From 44fde8ef1a5ac8a5996ec28d5a56e669ea3694a9 Mon Sep 17 00:00:00 2001
From: Felippe Costa <felippemsc@gmail.com>
Date: Tue, 17 Feb 2026 21:43:29 -0300
Subject: [PATCH 1/2] feat: add fingerprint fields to validate response schema

---
 app/api/routes/validate.py | 2 ++
 app/schemas/validate.py    | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/app/api/routes/validate.py b/app/api/routes/validate.py
index 84ef13d..b5348b0 100644
--- a/app/api/routes/validate.py
+++ b/app/api/routes/validate.py
@@ -68,11 +68,13 @@ async def validate_media(
             app_id=capture_trust.get("app_id"),
             issued_at=capture_trust["issued_at"],
             key_id=capture_trust.get("key_id"),
+            device_public_key_fingerprint=capture_trust["device_public_key_fingerprint"],
         ),
         media_integrity=MediaIntegrityInfo(
             content_hash_valid=media_integrity["content_hash_valid"],
             signature_valid=media_integrity["signature_valid"],
             capture_id_match=media_integrity["capture_id_match"],
+            fingerprint_match=media_integrity["fingerprint_match"],
             content_hash=media_integrity["content_hash"],
             capture_id=media_integrity["capture_id"],
             captured_at=media_integrity["captured_at"],
diff --git a/app/schemas/validate.py b/app/schemas/validate.py
index 1a52d99..514a960 100644
--- a/app/schemas/validate.py
+++ b/app/schemas/validate.py
@@ -19,6 +19,9 @@ class CaptureTrustInfo(APIResponse):
     )
     issued_at: int = Field(description="Unix timestamp when token was issued")
     key_id: str | None = Field(default=None, description="Key ID used for signing")
+    device_public_key_fingerprint: str = Field(
+        description="SHA-256 fingerprint of the device's public key from the JWT"
+    )
 
 
 class MediaIntegrityInfo(APIResponse):
@@ -33,6 +36,9 @@ class MediaIntegrityInfo(APIResponse):
     capture_id_match: bool = Field(
         description="Whether capture ID matches between JWT and media integrity"
     )
+    fingerprint_match: bool = Field(
+        description="Whether device public key fingerprint matches between JWT and media integrity"
+    )
     content_hash: str = Field(description="SHA256 hash of the media content")
     capture_id: str = Field(description="Capture ID from media integrity")
     captured_at: str = Field(description="ISO8601 timestamp of capture")

From 727a43ab0e660377c598ca7c71032790dbe6d249 Mon Sep 17 00:00:00 2001
From: Felippe Costa <felippemsc@gmail.com>
Date: Tue, 17 Feb 2026 21:51:24 -0300
Subject: [PATCH 2/2] fix: format

---
 app/api/routes/validate.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/api/routes/validate.py b/app/api/routes/validate.py
index b5348b0..e8774e4 100644
--- a/app/api/routes/validate.py
+++ b/app/api/routes/validate.py
@@ -68,7 +68,9 @@ async def validate_media(
             app_id=capture_trust.get("app_id"),
             issued_at=capture_trust["issued_at"],
             key_id=capture_trust.get("key_id"),
-            device_public_key_fingerprint=capture_trust["device_public_key_fingerprint"],
+            device_public_key_fingerprint=capture_trust[
+                "device_public_key_fingerprint"
+            ],
         ),
         media_integrity=MediaIntegrityInfo(
             content_hash_valid=media_integrity["content_hash_valid"],