Overview
During the Sprint 3 engineering verification campaign, Test Case 9 (run_tests9_subgroup2.sh) fails with exit code 2 because the CLI command coreason-server authority verify-zk-snark is unrecognized.
A review of the CLI command parser reveals that while the platform specifications mandate hardware-binding verification using zk-SNARK proofs (implemented in crates/engine/src/license.rs), the subcommand verify-zk-snark was never registered under the authority parser module located in crates/server/src/commands/authority.rs.
🛠️ Steps to Reproduce
Attempt to verify a hardware zk-SNARK proof via the CLI:
coreason-server authority verify-zk-snark --hardware-zk-proof "INVALID_ZKP_BYTES_0xDEADBEEF"
Actual Behavior:
The command fails to execute and outputs:
error: unrecognized subcommand 'verify-zk-snark'
💻 Corrected Rust Source Code Fix
STEP 1: Expose the Engine Verifier
In crates/engine/src/license.rs, change the visibility of the internal zk-snark verifier so the CLI can access it:
// Change from private to public
pub fn verify_zk_snark(&self, proof: &str) -> Result<bool, LicenseError> { ... }STEP 2: Register the Subcommand in crates/server/src/commands/authority.rs:
/// Verify a hardware zk-SNARK proof for sovereign hardware binding
VerifyZkSnark {
/// The raw hexadecimal or Base64 proof string to verify
#[arg(long)]
hardware_zk_proof: String,
},STEP 3: Implement Native Engine Routing in execute_authority:
Map the command to the actual LicenseVerifier instead of a hardcoded mock:
Commands::VerifyZkSnark { hardware_zk_proof } => {
// Load the expected system fingerprint (e.g. from environment or host config)
let local_fp = std::env::var("COREASON_CLUSTER_FINGERPRINT").unwrap_or_else(|_| "default-fp".to_string());
let verifier = engine::license::LicenseVerifier::new(Some(local_fp));
match verifier.verify_zk_snark(&hardware_zk_proof) {
Ok(_) => {
println!("✓ zk-SNARK hardware binding successfully verified.");
}
Err(e) => {
eprintln!("✗ Cryptographic Trap Triggered: {}", e);
std::process::exit(1);
}
}
}
Overview
During the Sprint 3 engineering verification campaign, Test Case 9 (
run_tests9_subgroup2.sh) fails with exit code 2 because the CLI commandcoreason-server authority verify-zk-snarkis unrecognized.A review of the CLI command parser reveals that while the platform specifications mandate hardware-binding verification using zk-SNARK proofs (implemented in
crates/engine/src/license.rs), the subcommandverify-zk-snarkwas never registered under theauthorityparser module located incrates/server/src/commands/authority.rs.🛠️ Steps to Reproduce
Attempt to verify a hardware zk-SNARK proof via the CLI:
coreason-server authority verify-zk-snark --hardware-zk-proof "INVALID_ZKP_BYTES_0xDEADBEEF"Actual Behavior:
The command fails to execute and outputs:
💻 Corrected Rust Source Code Fix
STEP 1: Expose the Engine Verifier
In
crates/engine/src/license.rs, change the visibility of the internal zk-snark verifier so the CLI can access it:STEP 2: Register the Subcommand in
crates/server/src/commands/authority.rs:STEP 3: Implement Native Engine Routing in
execute_authority:Map the command to the actual
LicenseVerifierinstead of a hardcoded mock: