attestation.verify() — the consumer half of the envelope. v1.20.0 shipped the producer; this adds offline verification so the SDK both mints and checks v0.1.1 attestation envelopes in one place.
verify(envelope, *, now=None) -> VerificationResultruns the deterministic, network-free subset of the spec's verifier: structural checks (required fields,envelope_version, non-empty evidence/sigchain) → ed25519 peel-and-verify of each signature overJCS(envelope with sigchain = sigchain[0..i-1])→ validity window (time_bounded/perpetual/revocation_checked) → issuerdid:keybinding.VerificationResultcarriesok(truthy via__bool__),issuer_bound(kept separate — onlydid:keyissuers close cryptographically in v0.1; other schemes are valid-but-UNBINDABLE),reasons, andnotes.did_key_to_public_key()— inverse ofpublic_key_to_did_key().
Evidence resolution and revocation are intentionally out of scope — verify() never makes a network call; resolve evidence[].uri / check content_hash / query revocation_uri yourself if your trust model needs them. Same optional extra as signing (pip install colony-sdk[attestation]). Non-breaking, additive.