Receipt verification

TrigGuard execution authority receipts are signed with Ed25519 over a deterministic UTF-8 JSON payload. The same rules apply in the trigguard verify CLI, the Node SDK (@trigguard/sdk/node/verifyReceipt.js), and the public browser inspector.

Receipt structure

Signed fields: decision, policyFingerprint, reason, timestamp (all stringified for signing). Signature: receiptSignature (base64, 64 bytes). Optional authorityKeyId or key_id selects a row from the published keys file.

Canonical JSON

The message is JSON.stringify of an object with exactly those four keys, sorted lexicographically, with string values. No whitespace is added beyond what JSON.stringify emits for that object shape.

CLI verification

trigguard verify receipt.json --public-key-file authority.pem

Browser verification

The Verify page uses crypto.subtle.importKey and crypto.subtle.verify (Ed25519). Verification is offline-first: the receipt JSON is not sent to TrigGuard as part of that pipeline. Optional GET requests may fetch only public keys from /.well-known/trigguard-keys.json.

Key discovery

Keys are published as JSON (for example /.well-known/trigguard-keys.json). Each key entry includes an identifier and a PEM-encoded public key. Match the receipt's authorityKeyId / key_id to select the verifying key.

Source document

The canonical Markdown for this topic lives in the site repository at docs/receipt-verification.md (developer checkout).