governed-receipt/v1 · embeddable proof
Put the proof where the claim is.
A vendor who issues a Governed Receipt can show it off with one line. The badge re-derives the Ed25519 proof in the visitor's own browser and renders the verdict it actually computed — then links to lockedinlabs.ai/verify so a skeptic re-runs the whole thing from scratch.
A green badge is never rendered without a real verify. The vendor's page is in nobody's trust path — the math is.
The one-liner
Point the badge at a hosted receipt URL — it fetches, verifies client-side, and injects the badge inline.
<!-- your receipt lives anywhere you serve JSON --> <script src="https://lockedinlabs.ai/sdk/badge.js" data-receipt-url="https://your.app/receipts/abc.json"></script>
…or inline the receipt directly
<script src="https://lockedinlabs.ai/sdk/badge.js" data-receipt='{"format":"governed-receipt/v1", … }'></script>
Configuration
| attribute | what it does |
|---|---|
| data-receipt-url | Fetch the receipt JSON from this URL, then verify it. |
| data-receipt | Inline receipt JSON (takes precedence over the URL). |
| data-target | CSS selector to mount into; defaults to a span injected after the script tag. |
| data-verify-base | Override the verify deep-link origin (defaults to the host the script loaded from). |
The static SVG variant
Need an <img> for a
README, an email, or a CMS that strips scripts? The badge endpoint server-renders an SVG. It still verifies
the receipt first — the verdict is computed, not asserted. The receipt travels in the URL, so the badge and
the deep-link carry identical bytes.
<a href="https://lockedinlabs.ai/verify?r=<base64url>"> <img src="https://lockedinlabs.ai/api/badge?r=<base64url>" alt="Governed Receipt — verified" height="22" /> </a>
<base64url> is the receipt JSON,
base64url-encoded — the same value /verify?r=
reads. The SDK's verifyUrl(receipt) builds it for you.
Three honest verdicts
The badge renders what the verifier returned — nothing more.
| verdict | meaning |
|---|---|
| VERIFIED | Every applicable check passed: the Ed25519 signature verifies over the canonical body, the committed digest matches, and any evidence chain links end to end. |
| PARTIAL | The signature is authentic, but a secondary check failed — a committed body digest mismatched, or an evidence-chain link broke. Authentic, but internally inconsistent. Never dressed up as green. |
| FAILED | The signature does not verify, or the receipt is malformed. A field was altered after signing, or the wrong key was supplied. |
Where the verifier comes from
The browser SDK
The badge loads /sdk/governed-receipt.js — the same canonicalizer and Ed25519 verifier the hub runs. No build step, no npm install for the embed.
The reference implementation
To emit or verify receipts in your own stack, use the hosted SDK above — it is the
integration path today. The packaged form,
@lockedinlabs/governed-receipt,
is source-available in the repository and tested against the
conformance vectors; npm publication is pending.
Read the format spec, run the conformance suite, or verify any receipt yourself at /verify.