feat: Community release v1.0 — BSL-1.1 + Ed25519 signatures — © Salka Elmadani 2025-2026

verify_authorship.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+"""Verify SALKA ELMADANI authorship signatures.
+Usage: python3 verify_authorship.py [file_or_directory]
+Every source file carries an Ed25519 signature bound to SHA-256 of content.
+Modify 1 character = signature invalid = tampering detected.
+"""
+import sys, hashlib, base64, os
+from pathlib import Path
+from cryptography.hazmat.primitives import serialization
+from cryptography.exceptions import InvalidSignature
+
+PUBLIC_KEY_PEM = """
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEARCtdhRqqYcu7c8qwyoRKRn5Qbx9puylZHZOM+IsDp0U=
+-----END PUBLIC KEY-----
+""".strip()
+
+
+def strip_sig(text):
+    lines, out, in_b = text.split("\n"), [], False
+    for ln in lines:
+        if MARK_S in ln: in_b = True; continue
+        if MARK_E in ln and in_b: in_b = False; continue
+        if not in_b: out.append(ln)
+    return "\n".join(out).rstrip("\n") + "\n"
+
+def extract_sig_data(text):
+    sha, sig = None, None
+    for ln in text.split("\n"):
+        if "SHA256:" in ln: sha = ln.split("SHA256:")[-1].strip().lstrip("#/ ")
+        if "SIG-ED25519:" in ln: sig = ln.split("SIG-ED25519:")[-1].strip().lstrip("#/ ")
+    return sha, sig
+
+def verify_file(fp, pub):
+    try: content = Path(fp).read_text(encoding="utf-8", errors="replace")
+    except: return None, "Cannot read"
+    clean = strip_sig(content)
+    claimed_h, sig_b64 = extract_sig_data(content)
+    if not claimed_h or not sig_b64: return False, "No signature"
+    actual_h = hashlib.sha256(clean.encode("utf-8")).hexdigest()
+    if actual_h != claimed_h: return False, f"HASH MISMATCH — modified"
+    try:
+        pub.verify(base64.b64decode(sig_b64), hashlib.sha256(clean.encode()).digest())
+        return True, "VALID © Salka Elmadani"
+    except InvalidSignature: return False, "INVALID SIGNATURE — forgery"
+    except Exception as e: return False, str(e)
+
+def main():
+    pub = serialization.load_pem_public_key(PUBLIC_KEY_PEM.encode())
+    target = sys.argv[1] if len(sys.argv) > 1 else "."
+    files = [Path(target)] if Path(target).is_file() else [
+        p for p in Path(target).rglob("*")
+        if p.is_file() and p.suffix in [".py",".cpp",".h",".js",".ts",".sh",".rs",".go",".md"]
+        and ".git" not in str(p)
+    ]
+    ok, fail, skip = 0, 0, 0
+    for f in sorted(files):
+        r, msg = verify_file(f, pub)
+        if r is None: skip += 1
+        elif r: ok += 1; print(f"  ✓ {f.name}: {msg}")
+        else: fail += 1; print(f"  ✗ {f.name}: {msg}")
+    print(f"\nResults: {ok} valid | {fail} TAMPERED | {skip} skipped")
+    if fail: print("WARNING: Authorship chain broken."); sys.exit(1)
+
+if __name__ == "__main__": main()
+# ╔══ SALKA ELMADANI AUTHORSHIP CERTIFICATE ══╗
+# © Salka Elmadani 2025-2026 — ALL RIGHTS RESERVED
+# Licensed under Business Source License 1.1 — https://inference-x.com
+# ─────────────────────────────────────────────────────────
+# SHA256: f4e32c8fe1f2cb7f5dc498c7506b054256f6871d7283beb74b1d5859eb775121
+# SIG-ED25519: g4rHIrZteuUk4HU/21i69rTk7H8EiL1XjX4A+dZD0xswTqR5XJb1CfnBQfyAxjb1Sf9VW3JptZVDkvOq+magCA==
+# VERIFY: python3 verify_authorship.py verify_authorship.py