SynOI

Product · Receipt Verifier

TestingFree · public · no auth

Paste any SynOI receipt URL.
See the cryptographic math.

Verifiability is only credible when it doesn't require trusting us. The Receipt Verifier is a public, unauthenticated surface: paste any receipt URL, the page renders the canonical body, the hybrid (Ed25519 + ML-DSA-65) signature, and the verification result. No account. No SynOI dependency. No SaaS in the loop. Auditors check receipts offline, with whatever crypto library they already trust.

Open verify.synoi.systems →Receipt format spec

Anatomy of a Decision Receipt

Every field is documented. Every field is verifiable.

The receipt below is a sample of the canonical body returned by the verifier. The signature is computed over the byte-exact canonical JSON encoding of this body. Every field is annotated. None of it is proprietary; the format spec is open and standards-based.

rcpt_8b3c9f...Signature valid

version 1

receipt_id rcpt_8b3c9f12...

tenant_id acme-prod

action_class tool.deploy

action_desc terraform apply

risk_level high

decision allow

mode enforce

approver a.rivera

approval_surface mobile

elapsed_ms 14_312

model claude-opus-4-7

oid_hex a3f8c21d9b4e...

recorded_at 2026-05-14T14:32:01Z

signature
3a9f2b1c8d7e6f5a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d3e2f1a (Ed25519 + ML-DSA-65)

receipt_id

Globally-unique. Embeds in the verify URL. Never reused across tenants.

action_class · action_desc · risk_level

What was attempted, in human-readable form. Tenant policy decides the risk class; the receipt reflects the policy decision.

decision

One of: allow · deny · hitl_approved · hitl_denied · remediate. The exit status of the governance evaluation.

approver · approval_surface

If HITL was required, who approved it and on what surface (mobile / slack / sms / desktop / email).

oid_hex

The content-addressed Object Identifier (OID): SHA-256 of the canonical body. Same content, same OID, across providers and time.

signature

Hybrid Ed25519 (RFC 8032) + ML-DSA-65 (NIST FIPS 204) over the canonical JSON encoding. Public key published. Verify offline with any standard library.

Why a public verifier matters

Verifiability is only credible when it doesn't require trusting the vendor.

Third-party verifiability

An auditor, a customer, or a regulator can check any receipt without a SynOI account, an API key, or a sales call. The verifier is a static page over a public key. There is no SaaS in the verification path.

Offline checking

The published public key is small and stable. Auditors can mirror it once, then verify receipts offline forever after. The signature mathematics doesn't require the issuer to be online.

Standards-based crypto

Ed25519 (RFC 8032) and ML-DSA-65 (NIST FIPS 204). Any major language ecosystem has libraries for Ed25519: Rust, Go, Python, Node, Java, C++, Swift, .NET. We don't invent the math.

Tamper-evident forever

The signature is over the canonical encoding. Any mutation (even whitespace) invalidates it. A receipt that verifies today verifies in five years, with the same key, regardless of what's happened to SynOI in the interim.

Survives vendor risk

The pitch is honest about this: if SynOI is acquired, pivots, or vanishes, the receipts your team produced under SynOI's governance keep verifying. The crypto doesn't care who owns the company.

Independent of receipt issuer

The verifier doesn't know about SynOI specifically. Any party can publish an Ed25519 + ML-DSA-65 public key pair and issue compatible receipts. The protocol is open; the verifier is a reference implementation, not a moat.

Verify in your own code

Three languages, three libraries, all standard.

Node · @noble/ed25519

import { ed25519 } from '@noble/curves/ed25519'

const body  = await canonicalCbor(receipt)
const sig   = receipt.signature
const pubKey = await fetchSynoIKey()

const ok = ed25519.verify(sig, body, pubKey)

Python · cryptography

from cryptography.hazmat.primitives.asymmetric.ed25519 \
  import Ed25519PublicKey

body  = canonical_cbor(receipt)
sig   = receipt['signature']
pub   = fetch_synoi_key()

Ed25519PublicKey.from_public_bytes(pub).verify(sig, body)

Rust · ed25519-dalek

use ed25519_dalek::{Signature, VerifyingKey, Verifier};

let body = canonical_cbor(&receipt);
let sig  = Signature::from_bytes(&receipt.signature);
let pk   = VerifyingKey::from_bytes(&fetch_key())?;

pk.verify(&body, &sig)?;

The SynOI public key is published at verify.synoi.systems/.well-known/synoi-ed25519.pub and rotates on a documented schedule. Old keys remain valid for receipts they signed; the rotation policy is documented in /security.

Verifiability you don't have to take our word for.

The verifier is free. The crypto is standard. The receipts work without us. Try it on a sample now, then point a real workflow at the gateway and check your own.

Open the verifier →Set up the Gateway