/protocol · the specification

How TSP defines evidence

The website explains TSP; the spec and conformance suite define it. This is the human tour — the normative documents live in the protocol package.

Overview

An AI-mediated event is wrapped into a signed record, hashed so any change is detectable, and linked to the record before it. The spec fixes exactly how each step is computed so independent implementations agree byte-for-byte. It is a fixed, auditable definition — not a vendor convention.

TrustEnvelope · TrustManifest · VerificationResult · fixtures

TrustEnvelope

Every receipt is a TrustEnvelope: the declared claims about the event, the canonical hash of those claims, a link to the previous record, and the issuer's signature.

{
  "tsp": "3.0",
  "content": { "type": "text", "value": "…", "hash": "<sha256 of canonical content>" },
  "declaration": { "primarySource": { … }, "citations": [ … ] },
  "process": { "model": { … }, "systemPrompt": { … } },
  "alignment": { "humanReviewRequired": true, "policy": { … } },
  "timestamp": { "claimed": "2026-06-30T10:00:00Z", … },
  "ledger": { "id": "…", "prevHash": "<prev>", "hash": "<sha256 of ledger domain>" },
  "signatures": [ { "algorithm": "ed25519", "keyRef": "…", "signature": "<base64>" } ]
}

content.hash = SHA-256 over canonical JSON (JCS, RFC 8785) of the content value.

Version note: the envelope schema namespace (tsp: "3.0") and the product release (v1.0 public preview) are different version lines — schema maturity is not the product's release maturity.

TrustManifest

A TrustManifest is the key directory: it says which keys an issuer signs with and where to find them. A verifier uses it to resolve the key referenced by a receipt — without it you can check integrity but not provenance.

Ed25519 (EdDSA) public keys · published or customer-scoped.

Verification

Verification recomputes the hash, checks the Ed25519 signature against the manifest key, and confirms each receipt links to the prior one. It reports an evidence state — never a judgement of truth or legality.

Integrity — canonical hash matchessha-256
Signature — signed by the manifest keyed25519
Chain — links to the prior receiptprevHash
Schema, manifest & redaction state — declared and inspectableshape

Verification ≠ correctness, compliance, or approval.

Conformance

A public set of immutable fixtures pins canonical examples. Every implementation — JS, Python, Go, Rust, Java, C# — must agree. Independent verifier agreement is the trust anchor. These non-JS runtimes are verifier cores: one signer issues, many verifiers check.

See conformance and the TSP-Certified mark →

Threat & governance

The spec defines evidence; it does not grant authority. Payment never grants official status — issuer authorization and registry listing are governed grants, resolved separately from verification.