TG-01 protocol playground

Generate authority-shaped receipts signed with the public fixture key from trigguard verify-receipt samples. Ed25519 signs the canonical UTF-8 JSON of decision, policyFingerprint, reason, and timestamp only (same as production verifier). Surface, action, and context_hash are carried on the wire for learning but are not part of that signed tuple.

REQUEST - EVALUATION - DECISION - SIGNED RECEIPT - OFFLINE VERIFY

Generate receipt

Quick surface preset Surface Action Context hash Policy fingerprint Decision (signed)

Signed fields use lowercase decision on the wire (permit / deny / silence) to match CLI fixtures.

Break receipt (attack sim)

Each button mutates the JSON in the editor. Signature is not auto-healed - verify should fail until you generate again.

Receipt JSON

Verification pipeline

Compare receipts

Receipt A Receipt B

Advanced - bytes and digests

Canonical UTF-8 (signed)

SHA-256 (hex, UTF-8 canonical)

receiptSignature (base64)

Authority public key (hex)