PatentChecker
Buyers — Start Here (10 minutes)
Pull the signed runner image, run the golden demo, and verify the supply chain trust using only public OIDC identity and release assets.
Not legal advice. Not infringement. Not FTO.
What you get in 10 minutes
- A deterministic counsel packet you can validate offline (hashes + schemas + evidence refs), no license required.
- A verifiable risk timeline bundle (example synthetic platform), with stable IDs, strict fail-closed semantics, and an offline verifier script.
- Optional golden demo run that emits report.md, alerts_summary.json, and underlying structured outputs.
- Supply chain verification assets for v0.1.28: runner_receipt.v0.1.json, release_manifest.v0.1.json, release_manifest.v0.1.cosign.bundle.json, release_assets.sha256, release_assets.sha256.cosign.bundle.json, cosign.bundle.json, sbom.spdx.json, provenance.slsa.json.
- Demo assets for v0.1.28: demo_offline_packet.zip, demo_offline_packet.zip.sha256, demo_crispr_ip_drift_inputs.tgz.
Quickstart (verify-only demo packet)
Commands
# Verify-only demo (no license required).
# Requires: docker, gh, sha256sum, unzip.
TAG=v0.1.28
MIRROR_REPO=omniscoder/patentchecker-releases
rm -rf demo_offline_packet demo_offline_packet.zip demo_offline_packet.zip.sha256
gh release download "$TAG" -R "$MIRROR_REPO" \
-p demo_offline_packet.zip \
-p demo_offline_packet.zip.sha256
sha256sum -c demo_offline_packet.zip.sha256
mkdir -p demo_offline_packet
unzip -q demo_offline_packet.zip -d demo_offline_packet
docker pull ghcr.io/omniscoder/patentchecker:"$TAG"
docker run --rm \
-v "$PWD:/work" -w /work \
ghcr.io/omniscoder/patentchecker:"$TAG" \
patentchecker packet lint \
--packet-dir demo_offline_packet \
--validate-modules \
--validate-views \
--validate-zipTip: packet lint validates the deliverable by itself (no hidden dependencies).
Quickstart (verify-only risk bundle)
Commands
# Verify-only risk timeline bundle (no license required).
# Requires: docker, gh, sha256sum, unzip.
TAG=v0.1.28
MIRROR_REPO=omniscoder/patentchecker-releases
rm -rf risk_bundle_dir example_platform_risk_bundle.v1.zip example_platform_risk_bundle.v1.zip.sha256
gh release download "$TAG" -R "$MIRROR_REPO" \
-p example_platform_risk_bundle.v1.zip \
-p example_platform_risk_bundle.v1.zip.sha256
sha256sum -c example_platform_risk_bundle.v1.zip.sha256
mkdir -p risk_bundle_dir
unzip -q example_platform_risk_bundle.v1.zip -d risk_bundle_dir
cd risk_bundle_dir
docker pull ghcr.io/omniscoder/patentchecker:"$TAG"
docker run --rm \
-v "$PWD:/bundle" -w /bundle \
ghcr.io/omniscoder/patentchecker:"$TAG" \
patentchecker risk verify \
--ontology example_platform_risk_ontology.v0.1.json \
--timeline example_platform_risk_timeline.v0.1.json \
--runs "$(ls -d run/run_* 2>/dev/null | LC_ALL=C sort | paste -sd, -)" \
--strict --format jsonTip: VERIFY_BUNDLE.sh recomputes and fails closed on drift.
Quickstart (golden demo)
Commands
# Requires a Docker-enabled host (WSL without Docker Desktop integration will fail). # Requires: docker, gh, tar. # If GHCR requires auth (private package): # echo "$GH_TOKEN" | docker login ghcr.io -u <user> --password-stdin rm -rf ./patentchecker_demo && mkdir -p ./patentchecker_demo TAG=v0.1.28 MIRROR_REPO=omniscoder/patentchecker-releases rm -rf ./demo ./contract rm -f demo_crispr_ip_drift_inputs.tgz gh release download "$TAG" -R "$MIRROR_REPO" -p demo_crispr_ip_drift_inputs.tgz tar xzf demo_crispr_ip_drift_inputs.tgz docker pull ghcr.io/omniscoder/patentchecker:"$TAG" docker run --rm --entrypoint node \ -v "$PWD/demo:/app/demo:ro" \ -v "$PWD/contract:/app/contract:ro" \ -v "$PWD/patentchecker_demo:/out" \ ghcr.io/omniscoder/patentchecker:"$TAG" \ dist/src/cli/demo_crispr_ip_drift.js --bundle-dir /out sed -n '1,120p' ./patentchecker_demo/report.md
Tip: the demo bundle is deterministic; re-running produces byte-identical outputs.
Verify trust (supply chain)
Commands
# Prereqs: gh, jq, cosign.
# This uses only public OIDC identity + release assets (no private keys required).
TAG=v0.1.28
# Download the release assets (receipt + signed file checksums)
rm -f runner_receipt.v0.1.json cosign.bundle.json sbom.spdx.json provenance.slsa.json
rm -f release_manifest.v0.1.json release_manifest.v0.1.cosign.bundle.json
rm -f release_assets.sha256 release_assets.sha256.cosign.bundle.json
gh release download "$TAG" \
-R omniscoder/patentchecker-releases \
-p runner_receipt.v0.1.json \
-p cosign.bundle.json \
-p release_manifest.v0.1.json \
-p release_manifest.v0.1.cosign.bundle.json \
-p release_assets.sha256 \
-p release_assets.sha256.cosign.bundle.json \
-p sbom.spdx.json \
-p provenance.slsa.json
# Receipt is the source of truth for digest + signing identity
export DIGEST="$(jq -r '.runner.image.digest' runner_receipt.v0.1.json)" # sha256:<64>
export IDENTITY="$(jq -r '.signing.identity' runner_receipt.v0.1.json)"
export ISSUER="$(jq -r '.signing.issuer' runner_receipt.v0.1.json)"
# Verify the signed manifest + checksums (tag-independent)
cosign verify-blob \
--bundle release_manifest.v0.1.cosign.bundle.json \
--certificate-identity "$IDENTITY" \
--certificate-oidc-issuer "$ISSUER" \
release_manifest.v0.1.json
cosign verify-blob \
--bundle release_assets.sha256.cosign.bundle.json \
--certificate-identity "$IDENTITY" \
--certificate-oidc-issuer "$ISSUER" \
release_assets.sha256
sha256sum -c release_assets.sha256
# Verify the signed image (keyless)
cosign verify \
--certificate-identity "$IDENTITY" \
--certificate-oidc-issuer "$ISSUER" \
ghcr.io/omniscoder/patentchecker@"$DIGEST"
# Verify SBOM + provenance attestations (keyless)
cosign verify-attestation \
--certificate-identity "$IDENTITY" \
--certificate-oidc-issuer "$ISSUER" \
--type spdxjson ghcr.io/omniscoder/patentchecker@"$DIGEST"
cosign verify-attestation \
--certificate-identity "$IDENTITY" \
--certificate-oidc-issuer "$ISSUER" \
--type slsaprovenance ghcr.io/omniscoder/patentchecker@"$DIGEST"
# Offline verify using only release assets + OIDC identity (no registry access)
cosign verify-blob-attestation \
--bundle cosign.bundle.json \
--certificate-identity "$IDENTITY" \
--certificate-oidc-issuer "$ISSUER" \
--digest "${DIGEST#sha256:}" \
--digestAlg sha256The receipt is the source of truth: use the digest and identity from runner_receipt.v0.1.jsonfor the release you are verifying.
How to buy (paid snapshot pilot)
A one-time snapshot drift run is the fastest paid evaluation path. Deliverable is a signed, offline-verifiable evidence bundle and a posture report with guardrails.
Step 1
Send watchlist
You provide sequences, scope, and any regions of interest.
Step 2
Receive evaluation receipt
We provision time-bounded access for the pilot.
Step 3
Receive signed evidence bundle
You get a deterministic bundle you can verify offline and forward to counsel.
Price: $7,500 starting · Turnaround: 5 business days.