developers · proof api
Replay-backed public proof, without operator authority.
Use the public proof API to read discovery, replay frames, receipt cards, graph context, exports, operator evidence, and status contracts. Public reads require no API key and cannot execute orders, mutate runtime state, custody assets, or read private keys.
public proof endpoints · 8
Discover public contracts, schemas, endpoints, and safety boundaries.
zero.discovery.v1 · auth none · global_public_read
- GET/api/replays
List public replay summaries with bounded pagination and filters.
zero.replay_index.v1 · auth none · global_public_read
Fetch one public DECISION_LOOP replay payload.
zero.decision_replay.v1 · auth none · global_public_read
Fetch a shareable public receipt card without private traces or performance claims.
zero.decision_receipt_card.v1 · auth none · global_public_read
Fetch retained replay adjacency and hash coverage.
zero.replay_graph_context.v1 · auth none · global_public_read
Export replay summaries plus v95 evidence bundle material for offline inspection.
zero.replay_export.v1 · auth none · global_public_read
Fetch normalized public operator evidence and proof links.
zero.public_operator.v1 · auth none · global_public_read
- GET/api/status
Fetch public operational status for runtime, proof, notification, and support readiness.
zero.status.v1 · auth none · global_public_read
Integration flow
Read discovery and developer proof contract.
/.well-known/zero.json + /api/developers/proof
zero.discovery.v1 + zero.developer_proof_api.v1
Fetch replay index and choose a replay id.
/api/replays?limit=20
zero.replay_index.v1
Fetch replay detail, receipt card, and graph context.
/api/replays/{id}
zero.decision_replay.v1 plus companion contracts
Export a replay capsule for offline review.
/api/replays/export?limit=20
zero.replay_export.v1 plus v95 evidence bundle fields
Journal hash recipe
Every journal root published at /api/journal-roots is recomputable from this recipe alone — no private material required. The machine-readable contract below is the normative source; a repository test recomputes production hashes from it on every build, so this page cannot drift from the running hasher.
- canonical json: Serialize the object to JSON with keys sorted lexicographically by Unicode code point, no whitespace, and non-ASCII characters emitted literally (never \u-escaped).
- hash: sha256 over the utf-8 bytes of the canonical JSON string, lowercase-hex digest, prefixed “sha256:”
- payload_hash: hash.prefix + sha256(canonical_json(payload))
- entry_hash: hash.prefix + sha256(canonical_json(entry minus excluded_fields)) — excluded fields: entry_hash, signature, signing_key_id, signing_public_key_b64
- chaining: prev_hash of entry N equals entry_hash of entry N-1 in the same stream; the first entry uses genesis_prev_hash. seq starts at 1 and increments by 1.
- root_hash: hash.prefix + sha256(canonical_json(root minus excluded_fields)) — excluded fields: root_hash, signature, signing_key_id, signing_public_key_b64, anchor
- signatures: ed25519 over the canonical hash body, base64-encoded
Versioning policy
- current: zero.developer_proof_api.v1
- compatibility: v1_additive_only
- breaking changes: new_schema_version_required
- deprecation notice days: 90
Safety boundary
- read-only: true
- paper-first: true
- execute orders: false
- mutate runtime: false
- custody assets: false