Verify Traceseal Execution Receipts — cryptographic proof of what your AI agent did
Project description
traceseal-verify
Verify Traceseal Execution Receipts — cryptographic proof of what your AI agent did.
What is an Execution Receipt?
Every AI agent framework can make agents do things. None of them can prove what the agent did to a third party. A Traceseal Execution Receipt is a signed JSON document that proves:
- What code ran — manifest hash over every source file
- Who authorized it — publisher's ed25519 signature in a transparency log
- What sandbox it ran in — hash of the kernel-namespace configuration
- What it produced — SHA-256 of inputs and outputs (not the values — privacy preserving)
- Who vouches for it — operator's ed25519 signature over everything above
Third parties verify the receipt with one command. No access to the operator's machine needed.
Install
pip install traceseal-verify
Verify a receipt
traceseal-verify receipt.json
[OK] receipt.json
skill: agentmail v1.2.0
operator: ed25519:f19bc125dcfdb2eb91e98da98d45bb7a
publisher: ed25519:a07c7eb5f20f6b99d1914d7ec5221a25
Python API
from traceseal_verify import verify_receipt_file
result = verify_receipt_file("receipt.json")
if result.ok:
print(f"Verified: {result.skill_name} v{result.skill_version}")
What verification checks
- Structure — required sections present, recognized version
- Consistency — execution and provenance agree on which code was signed
- Signature — operator's ed25519 signature is valid over the execution + provenance data
What verification does NOT check
- Whether the operator's key is trusted (your policy decision)
- Whether the publisher's key is trusted (your policy decision)
- Whether specific inputs/outputs match expected values (your application logic)
Generating receipts
Receipts are generated by Traceseal. This package is the verification side only — deliberately minimal so anyone can verify without installing the full toolchain.
Spec
Traceseal Execution Receipt Specification
License
Apache 2.0 — no barriers to verification in any context.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file traceseal_verify-1.0.1.tar.gz.
File metadata
- Download URL: traceseal_verify-1.0.1.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c40c7be19742c292dca15047ebc942b9394be6ea06aaf7463788bfa840d58289
|
|
| MD5 |
69f0159d906ba63009bad4a6176dbebd
|
|
| BLAKE2b-256 |
09aa9dc05b474a077c6ee769a30c2b5fe2036a3b660099e8bdaf9825f4c095d2
|
File details
Details for the file traceseal_verify-1.0.1-py3-none-any.whl.
File metadata
- Download URL: traceseal_verify-1.0.1-py3-none-any.whl
- Upload date:
- Size: 6.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f32c3d6f1ad38487bb3c8f3c54a11fd0b370d0456a83a19198f4fb10490e0ae1
|
|
| MD5 |
b0a73e02385063640d9ea84ba6eb4d8a
|
|
| BLAKE2b-256 |
ba13c1004543adaa5ea4b7cf02568663c69b1b0f373b12d568d13e43474a8e09
|
