import {
fetchAndVerifyVerifier,
buildEvidence,
signEvidence
} from '@spellguard/ctls';
// Client-side: Verify the Verifier
const verifier = await fetchAndVerifyVerifier(
'https://verifier.example.com',
'sha384:expected-image-hash...'
);
if (!verifier.verified) {
throw new Error(`Verification failed: ${verifier.error}`);
}
// Build and sign evidence
const evidence = buildEvidence({
agentId: 'my-agent',
codeHash: 'sha256:...',
endpoint: 'https://my-agent.com/_spellguard/receive',
agentCardUrl: 'https://my-agent.com/.well-known/agent.json',
});
const signed = await signEvidence(evidence, privateKey);