@trust-standard-protocol/sdk-js
signer + verifierthe single issuance/signing path
Tools & modules
Verification is free and offline, in every runtime. Issuance and signing live behind the licensed issuer path (pilot / staging). Official status stays separate — no phone-home, no kill switch for free verification.
TSP is one signer and N verifiers. The non-JS SDKs are verifier cores — they re-run the cryptography; they do not sign. Signing and issuance is the single licensed path.
@trust-standard-protocol/sdk-js
signer + verifierthe single issuance/signing path
@trust-standard-protocol/sdk-web
verifier corebrowser-safe, verify-only
@trust-standard-protocol/sdk-python
verifier core@trust-standard-protocol/sdk-go
verifier core@trust-standard-protocol/sdk-rust
verifier core@trust-standard-protocol/sdk-java
verifier core@trust-standard-protocol/sdk-csharp
verifier corenpm i @trust-standard-protocol/sdk-web
import { verifyTrustEnvelopeV3 } from "@trust-standard-protocol/sdk-web";An open Model Context Protocol server and proxy let agents capture tool-call receipts and re-run verification inline. Distributed free with the verifier cores — the open layer of the protocol; the governed Seal is the product.
# verify a receipt from an agent loop, offline
tsp-mcp --proxy # captures tool-call evidence; re-runs verificationModules ship inactive; an offline license token activates them. Free verification always works.
Search and filter receipts across a workflow.
Package receipts, reviews and manifests into one exportable bundle.
Flag missing evidence and stale keys — alerts, not a safety verdict.
Review, escalate and override — every step signed.
Tenants, licenses, issuers and audit trail — no official status by payment.
Tool-call receipts and policy state — captures, never claims correctness.
A drop-in component that links an AI output to its provenance receipt. The resolver decides whether official wording is allowed; the badge itself only ever reflects verification state.
Open layer: spec, fixtures, verifier cores and the TrustBadge component are source-available and citable (Apache-2.0). The closed Seal — issuance tooling and commercial modules — is under a commercial TSP license. Marks (TSP, Trust Standard Protocol, TrustEnvelope, TrustBadge) are controlled.