The Stack · Receipt

Every enforcement decision, signed.

Receipt wraps every enforcement decision in a regulator-ready signed envelope. Receipts include the rule, the age, the jurisdiction, the audit, and a cryptographic signature. Regulators can replay decisions years later; adopters can prove compliance without exposing user data.

Read the full Receipt spec →Read the Charter

The envelope

Four properties of a signed Receipt.

What is in the envelope, how it is signed, how it replays, and what it deliberately leaves out.

WHAT'S SIGNED

Rule ID, age (age signal), jurisdiction, capability invoked, audit, citation.

SIGNATURE FORMAT

EIP-712-style typed-data envelope. ed25519. Domain-separated by spec version.

REPLAY

Signed receipts are replayable. Regulators can request a receipt by ID and verify against the OCSS Charter's public key.

PRIVACY

Receipts carry no PII. The age is a derived age signal; the user identity is not revealed.

Sample receipt

A signed Receipt envelope.

receipt.jsoned25519 · OCSS-draft-4

{
  "id": "rcpt_018d4cb13f...",
  "rule": "recommender_off_minor",
  "capability": "tier",
  "age": { "age_band": "13-17", "method": "platform_attested" },
  "jurisdiction": "US-CA",
  "cite": ["KOSA-§4(b)(2)", "CA-AADC-§22675"],
  "audit": { "allow": false, "reason": "minor_recommender_off" },
  "issued_at": "2026-05-11T13:24:45Z",
  "spec": "OCSS-draft-4",
  "sig": "ed25519:0x4a8c...f209"
}

Receipt

The full Receipt specification.

Envelope schema, signature algorithm, replay protocol, and the regulator-verification flow — in one place.

Read the full Receipt spec →Read the Charter