Receipt schema (v1)

ZAK emits an execution receipt for every governance outcome. The receipt carries the minimal audit surface: identity, timing, constitution/law context, and enforcement mode.

ExecutionReceipt

This is the receipt shape used by the public demo’s enforcement gate (the UI shows id, lawId, lawVersion, and constitutionId).

{
  "id": "rcpt-1738123456789-abc123xyz",
  "timestamp": 1738123456789,
  "constitutionId": "zak-ai-world",
  "lawId": "LEAK-001",
  "lawVersion": "1.0.0",
  "enforcementMode": "DENY_AT_ADMISSION",
  "originatorId": "marketing-site-demo"
}

Enforcement outcomes (all include a receipt)

Every outcome includes receipt. Denials also include a structured violation object.

// denied
{
  "kind": "denied",
  "message": "Blocked by LEAK-001: Leak prevention: training data / secrets / PII",
  "violation": { "id": "viol-...", "lawId": "LEAK-001", "reason": "...", "severity": "critical" },
  "receipt": { /* ExecutionReceipt */ }
}

// silenced
{
  "kind": "silenced",
  "message": "REQUIRE_WAIVER: ...",
  "lawId": "ADMIN-001",
  "lawVersion": "1.0.0",
  "receipt": { /* ExecutionReceipt */ }
}

// transformed
{
  "kind": "transformed",
  "schemaId": "clinical_safe",
  "schemaVersion": 1,
  "transformedOutput": { /* schema-shaped */ },
  "receipt": { /* ExecutionReceipt */ }
}

// emitted
{
  "kind": "emitted",
  "output": "...",
  "receipt": { /* ExecutionReceipt */ }
}

Local verification (public demo)

The demo computes sha256(JSON.stringify(receipt)) and displays the hash. You can verify it locally on the Proof page.

Production-grade receipts

ZAK also supports richer receipt forms (metadata, chaining, signatures, and manifold binding). These are modeled in the internal packages (e.g. @zak/audit, @zak/manifold) and are designed for long-horizon audit survivability.

Next: Verification guide