Verifier · profile 0.7.0

Verify an assistant-guide.txt file

A verifier checks a guide against the Human-Verifiable Assistant Guide profile and reports what it found. It confirms form. The human still confirms meaning.

Check a guide

Enter the public https URL of an assistant-guide.txt file, or just a site URL. The hosted verifier fetches it, runs the GuideCheck checks, and reports what it found. Given a site root, it checks the standard /.well-known/assistant-guide.txt path. This hosted verifier scores guide files up to Level 4 of 4 when a guide publishes a fetchable manifest and a supported independent anchor. Level 5 is a separate runtime enforcement claim. The optional agent and expected-level fields help identify compatibility gaps across agent families.

https only. Product telemetry keeps the target host, path category, selected agent category, expected level, achieved level, outcome, failure category, and coarse duration. It does not store full submitted URLs, query strings, prompts, model responses, IP addresses, or stable visitor identifiers.

This hosted verifier is a preview implementation, not a root of trust. You may use it or any other verifier built against the verifier conformance profile and its fixture corpus. Verifier authors can also review example outputs.

What a verifier checks

For a guide file, Level 4 is the highest score. Level 5 is not a higher guide-file score; it is a separate claim that a conformant assistant runtime mechanically enforced a Level 4 guide during execution.

  • Reachability of the guide at /.well-known/assistant-guide.txt and the compact verification instruction.
  • The strict ASCII byte profile, the 8 KiB size cap, and absence of disallowed constructs.
  • Public-web fetch evidence, including response headers, a bounded content-variation check, and sanitized fetch-budget findings.
  • Required sections, the assistant safety contract, and explicit approval gates.
  • Level 4 provenance signals: sidecar manifest evidence plus supported independent anchors.

What a verifier reports

A GuideCheck conformance claim is valid only when backed by verifier output, the guide SHA-256, the achieved level, and the findings. For Level 4 guides, verifier output may also report level5_ready. That means the guide has reached the highest guide-file score and is prepared for a Level 5 runtime check. It is not an achieved Level 5 claim.

verifier: human-verifiable-assistant-guide-verifier 0.7.0
guide-url: https://example.com/.well-known/assistant-guide.txt
guide-sha256: a1b2c3d4 ... (review the guide before use)
achieved-level: 4
level5-ready: false
findings:
  - 0 blocking
  - 1 advisory: last-reviewed older than 90 days
note: conformance is not safety

Conformance is not safety

A passing result, at any level, does not mean a guide is safe to follow or that its publisher is trustworthy. It means the file has the form the profile requires. Read the guide in full, apply the security practices a competent operator would already apply, and keep the human in the approval loop.

What this hosted verifier covers

This hosted verifier evaluates guide-file conformance from Level 1 through Level 4. It reports advisory findings for missing or incompatible public-web response headers, guide bytes that vary across harmless request profiles, off-domain recommended verifiers, and package-registry assistant-guide URLs that do not match the guide's canonical URL. For Level 4, it fetches the declared sidecar manifest and currently supports package-registry metadata and transparency-log anchors. Hosted verification uses a five-fetch per-request budget across the guide, content-variation refetch, manifest, and anchors; budget exhaustion is reported with sanitized fetch evidence such as fetch-budget-exhausted. It may report level5_ready when a Level 4 guide satisfies the guide-side runtime preparation checks. It does not yet fetch DNS TXT, repository-file, or signed security.txt anchors, and it does not evaluate runtime conformance (Level 5). Every hosted response carries a hosted_limitations field that states its scope.

Privacy

The guide URL you submit is sent to this site's server so it can fetch the file you named. The verifier keeps product telemetry limited to the target host, whether the path was the standard well-known path or a custom path, the selected agent category, expected level, achieved level, outcome, failure category, and coarse duration. It does not store full submitted URLs, query strings, prompts, model responses, IP addresses, or stable visitor identifiers in product telemetry. The optional agent and expected-level fields are used to find compatibility gaps, such as an agent family often expecting Level 3 but receiving Level 1. The hosting platform keeps standard short-lived request logs — timestamp, client IP, and the /api/verify path — for abuse prevention; those logs do not contain the guide URL.

Build your own verifier

GuideCheck never presents its hosted verifier as the only authoritative one, and never as a root of trust. Anyone may build a conformant verifier; the fixture suite is how independent implementations stay in agreement. See verifier-conformance.md.