Built against ActionEnvelopeV1 at
ibex-agent-verification@e2a2cb2
When Aleksey Safonov (safal207) published ibex-agent-verification a week ago, we immediately recognized it as a kindred spirit. His project does pre-execution authorization: "Should this agent be allowed to perform this action?" Our project does post-execution verification: "Did the agent's output actually pass quality checks?"
Today, we're releasing correctover-ibex — the bridge between both worlds.
The Integration
Ibex (pre-execution authorization)
↓ ActionEnvelopeV1 freezes action identity
Correctover (post-execution verification)
↓ 87 rules × 6 dimensions verified
GuardrailDecision binds verdict to action
↓ canonical IDs via JCS + SHA-256
Tamper-evident verification chain
Every Correctover verification is now cryptographically bound to an exact action context via ActionEnvelopeV1. The result is a tamper-evident chain: you can verify the verifier.
ActionEnvelopeV1: The Key Innovation
Ibex's ActionEnvelopeV1 is elegant in its simplicity:
{
"@context": "urn:ibex-agent-verification:action-envelope:v1",
"tool_identity": "search_web",
"args_digest": "sha256:aaaa...",
"caller_identity": "agent:researcher",
"resource_scope": "workspace:production",
"policy_version": "policy-v1"
}
This envelope gets hashed (JCS canonical JSON → SHA-256) to produce a canonical action_id — a tamper-evident identifier for exactly what the agent was authorized to do. Any change to the tool, arguments, caller, or scope produces a different ID.
We implement the exact same algorithm — independently, from scratch — and our implementation passes ibex's published conformance vector:
Preimage → sha256:325d87f3a89db334374b25f839c6dfcf528fac357b7c554b01a1486a570522c7
47 tests. All green. Including ibex's official test vector.
What correctover-ibex Adds
1. GuardrailDecision: Every Correctover verification produces an Ibex-compatible decision (ALLOW/BLOCK/ESCALATE) with a canonical decision_id that chains back to the action.
2. Transition Phase: Multi-step agent workflows can now be tracked through ibex's transition contract (CALIBRATE → EXPAND → COMMIT → EXECUTE → VERIFY → REFLECT), with Correctover verifying each step.
3. Full Interoperability: The adapter speaks both protocols natively. No translation layer, no data loss.
from correctover_ibex import CorrectoverIbexVerifier
verifier = CorrectoverIbexVerifier()
result = verifier.verify(request)
print(result.action_id) # sha256:... (tamper-evident)
print(result.ibex_decision) # ALLOW | BLOCK | ESCALATE
print(result.decision_id) # sha256:... (recomputable)
The Standards Convergence
What makes this significant is that two independent projects — built by people who'd never spoken — arrived at the same conclusion: agent verification needs tamper-evident, reproducible, standards-based tooling.
| Ibex | Correctover | |
|---|---|---|
| Focus | Pre-execution authorization | Post-execution verification |
| Schema | ActionEnvelopeV1 (URN-based) | STANDARDS.md (87 rules) |
| Identity | JCS + SHA-256 canonical IDs | Proof hashes (SHA-256) |
| Policy | Transition Phase Contract | 6-dim conformance levels |
| Status | v0.8.1, Apache-2.0 | v1.1.0, Apache-2.0 |
The adapter makes them interoperate without either project changing a single line of code.
Install
pip install correctover-ibex
- PyPI: correctover-ibex
- Standards: STANDARDS.md
- Ibex: safal207/ibex-agent-verification
Correctover — Failover ≠ Correctover™
Top comments (0)