Independent evidence rail for authority and change proof.
Cryptographically signed receipts, governance enforcement, and offline-verifiable evidence outputs for operational change.
What it is
-
Authority-bound receipts
Every event is tied to who or what authorized it — no ambiguity.
-
Tamper-evident chain of custody
Cryptographic signatures ensure evidence integrity from creation to verification.
-
Offline verification
No "trust us" — verify receipts and manifests without our infrastructure.
Trust anchors
-
Issuer JWKS
Public keys used to sign every receipt — pin or cache for offline verification.
-
Verify UI
Drop a kit ZIP or individual receipt and verify signatures in-browser.
-
Security Model
Threat model, key-rotation cadence, and incident-response posture.
-
Merkle & Receipt Spec
Receipt schema, Merkle-tree construction, and canonical JSON rules.
How it works
-
Submit an event with authority reference
Export artifacts from ServiceNow/Jira/GitHub (ticket, approvals, logs) and specify the authorizing entity reference (ticket ID, approval ID, user or service principal). No installs — record-only submission.
-
Receive a signed receipt
Get a cryptographically signed, offline-verifiable receipt for each event.
-
Generate periodic binders/manifests
Produce monthly or quarterly evidence packages ready for audit, compliance, or dispute defense.
Use cases
Enterprise change operations
ServiceNow, Jira, or GitHub change approvals with verifiable authority trails.
MSP standardization
Ticket-closure governance and monthly binders for multi-tenant operations.
Dispute / claims defense
Prove what happened, when, and under what authority — with offline verification.
Not a compliance dashboard. Not questionnaire automation. Not "SOC2-in-a-box."
AttestLayer is evidence infrastructure — a verifiable rail.