§ Receipt verification

Verify a Tessaliq receipt

Paste a receipt JWT below, or drop a file. The verification is done entirely in your browser — only the public JWKS endpoint is fetched, the receipt contents never leave your machine.

See the receipt spec v1 for the full format. The verifier logic used here mirrors @tessaliq/receipt-verifier (MIT).

Verifying against api.tessaliq.com

Drop a receipt file here or paste the JWT below

Accepts a plain .jwt or .txt file containing a single JWT string.

Re-verify this receipt yourself, in your terminal

The browser-side verification on this page mirrors the @tessaliq/receipt-verifier library (MIT). Drop the JWT into a file and verify with:

# Option A — npx (when published to npm)
echo "<your-jwt>" | npx @tessaliq/receipt-verifier

# Option B — clone the open-core repo
git clone https://github.com/Tessaliq/tessaliq-open.git
cd tessaliq-open
pnpm install && pnpm -F @tessaliq/receipt-verifier build
echo "<your-jwt>" | node packages/receipt-verifier/dist/cli.js

For fully air-gapped verification, fetch the public JWKS once and pass it to verifyReceipt(jwt, { jwks }) from the lib. The repo bundles a real receipt + matching JWKS snapshot under examples/real-receipt.json as a reproducible reference.

What the verification proves

Cryptographic integrity

The JWT was signed by the private key whose public counterpart is currently published at the JWKS endpoint (kid: tessaliq-receipt-v1), and the claims have not been tampered with since signature.

What Tessaliq attested

The receipt records the policy applied, the result, the timestamps and, if applicable, the proof hash. These are declarations signed by Tessaliq — they are non-repudiable if the key is uncompromised.

What this page cannot prove

Whether the session exists in Tessaliq's database (no public lookup in v1), whether the internal verifier logic applied the policy correctly (see public OIDF plans for that), or the identity of the wallet user (by design — double anonymity).