Skip to content

VeriBiota v0.2.1: Deterministic Verification with Proven Guarantees

Today we’re releasing VeriBiota v0.2.1 — our first product-grade release of a verification and provenance system for computational biology pipelines.

This release focuses on one thing: trust earned through alignment, not promises.

VeriBiota is designed to be dropped into existing pipelines: - Run locally or in CI - Emit deterministic artifacts - Fail loudly when invariants are violated - Leave a durable audit trail (schemas, hashes, provenance records, and optional cryptographic signing)

What v0.2.1 delivers

  • Deterministic verification of structured biology artifacts (profile checks with stable exit codes + machine-readable verdicts)
  • Reproducible provenance records suitable for CI gating and audit trails
  • Formally proven guarantees (Lean-verified) for selected invariants
  • Zero-friction adoption via prebuilt binaries and containerized execution

Proven in v0.2.1 (Lean theorem-backed)

These profiles have non-placeholder Lean theorem anchors backing the claims: - Global affine alignment correctness (global_affine_v1) - Edit script application correctness (edit_script_v1) - Edit script normalization (edit_script_normal_form_v1): semantic preservation + idempotence - Snapshot provenance binding (snapshot_signature_v1): emitted provenance records are provably bound to: - the input hash (snapshot_hash) - the manifest-registered schema identity and hash (schema_id, schema_hash) - the manifest-registered theorem list (theorem_ids)

Contract-checked today (schema + executable checks; proofs planned)

These profiles are implemented and enforced by schema-aligned decoding + executable checks + fixtures/CI, while proof coverage is still being expanded: - PairHMM bridge (pair_hmm_bridge_v1) - Prime editing plans (prime_edit_plan_v1) - VCF normalization (vcf_normalization_v1)

Additional profiles may exist as schema/manifest entries that are not yet routed in veribiota check.

Important clarification: “snapshot signatures” are not cryptographic signatures

snapshot_signature_v1 is a provenance binding record, not a key-based signature scheme. It guarantees integrity and traceability of verification outputs (canonical JSON + hash binding), not nonrepudiation.

For cryptographic authenticity, use the separate Ed25519/JWS signing flow for checks/certificates (verified via JWKS).

Try it in CI (no Lean install)

Pinned container run (recommended for first-time adopters):

docker pull ghcr.io/omnisgenomics/veribiota:v0.2.1
mkdir -p ci_signatures
docker run --rm -v "$PWD":/work -w /work ghcr.io/omnisgenomics/veribiota:v0.2.1 \
  check alignment global_affine_v1 examples/profiles/global_affine_v1/match.json \
  --snapshot-out ci_signatures/global_affine_v1.sig.json --compact
  • GitHub Release v0.2.1: https://github.com/OmnisGenomics/VeriBiota/releases/tag/v0.2.1
  • Container: ghcr.io/omnisgenomics/veribiota:v0.2.1
  • Documentation and examples: https://omnisgenomics.github.io/VeriBiota/