Sample receipt

See what a governed agent action leaves behind.

A ZLAR receipt gives a governed action a record: what was attempted, what policy applied, what decision was made, and where the boundary stopped.

Inspect the receipt Verify in Terminal
governed-action receipt sample
attemptedrouted MCP tool call
decisionallow | deny | ask
authoritysigned human policy
coveragerouted/intercepted surfaces only
What the receipt says

A receipt makes the governance event inspectable.

The sample receipt points to a bounded evidence bundle. It shows the decision surface, the policy authority, the verification path, and the coverage report that says where ZLAR held and where it ended.

For developers and auditors, the technical artifact name is Proof Pack v0. For a first visitor, the important thing is simpler: there is a record you can inspect.

Sample anatomy
Receipt

One governed decision.

Hashes

Downloaded files match.

Coverage

Scope and limits are named.

Checks

Privacy and claim scans pass.

Developer verification

Verify the sample run in Terminal.

These commands download the public sample artifacts, check the SHA-256 sidecar, and run the local verifier. 

mkdir zlar-proof-pack-v0-scratch
cd zlar-proof-pack-v0-scratch
mkdir -p evidence

curl -fsSLO https://zlar.ai/demo/proof-pack/README.md
curl -fsSLO https://zlar.ai/demo/proof-pack/proof-pack-manifest.json
curl -fsSLO https://zlar.ai/demo/proof-pack/SHA256SUMS
curl -fsSLO https://zlar.ai/demo/proof-pack/verify-proof-pack.mjs
curl -fsSLo evidence/governed-profile-coverage-report.json \
  https://zlar.ai/demo/proof-pack/evidence/governed-profile-coverage-report.json
curl -fsSLo evidence/governed-profile-coverage-report.txt \
  https://zlar.ai/demo/proof-pack/evidence/governed-profile-coverage-report.txt

shasum -a 256 -c SHA256SUMS
node verify-proof-pack.mjs

Sample disclosure

  • This sample uses fake/scratch artifacts only.
  • It verifies hashes, manifest, coverage boundaries, and privacy/claim checks for a sample path.
  • It is not production deployment evidence.
  • It is not external non-Vincent verifier attestation.
Files

Download the sample artifacts directly.

These links download the same public sample files used by the terminal commands.

README Manifest SHA256SUMS Verifier Coverage JSON Coverage TXT
Expected result

A clean verification ends in PASS.

The output should show every downloaded file as OK, followed by verifier PASS lines for the manifest, claim ceiling, coverage type, hashes, non-claims, privacy flags, and text scans. 

README.md: OK
proof-pack-manifest.json: OK
evidence/governed-profile-coverage-report.json: OK
evidence/governed-profile-coverage-report.txt: OK
verify-proof-pack.mjs: OK
PASS proof-pack manifest type
PASS manifest claim ceiling
PASS coverage report type
PASS coverage claim ceiling
PASS hashes match manifest entries
PASS non-claims present
PASS privacy flags are false
PASS privacy and claim text scan
PASS scratch proof pack verified

v3.3.15 claim boundary

Release state: ZLAR v3.3.15 on GitHub.

  • ZLAR governs routed/intercepted action surfaces only.
  • Safe Codex wording: "ZLAR can govern Codex CLI-invoked MCP tool calls when those MCP servers are routed through ZLAR."
  • Unrouted shell/filesystem/browser/app/network/model-reasoning/final-text surfaces are not claimed as governed by this proof path.
  • /contest is not implemented.
  • External non-Vincent verifier attestation remains prepared/pending unless state changes.