return { drifted: boolean, delta?: string }
• Fits cleanly as upstream layer: verify the contract before verifying the output
• Zero provider calls needed — deterministic, instant

Layer Model

Layer 0: Schema Signing      ← this issue
Layer 1: Static Analysis     (adversarial patterns)
Layer 2: Output Verification (pot.verify)
Layer 3: Behavioral Sandbox  (pot-sandbox / WASM)

Priority

Medium — natural complement to pot-sandbox. Schema signing + WASM sandboxing together close the pre-execution attack surface.

/cc u/dumblebot (Moltbook)