Decision Verification

Verify a Decision Record without trusting runtime storage.

Check exported records, receipt hashes, receipt signatures, policy bundle registry matches, and optional input hashes against the public verifier endpoint.

Open verifier Verification docs Receipt keys Policy bundles
Endpoint/api/decision/verify
Protocolloading...
StateNo record verified

Verifier input

Exported record verification uses the request body and does not require an API key.

HMAC receipt signatures require a shared secret and cannot be publicly verified here.

What the hosted verifier checks

The page wraps the same public verification endpoint used by integrations and audit packets.

Record integrity

Recomputes record_hash, receipt_hash, and the portable receipt fields from the supplied Decision Record.

Signature status

Verifies Ed25519 signatures when the record carries a public key, a public key is supplied, or the key registry can resolve the fingerprint.

Policy bundle match

Looks up policy_bundle_hash against the public bundle registry and reports whether the record maps to a known bundle.

CLI and API paths

Use the hosted page for quick reviews and the CLI/API path for automation, support packets, and auditor workflows.

CLI verifier 
npx @decide-fyi/sdk verify decision-record.json \
  --input decision-input.json \
  --key-registry https://www.decide.fyi/api/decision/receipt-keys \
  --summary
Public API verifier 
curl -s https://www.decide.fyi/api/decision/verify \
  -H "content-type: application/json" \
  -d '{"record":{...},"input":{...}}'
GitHub Actions 
npx @decide-fyi/sdk verify ./artifacts/decision-record.json \
  --input ./artifacts/decision-input.json \
  --key-registry https://www.decide.fyi/api/decision/receipt-keys \
  --json