Trust Spine · /verify
Verify a decision receipt
Paste a Project-AI receipt (JSON) or a decision hash. The verifier decodes the envelope, surfaces the signing key fingerprint and TSA timestamp, and tells you whether the claim is admissible.
For cryptographic verification offline, run the same canonical four-step sequence published on /keys: openssl pkeyutl, openssl ts -verify, sha256sum, then chain continuity. Full commands and key material live on /keys.
Ed25519 signature
# 1. Verify Ed25519 signature over the receipt JSON openssl pkeyutl \ -verify \ -pubin -inkey pai-audit-2026-q2.pub \ -rawin -in receipt.json \ -sigfile receipt.sig
RFC 3161 timestamp
# 2. Verify RFC 3161 timestamp from the TSA openssl ts -verify \ -in receipt.tsr \ -data receipt.json \ -CAfile digicert-tsa-roots.pem
Receipt hash
# 3. Recompute the receipt hash and compare to the receipt body sha256sum receipt.json # expected = receipt_hash field inside receipt.json
Chain continuity
# 4. Walk the chain: every receipt's prev_hash must equal the
# receipt_hash of the previous entry (chain_seq - 1).
jq -r '[.chain_seq, .prev_hash, .receipt_hash] | @tsv' chain/*.json \
| sort -n | awk 'NR>1 && $2 != prev { print "BREAK at seq", $1; exit 1 } { prev = $3 }'Decision envelope
awaiting input
What this surface verifies
- • Receipt envelope structure (chain_seq, prev_hash, receipt_hash).
- • Decision verdict normalization (ALLOW / DENY / SAFE_HALT).
- • Signing key id resolves against published trust roots.
- • TSA timestamp is well-formed and not in the future.
Documented surface — this verifier mirrors the on-chain receipt format used by the Triumvirate audit ledger. Full kernel-side cryptographic verification runs out-of-band.