Verification
When a licensed WriteTrack instance runs analysis, the output is cryptographically signed. The outputSignature and signedPayload fields on SessionAnalysis carry this signature. You can verify it in any environment that supports the Web Crypto API — Node.js 16+, modern browsers, Deno, Cloudflare Workers, etc.
What verification proves
Section titled “What verification proves”A valid signature confirms two things:
- Authentic — the analysis was produced by a genuine WriteTrack WASM module with a valid license key
- Untampered — the analysis output has not been modified since it was generated
import { verifyAnalysisSignatureAsync } from 'writetrack/verify';
// analysis is a SessionAnalysis object from getAnalysis() or analyzeEvents()const isValid = await verifyAnalysisSignatureAsync( analysis, analysis.outputSignature);
if (isValid) { // Analysis is authentic and untampered} else { // Signature missing, invalid, or data was modified}Server-side example
Section titled “Server-side example”A common pattern: the client captures typing and runs analysis, then sends the result to your server for verification.
// Clientconst analysis = await tracker.getAnalysis();await fetch('/api/submit', { method: 'POST', body: JSON.stringify(analysis),});
// Server (Node.js, Deno, Cloudflare Workers, etc.)import { verifyAnalysisSignatureAsync } from 'writetrack/verify';
app.post('/api/submit', async (req, res) => { const analysis = req.body; const verified = await verifyAnalysisSignatureAsync( analysis, analysis.outputSignature );
if (!verified) { return res.status(400).json({ error: 'Invalid analysis signature' }); }
// Process verified analysis...});When signatures are present
Section titled “When signatures are present”Signatures are only generated when:
- The tracker was created with a valid
licenseKey - Analysis was run via
getAnalysis()oranalyzeEvents()
Without a license key, outputSignature will be an empty string and signedPayload will be undefined. verifyAnalysisSignatureAsync returns false in this case.
verifyAnalysisSignatureAsync(analysis, outputSignature)
Section titled “verifyAnalysisSignatureAsync(analysis, outputSignature)”| Parameter | Type | Description |
|---|---|---|
analysis | SessionAnalysis | The analysis object to verify |
outputSignature | string | Hex-encoded DER signature from analysis.outputSignature |
Returns: Promise<boolean> — true if the signature is valid, false otherwise. Never throws; returns false on any error.
Next Steps
Section titled “Next Steps”- Analysis — Run typing analysis on captured sessions
- API Reference — Full method signatures and type definitions