/source/ · Test corpus · Apache-2.0 harness · CC0 vectors

conformance

v1.0.0

The shared conformance test corpus and harness. 248 known-good vectors and 187 known-bad vectors, plus a language-agnostic runner that drives any reference library.

ratified March 2026commit 8af4c92d452 files · 1.18 MB

About this artefact

The conformance package is what every implementation must pass to claim compatibility. It contains 248 known-good vectors (valid receipts that MUST verify) and 187 known-bad vectors (mutated, replayed, or chain-broken receipts that MUST NOT verify). Vectors are released under CC0 so they can be embedded directly into any project, including proprietary forks.

The harness — under Apache-2.0 — is a small Rust binary that takes a verifier executable as an argument and runs the entire corpus through it, producing a JSON report with per-vector pass/fail and a summary digest. The conformance run hash that appears on every badge submission is computed by this harness.

Manifest

Tar.gz tarball download is published at the spec ratification cadence. Below is the current public manifest (SHA-256 fingerprints, file count, ratification commit).
PathSizeSHA-256
README.md2.3 KB0d4fa661ee7a39cee98c88b471dea362e6c252f9b5eb30f64838f12d9c0679cf
vectors/good/248 files · 412 KBd4808335957a60f8bffcc1d80530d3abed1869f94758278e437952e9850ba5c0
vectors/bad/187 files · 298 KBbbaa5fa33f5ac6207465a80d624ac5eecb92638b49a3ca43a13af00c39dfcb53
harness/Cargo.toml0.7 KB185b10f77ed52fe78847b99e16a383ffb53d4af1297ac31919d49a36330248c1
harness/src/main.rs8.6 KBe0242c7061776c309086df0ffbbdf6decabbe65b59813138ad253ed7ad2b23c3
452 files · 1.18 MB · ratification commit 8af4c92d · signed by working-group key wg-2026-03

Quick start

shell
# Download the corpus
curl -fSLO https://signedreceipts.org/source/conformance/signedreceipts-conformance-1.0.0.tar.gz
tar xf signedreceipts-conformance-1.0.0.tar.gz
cd signedreceipts-conformance-1.0.0/
shell
# Run the harness against any verifier binary
cargo run --manifest-path harness/Cargo.toml -- \
    --verifier ./signedreceipt \
    --report ./report.json

# Submit the digest in your /badge/ application
jq -r '.summary.digest' report.json

Issues / questions

Bug reports, patches, and security advisories all go to the working-group inbox.

open-source@cloakapi.io

Back to /source/ · related: spec · conformance · implementations