⚡ 60 seconds · No platform needed

Verify your first ATF receipt

From zero to a fully verified Delegation Receipt in four steps — using only the CLI, a JSON file, and the issuer's public key. No OMNIX account required.

1
Step 1 of 4 · ~10 seconds

Clone the repo & install

The verifier is a single Python file with no external dependencies beyond the standard library. Clone and you're ready.

bash
$ git clone https://github.com/Costenho19/atf-protocol-standard
$ cd atf-protocol-standard
$ python --version # Python 3.8+ required
Python 3.11.4
2
Step 2 of 4 · ~10 seconds

Create a sample Delegation Receipt

Save this JSON as my_receipt.json. This is a real ATF-format DR — all fields match the RFC-ATF-1 §5 wire format.

my_receipt.json
{
    "delegation_id": "ATFDR-A1B2C3D4E5F60011",
    "delegator_id": "HUMAN-harold-nunes-001",
    "delegate_id":  "AID-FINANCE-3A7F9B2C1D4E5F6A",
    "task_scope":   { "action": "governance_decision", "domain": "FINANCE" },
    "budget_granted":    75.0,
    "budget_delegator": 100.0,
    "chain_root_id": "HUMAN-harold-nunes-001",
    "issued_at":  "2026-05-16T10:00:00.000000000Z",
    "status":     "ACTIVE",
    "content_hash": "sha256:a3f4b2c1d5e6789012345678901234567890123456789012345678901234abcd",
    "pqc_signature": "ML-DSA-65:placeholder-see-cli-for-real-sig"
  }
3
Step 3 of 4 · ~10 seconds

Run the verifier

The verifier checks all six ATF invariants — no network call, no platform access. Only the receipt JSON and the issuer public key are needed (ATF-INV-006).

bash
$ python verifier/verify_receipt.py my_receipt.json
✓ ATF-INV-001 (MAR): budget_granted 75.0 ≤ budget_delegator 100.0
✓ ATF-INV-002 (PQC): pqc_signature field present (ML-DSA-65)
✓ ATF-INV-003 (Root): chain_root_id set to human principal
✓ ATF-INV-004 (Ceil): budget within registration ceiling
⚠ ATF-INV-005 (Hash): content_hash is placeholder — use real hash in production
✓ ATF-INV-006 (Indep): verified offline, no platform access used
VERDICT: PASS (5/6 checks, 1 warning)
✓ PASS — 5 invariants satisfied, 1 warning
✓ ATF-INV-001 Monotonic Authority Reduction
✓ ATF-INV-002 ML-DSA-65 signature present
✓ ATF-INV-003 Chain traces to human root
✓ ATF-INV-004 Budget ceiling respected
⚠ ATF-INV-005 content_hash is placeholder (production receipts must use real SHA-256)
✓ ATF-INV-006 Independently verifiable offline
4
Step 4 of 4 · See what breaks

Test a MAR violation

Change budget_granted to 150.0 (greater than budget_delegator: 100.0) and run again. The verifier must reject it — ATF-INV-001 is not optional.

bash — MAR violation test
$ python verifier/verify_receipt.py bad_receipt.json
✗ ATF-INV-001 (MAR): budget_granted 150.0 > budget_delegator 100.0 — VIOLATION
✓ ATF-INV-002 (PQC): pqc_signature field present
✓ ATF-INV-003 (Root): chain_root_id set
VERDICT: FAIL — 1 invariant violation
✗ FAIL — ATF-INV-001 violation detected
✗ ATF-INV-001 budget_granted 150.0 exceeds budget_delegator 100.0
This is the correct behaviour. Any ATF-compliant verifier MUST reject this receipt.
What you just proved: ATF-INV-001 (Monotonic Authority Reduction) is enforced regardless of who issued the receipt. No configuration flag can disable it. This is why ATF receipts are independently auditable — the rules are in the protocol, not the platform.
What you've verified
MAR invariant
ATF-INV-001
PQC signature
ATF-INV-002
Chain root
ATF-INV-003
Offline verifiable
ATF-INV-006

Try the interactive browser verifier

Paste any ATF receipt JSON and verify MAR, CES formula, content hash, and identifier formats — directly in your browser. No install needed.

Open Verifier →
RFC Index →
Full protocol specifications
Example Integrations →
Python · TypeScript · Go
Conformance Program →
Get your ATF-Compliant badge
Technical Whitepaper →
Architecture & 40 invariants