LockedIn Labs LockedIn Labs

governed-receipt/v1 · embeddable proof

Put the proof where the claim is.

A vendor who issues a Governed Receipt can show it off with one line. The badge re-derives the Ed25519 proof in the visitor's own browser and renders the verdict it actually computed — then links to lockedinlabs.ai/verify so a skeptic re-runs the whole thing from scratch.

A green badge is never rendered without a real verify. The vendor's page is in nobody's trust path — the math is.

This badge just verified a real receipt in your browser:
Click it. The link carries the same bytes to /verify, where the full field-by-field readout runs again.

The one-liner

Point the badge at a hosted receipt URL — it fetches, verifies client-side, and injects the badge inline.

<!-- your receipt lives anywhere you serve JSON -->
<script src="https://lockedinlabs.ai/sdk/badge.js"
        data-receipt-url="https://your.app/receipts/abc.json"></script>

…or inline the receipt directly

<script src="https://lockedinlabs.ai/sdk/badge.js"
        data-receipt='{"format":"governed-receipt/v1", … }'></script>

Configuration

attributewhat it does
data-receipt-urlFetch the receipt JSON from this URL, then verify it.
data-receiptInline receipt JSON (takes precedence over the URL).
data-targetCSS selector to mount into; defaults to a span injected after the script tag.
data-verify-baseOverride the verify deep-link origin (defaults to the host the script loaded from).

The static SVG variant

Need an <img> for a README, an email, or a CMS that strips scripts? The badge endpoint server-renders an SVG. It still verifies the receipt first — the verdict is computed, not asserted. The receipt travels in the URL, so the badge and the deep-link carry identical bytes.

<a href="https://lockedinlabs.ai/verify?r=<base64url>">
  <img src="https://lockedinlabs.ai/api/badge?r=<base64url>"
       alt="Governed Receipt — verified" height="22" />
</a>

<base64url> is the receipt JSON, base64url-encoded — the same value /verify?r= reads. The SDK's verifyUrl(receipt) builds it for you.

Three honest verdicts

The badge renders what the verifier returned — nothing more.

verdictmeaning
VERIFIED Every applicable check passed: the Ed25519 signature verifies over the canonical body, the committed digest matches, and any evidence chain links end to end.
PARTIAL The signature is authentic, but a secondary check failed — a committed body digest mismatched, or an evidence-chain link broke. Authentic, but internally inconsistent. Never dressed up as green.
FAILED The signature does not verify, or the receipt is malformed. A field was altered after signing, or the wrong key was supplied.

Where the verifier comes from

The browser SDK

The badge loads /sdk/governed-receipt.js — the same canonicalizer and Ed25519 verifier the hub runs. No build step, no npm install for the embed.

The reference implementation

To emit or verify receipts in your own stack, use the hosted SDK above — it is the integration path today. The packaged form, @lockedinlabs/governed-receipt, is source-available in the repository and tested against the conformance vectors; npm publication is pending.

Read the format spec, run the conformance suite, or verify any receipt yourself at /verify.