Artifact Metadata and Checksums¶

Safety boundary: This workbook performs static analysis of sanitized excerpts, fake fixtures, and derived public metadata. It does not execute attacker code, inspect the analyst's environment, or contact any network.

Inbound Archive Verification¶

To prevent execution, we perform static validation using checksums and metadata.

In [ ]:
import json
from pathlib import Path

# Load static metadata fixture
metadata = json.loads(Path("../fixtures/artifact-metadata.public.json").read_text())

print(f"Inspected Archive: {metadata['artifact']}")
print(f"Archive SHA-256:   {metadata['sha256']}")
print(f"Archive size:       {metadata['byte_size']} bytes")
In [ ]:
print("Archive Contents:")
for file in metadata["files"]:
    print(f" - File name: {file['name']}")
    print(f"   SHA-256:   {file['sha256']}")
    print(f"   MD5:       {file['md5']}")
    print(f"   Type:      {file['file_type']}")
    print(f"   Runtime:   {file['compiler_runtime']}")