/protocol · the specification
How TSP defines evidence
The website explains TSP; the spec and conformance suite define it. This is the human tour — the normative documents live in the protocol package.
Overview
An AI-mediated event is wrapped into a signed record, hashed so any change is detectable, and linked to the record before it. The spec fixes exactly how each step is computed so independent implementations agree byte-for-byte. It is a fixed, auditable definition — not a vendor convention.
TrustEnvelope · TrustManifest · VerificationResult · fixtures
TrustEnvelope
Every receipt is a TrustEnvelope: the declared claims about the event, the canonical hash of those claims, a link to the previous record, and the issuer's signature.
{
"tsp": "3.0",
"content": { "type": "text", "value": "…", "hash": "<sha256 of canonical content>" },
"declaration": { "primarySource": { … }, "citations": [ … ] },
"process": { "model": { … }, "systemPrompt": { … } },
"alignment": { "humanReviewRequired": true, "policy": { … } },
"timestamp": { "claimed": "2026-06-30T10:00:00Z", … },
"ledger": { "id": "…", "prevHash": "<prev>", "hash": "<sha256 of ledger domain>" },
"signatures": [ { "algorithm": "ed25519", "keyRef": "…", "signature": "<base64>" } ]
}content.hash = SHA-256 over canonical JSON (JCS, RFC 8785) of the content value.
Version note: the envelope schema namespace (tsp: "3.0") and the product release (v1.0 public preview) are different version lines — schema maturity is not the product's release maturity.
TrustManifest
A TrustManifest is the key directory: it says which keys an issuer signs with and where to find them. A verifier uses it to resolve the key referenced by a receipt — without it you can check integrity but not provenance.
Ed25519 (EdDSA) public keys · published or customer-scoped.
Verification
Verification recomputes the hash, checks the Ed25519 signature against the manifest key, and confirms each receipt links to the prior one. It reports an evidence state — never a judgement of truth or legality.
Verification ≠ correctness, compliance, or approval.
Conformance
A public set of immutable fixtures pins canonical examples. Every implementation — JS, Python, Go, Rust, Java, C# — must agree. Independent verifier agreement is the trust anchor. These non-JS runtimes are verifier cores: one signer issues, many verifiers check.
Threat & governance
The spec defines evidence; it does not grant authority. Payment never grants official status — issuer authorization and registry listing are governed grants, resolved separately from verification.