← RailCall

Proof

Every RailCall run mints an Ed25519-signed receipt. This page renders only receipts that a machine re-verified offline — integrity recomputed from the receipt body, signature checked against a reviewed key registry, and the honesty gate enforced (external_api_touched must match the run's true mode). If it's on this page, it verified. If it didn't verify, the build goes red instead.

0verified live runs 1verified mock-rail runs 0failed verification
Honest state, told straight: live cap-off receipts are being produced connector-by-connector right now and land here as each one verifies. A mock rail receipt proves the full governed flow — stage (zero writes) → human approval → saga execution → signed receipt — ran against a loopback stand-in, with the receipt honestly refusing to claim a live API touch (external_api_touched: false). We publish those too, labeled, because that's the point: receipts that can't lie.
ConnectorModeVerdictIntegritySigning keyApproved at
stripe mock VERIFIED · mock rail sha256:fa137d42ff800e9558267a1… 2cff316359e126cc 2026-07-02T11:30:49Z
Verify it yourself. Receipts, the trusted-key registry, and the verifier are plain files — recompute the sha256 over the receipt body (minus integrity_hash + signature, keys sorted), then check the Ed25519 signature over that integrity string against the registry key. No RailCall software required to audit RailCall.

Generated from receipts/verified_manifest.json · regenerate: python3 tools/verify_capoff_receipts.py