Trust Receipt schema

Every verification leaves a signed paper trail.

A signed receipt is what lets a Muslim builder prove what was verified, against which source bundle, under which policy, before any Muslim user saw the answer. It is metadata only. No submitted question text. No submitted answer text. No raw citation text. It is safe to attach to a pull request, a release log, a scholar review, or a compliance file.

Privacy posture

The receipt is metadata only.

Privacy is the first invariant. The schema enforces it. Submitted religious text is not included and not stored.

Included

SHA-256 of the canonical input, source bundle identity, policy in force, risk evidence counts, recommended action, signature.

Hashed

Citation collection, reference, and source id are individually SHA-256 hashed. The raw values never appear in the receipt.

Excluded

Submitted question text, submitted answer text, raw citation text, API key, account secrets, scholar review packet content.

Schema

Receipt fields, version `tasfi-guard-receipt-0.1.0`.

Field	Type	Description
`id`	string	Stable receipt id, derived from input hash, status, source bundle, and evidence. Format `tasfi_receipt_<24 hex chars>`.
`version`	string	Receipt schema version. Current value `tasfi-guard-receipt-0.1.0`.
`generatedAt`	string	ISO 8601 UTC timestamp when the receipt was produced.
`status`	enum	`pass`, `warn`, or `fail`. Maps to a recommended display behavior.
`ok`	boolean	Convenience flag derived from status.
`requestId` / `batchItemId` / `accountId`	string or null	Optional correlation ids. Account id, when present, is a server-side identifier, never a raw API key.
`inputHash`	hex string	SHA-256 hash of the canonical-JSON serialization of the verification input. Lets external systems prove a receipt corresponds to a specific input without storing the input.
`sourceBundle`	object	`{ id, version, sha256 }`. Pins the verification to a specific source bundle release.
`policy`	object	`{ hadithPolicy: "sahih_only", madhab, allowedMadhabs }`. Records the policy in force at verification time.
`evidence.summary`	object	Counts only. `citationsChecked`, `citationsPassed`, `citationsWarned`, `citationsFailed`, `riskFlags`, `claimRiskFlags`, `sourceSupportCounts`, `riskFlagCategories`, `escalationRequired`.
`evidence.citations[]`	array	Per citation: type, status, optional issue, optional grade, hashed collection, hashed reference, hashed source id, source support status, claim support status, needsReview boolean. Raw values are not present.
`evidence.riskFlags[]`	array	Per flag: `id`, `severity`, `category`. Categories include `claim_support`, `policy`, `review_escalation`, `madhab_scope`, and `clinical_boundary`.
`evidence.rulesTriggered[]`	array	Sorted list of risk-flag rule ids, deduplicated, for quick auditing.
`recommendedAction`	enum	`block_before_display`, `route_to_scholar_review`, `rewrite_or_review`, or `store_receipt_and_display_with_policy`.
`privacy`	object	Invariants for the receipt itself: `mode: "metadata_only"`, `submittedTextIncluded: false`, `submittedTextStored: false`, `rawCitationTextIncluded: false`, `inputHashAlgorithm: "sha256"`.
`decisionHash`	hex string	SHA-256 hash of the canonical-JSON serialization of the receipt payload before signing. Lets verifiers detect tampering.
`signature`	object	`{ algorithm, keyId, value }`. `algorithm` is `hmac-sha256` when `TASFI_RECEIPT_SECRET` is configured, otherwise `sha256` with key id `unsigned-local`.

Sample receipt

What you actually see.

This is a minimal example. Real receipts include richer evidence depending on the verification result.

tasfi_receipt example

{
  "id": "tasfi_receipt_4d2b9a3f5c1e7068b4a9c5d3",
  "version": "tasfi-guard-receipt-0.1.0",
  "generatedAt": "2026-05-16T11:00:00Z",
  "status": "pass",
  "ok": true,
  "requestId": null,
  "batchItemId": null,
  "accountId": null,
  "inputHash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
  "sourceBundle": {
    "id": "tasfi-v1-controlled",
    "version": "tasfi-v1-controlled-0.3.0",
    "sha256": "cd9a8b99e98f9ea0e2ce2cc3ed893610535818a55143cb58a4f93108184f37c2"
  },
  "policy": {
    "hadithPolicy": "sahih_only",
    "madhab": null,
    "allowedMadhabs": ["hanafi", "maliki", "shafii", "hanbali"]
  },
  "evidence": {
    "summary": {
      "citationsChecked": 1,
      "citationsPassed": 1,
      "citationsWarned": 0,
      "citationsFailed": 0,
      "riskFlags": 0,
      "claimRiskFlags": 0,
      "sourceSupportCounts": { "quote_match": 1 },
      "riskFlagCategories": {},
      "escalationRequired": false
    },
    "citations": [
      {
        "type": "quran",
        "status": "pass",
        "issue": null,
        "grade": null,
        "collectionHash": null,
        "referenceHash": "9b...",
        "sourceIdHash": "7a...",
        "sourceSupportStatus": "quote_match",
        "claimSupportStatus": "claim_support_pass",
        "needsReview": false
      }
    ],
    "riskFlags": [],
    "rulesTriggered": []
  },
  "recommendedAction": "store_receipt_and_display_with_policy",
  "privacy": {
    "mode": "metadata_only",
    "submittedTextIncluded": false,
    "submittedTextStored": false,
    "rawCitationTextIncluded": false,
    "inputHashAlgorithm": "sha256"
  },
  "decisionHash": "c4f1...",
  "signature": {
    "algorithm": "hmac-sha256",
    "keyId": "tasfi-runtime-receipt-key",
    "value": "f1a2..."
  }
}

Verification

Verify a receipt locally.

Pipe a receipt JSON file to the verifier. Verification recomputes the canonical decision hash and confirms the signature. When TASFI_RECEIPT_SECRET is set, the same secret used at signing time must be present to confirm the HMAC signature.

CLI

TASFI_RECEIPT_SECRET=<shared secret> \
  npm run receipt:verify -- path/to/receipt.json

Versioning

The schema is versioned. Old receipts stay verifiable.

Additive change

New optional fields raise the patch version. Older receipts still verify against the same canonical hash function.

Breaking change

A field rename or canonical-form change raises the minor version. A migration note is published and tagged on this page.

Privacy invariants

The privacy block invariants never change in a way that allows submitted text into the receipt. That contract is the product.

Machine-readable schemas

JSON Schema files for every receipt object.

Draft 2020-12. Stable $id URIs under https://tasfi.app/schemas/tasfi/. Validate locally, store alongside deploy logs, or wire into CI.

decision-receipt.schema.json signed Trust Receipt envelope.
claim-evidence.schema.json deterministic claim unit.
evidence-graph.schema.json metadata-only evidence graph.
scholar-decision.schema.json restricted reviewer decision contract.

Why it matters

The receipt is the artifact that makes Islamic AI auditable.

Most AI safety claims are vibes. A signed receipt with a bundle checksum, a policy snapshot, and a metadata-only evidence summary is something a compliance reviewer can actually file. That is the standard Tasfi is committing to maintain.