AI answers need receipts.
TSP is open verifiable trust infrastructure for AI systems: signed receipts that bind an AI output to source declarations, process evidence, timestamps, hashes, and independent verification.
TSP wraps important AI outputs in signed TrustEnvelope receipts. A recipient, auditor, or verifier can check the content hash, signature, issuer manifest, and time evidence without relying on a vendor dashboard.
The protocol is designed for regulated and public-sector AI evidence needs, especially workflows where a later reviewer may ask: what did the AI say, what sources were declared, which process produced it, and was it changed later? It is positioned squarely on the EU AI Act evidence path — Article 50 transparency obligations apply from 2 August 2026, and Articles 9, 12, 13, 14, 15 and 17 all benefit from a portable, verifiable artifact rather than a vendor-bound log.
Each audience has a different first click:
| If you are… | Start here |
|---|---|
| A regulator or policymaker | TSP × EU AI Act — article-by-article mapping, and the browser verifier to inspect a real envelope. |
| A compliance, legal, risk or procurement lead | Verification gap, the paid pilot path, and the TrustBadge your customers will see. |
| An AI developer, architect or security engineer | The SDK and its examples/ — a minimal wrap/verify and an EU AI Act-flavoured end-to-end. |
| An end-user or affected citizen | The browser verifier — paste any TSP envelope and see, in your own browser, whether it still verifies. |
| Surface | Convention |
|---|---|
| Trust root | https://<issuer-domain>/.well-known/tsp-manifest.json |
| Canonicalization | RFC 8785 / JCS |
| Hashing | SHA-256 |
| Signatures | Ed25519 |
| Timestamp evidence | RFC 3161 TSA tokens |
| Optional DNS binding | DANE |
| Offline verification | verifyLocal() |
| Network-backed verification | verifyOnline() |
| Reference implementation | TypeScript / JavaScript SDK |
| Repository | Purpose |
|---|---|
tsp-spec |
Normative TSP specification: JSON Schema (tsp-v3.schema.json), threat model, RFC 8785 conformance fixtures, and operator runbooks (key rotation, revocation). Licensed CC-BY-4.0. |
sdk |
Reference TypeScript SDK and CLI for TSP v3 alpha. Includes runnable examples/ and the conformance suite that pins to tsp-spec fixtures. |
trustbadge-react |
React UI component for showing the receipt and verification status to end users. |
tsp-site |
Public site, browser verifier, audience-mapped landing pages, and release checks. Renders the spec from tsp-spec as a readable page at /spec. |
.github |
This org profile and ecosystem guidance. |
The public open layer (Spec + SDK + TrustBadge) is intentionally licensed and structured so it keeps working even if LexiCo disappears. The commercial platform modules (Core, Risk, Evidence, Oversight, Control Plane) are sold as focused pilot and production services to teams that want the operational layer handled.
The protocol is composed of five commercial platform modules: Core, Risk, Evidence, Oversight, and Control Plane. The Core primitive is open-source (MIT) for local/online verification, while the advanced features and operational layers are licensed under commercial terms.
| Layer | Module | License | What it does | Page |
|---|---|---|---|---|
| Open primitive | Core | MIT / Comm. | Envelope structure, signing, canonicalization, hash chain, local + online verification. | /core |
| Operations | Risk | Commercial | Watches envelope streams in real time, flags drift, raises alerts before complaints arrive. | /risk |
| Operations | Evidence | Commercial | Auditor-ready dossier export — one URL hands a regulator everything they will ask for. | /evidence |
| Operations | Oversight | Commercial | Signed human-review queue: reviewer verdicts become first-class TSP records. | /oversight |
| Operations | Control Plane | Commercial | Operator surface for tenants, licenses and billing across the other commercial modules above. | /control-plane |
The commercial modules ship as standalone services (hosted or on-prem) and never call back to LexiCo to validate. Pricing lives at /priser.
Current public work focuses on:
- signed AI-output receipts;
- local and online verification paths;
- canonical manifest discovery and PKI;
- pass/fail interop fixtures and implementer guidance;
- claim discipline around what is implemented, alpha, or planned.
LexiCo currently stewards the project. The intended next governance step is a public RFC lane, a compatibility review process, and a working group with external technical reviewers.
The next credibility milestones are external, not cosmetic:
- clean-room implementations in additional languages;
- public pilot proof packs;
- independent security or protocol review;
- issue-level RFC discussion;
- practical adapters for regulated AI workflows.
No external validation is implied here until a real public artifact exists. Gate A (the first external organization signing an envelope with its own key and DNS-hosted manifest) remains the closest meaningful milestone.
Report security issues privately to [email protected]. Each repository carries its own SECURITY.md. Do not file security findings in public issues. For non-security questions (pilots, integration, press), use [email protected].
Trust should be inspectable, portable, and bounded by evidence.
