Dekimu · provenance docs

Provenance docs

Reference docs for the Dekimu Agent Provenance Receipt (APR) protocol and the verify.dekimu.com reference verifier. Aimed at auditors, integrators, and anyone running their own verifier.

What lives here

Dekimu apps mint cryptographically-signed receipts when an AI agent produces a billable, customer-visible, or legally-relevant artifact — a Commander run, a miniterms document, a Designer site publish, an InvoiceUp follow-up or statutory letter. Each receipt has a stable ID and lands in a daily Merkle root that anyone can independently verify against the public anchor key.

These docs describe the public protocol surface. No Dekimu account is required to verify a receipt — every endpoint below is open and CORS-enabled.

Sections

Quickstart

Verify a receipt in three curl commands. The shortest path from a receipt ID to a Verified verdict.

API reference

The four public endpoints any verifier or external auditor can rely on — request shapes, response shapes, headers, caching.

Self-verify walkthrough

A longer reader-walkthrough: pull the claim, pull the proof, pull the public keys, verify the signature with openssl, confirm Merkle inclusion. Ends at Verified.

Audience

Auditors — confirm that a specific artifact was issued by a specific Dekimu app at a specific time, without trusting Dekimu's servers at verification time.
Integrators — embed verification badges or fetch receipts from a partner's system without writing protocol code.
External issuers — once federation opens, run your own verifier on your own domain and publish your own claim keys. The reference implementation here is open source.