Specification v1 — CC-BY-4.0

Prove what left your machine.
Cryptographically.

SignedReceipt is an open, vendor-neutral specification for a signed receipt that proves PII was tokenized before a request left the user's device — and that no payload was logged. Any implementation can issue and verify receipts.

Read the spec Run the test suite View on GitHub

What is SignedReceipt?

When a user sends a prompt through an AI privacy gateway, they want proof that their personally identifiable information was removed before the bytes left their device. A signed receipt provides that proof — a tamper-evident, chain-linked JSON document containing hashes, detector counts, and ECDSA P-256 signatures. No raw content. No PII. Just cryptographic evidence.

SignedReceipt specifies the envelope format, the canonicalization rules (RFC 8785 JCS), the signing algorithm (ecdsa-p256-sha256 at v1; ML-DSA reserved for v2), the chain-linking semantics, and the public-key discovery endpoint. Any implementation that passes the conformance test suite may claim compatibility.

Open spec

Normative specification in CC-BY-4.0. Embedded JSON Schemas are CC0 for maximum reuse.

Read v1 spec →

Reference implementations

Rust crate and TypeScript package — both Apache-2.0, FIPS-compatible paths available.

View implementations →

Conformance test suite

Known-good and known-bad fixture corpus. Pass all tests to earn the badge.

Run tests →

Badge program

Display the "SignedReceipt v1 compatible" badge on your product to signal verified compliance.

Claim your badge →

Receipt envelope at a glance

A minimal v1 receipt — JSON Canonical Form per RFC 8785, ECDSA P-256 signature over canonicalized bytes with sig removed:

{
  "v":   "v1",
  "alg": "ecdsa-p256-sha256",
  "kid": "desktop-key-2026-04",
  "iss": "https://example.com/keys/desktop/d8f3a1b2",
  "sub": "req_01HV3PKQZW8XEY9RMNDA",
  "iat": 1745000000,
  "jti": "01HV3PKQZW8XEY9RMNDA00001",
  "chain": {
    "prev_hash": "e3b0c44298fc1c149afb...0655",
    "chain_id":  "01HV3PKQZW8XEY9RMNDA",
    "seq":        1
  },
  "claims": {
    "tokenisation": {
      "level": "tokenise-reversible",
      "detectors": [
        { "id": "email", "version": "1.2.0", "count": 3, "fingerprint_hmac": "ZmFrZWhtYWM..." },
        { "id": "phone", "version": "1.2.0", "count": 1, "fingerprint_hmac": "YW5vdGhlcmZh..." }
      ],
      "input_hash":  "sha256:a4d8f3...",
      "output_hash": "sha256:9c7e21..."
    },
    "egress_attestation": {
      "attester": "desktop",
      "zero_payload_proof": {
        "ci_commit": "abc1234",
        "lint_rule_id": "cloakapi-zero-payload"
      }
    }
  },
  "sig": "MEQCIFz2...base64url-encoded-signature"
}
Read full envelope spec

Known compatible implementations

ImplementationLanguageLicenceStatus
openreceipt/reference-rust Rust Apache-2.0 Reference
openreceipt/reference-typescript TypeScript Apache-2.0 Reference
CloakAPI Desktop (Tauri) Rust + Svelte Proprietary v1 compatible
CloakAPI Gateway (Laravel) PHP Proprietary v1 compatible

Submit your implementation →

Governance

SignedReceipt is maintained by an independent GitHub organisation. No single vendor controls the specification. Contributions follow the standard open-source model: GitHub pull requests, public discussion, spec editor review. The licence (CC-BY-4.0) ensures any organisation can implement, fork, or extend SignedReceipt without permission.

Read the governance model →