Kanshō

Docs / Permissions and trust /

VerificationReceipt

Signed receipt confirming a sensitive action completed with a specific scope and actor.

Preview

Receipt · PassedVR-9f3a2c
migration artifactsha256:4d2e8f1b

Schema migration validated successfully. All 12 checks passed before applying to production.

  • No schema drift detectedTarget schema matches expected state.
    Passed
  • Rollback script presentdown.sql verified and executable.
    Passed
  • Row count within toleranceΔ +2,140 rows — within ±5% threshold.
    Passed
  • Foreign key constraints intact
    Passed
  • Index rebuild scheduledCONCURRENTLY flag set — no table lock.
    Warning
Signed by Kanshō Verifierv1.4.22026-06-17 · 14:32 UTC
sha2564d2e8f1b7c3a09e56b1f2d4a8e7c5b3f0a2d1e9c
Witnessed byCI Pipelineci@kansho

Variants

Failed — deployment blocked

Receipt · FailedVR-7b1d4e
build artifactsha256:9a1c3f7d

Build validation failed. Deployment blocked until issues are resolved.

  • Lint passed
    Passed
  • Type check passed
    Passed
  • Test suite passed14 tests failed in auth.spec.ts.
    Failed
  • Bundle size within budgetBundle is 2.4 MB — exceeds 2 MB cap.
    Failed
Signed by Kanshō Verifierv1.4.22026-06-17 · 15:01 UTC

Warning — partial pass

Receipt · WarningVR-3c8f1a
decision logsha256:2b4d6e8f

Decision validated with non-critical warnings. Review before proceeding.

  • Document format correct
    Passed
  • Required approvers signed
    Passed
  • Approval within TTLApproval is 47 minutes old — TTL is 1h. Cutting it close.
    Warning
  • Audit trail complete
    Passed
Signed by Kanshō Verifierv1.4.22026-06-17 · 15:22 UTC

Props

PropTypeDescription
id*stringGlobally unique receipt ID — operators copy this to chase the audit trail.
subject*stringThe thing being verified — a run id, file hash, or commit sha.
artifact*stringWhat is being attested — e.g. "migration artifact", "build artifact".
outcome*"passed" | "failed" | "warning" | "skipped"Overall verification result. Drives header colour and border.
summarystringShort one-line summary shown below the header.
checks*VerificationCheck[]Individual checks, each with a label, optional detail, and outcome.
signer*{ name: string; key?: string }The system that signed the receipt.
signedAt*stringHuman-readable timestamp.
hashstringOptional content hash shown in the footer.
witnesses{ name: string; key?: string }[]Optional witness signers listed below the primary signer.
onCopyId(id: string) => voidWhen provided, renders a Copy id button in the header.
classNamestringAdditional CSS classes for the article root.

* required.

Usage

import { VerificationReceipt } from "@/components/control-plane/verification-receipt";

<VerificationReceipt
  id="VR-9f3a2c"
  subject="sha256:4d2e8f1b"
  artifact="migration artifact"
  outcome="passed"
  checks={[
    { id: "schema-drift", label: "No schema drift detected", outcome: "passed" },
    { id: "rollback", label: "Rollback script present", outcome: "passed" },
  ]}
  signer={{ name: "Kanshō Verifier", key: "v1.4.2" }}
  signedAt="2026-06-17 · 14:32 UTC"
  onCopyId={(id) => navigator.clipboard.writeText(id)}
/>