Trust Architecture

Verify, don't trust.

Every receipt is math. Every signer is on-chain.

Trust Hierarchy

Root. Service. Producer.

Each DRM3 product signs with its own Ed25519 key. Keys form a three-level hierarchy. Verification walks the chain from any producer receipt up through its service signer to the DRM3 root.

Root

DRM3 Root

Master signer. Certifies all services.

Path: drm3/root

Service

Service Signers

Each product derives a service-level key. Signs Merkle roots over all producer receipts.

Path: {service}/signer

connor/signercashew/signersignals-3p/signeravatar/signer

Producer

Producer Keys

Individual signing keys for specific data operations. Every row, every scan, every fetch.

Path: {service}/{producer}

connor/scannersignals-3p/nasdaqsignals-3p/sec-edgarcashew/cache

Verification flow: receipt→producer key listed in service registry→service certified by root→root key published at /.well-known/drm3-keys.json

Receipt Anatomy

Every operation in DRM3 produces a receipt. The receipt is the claim and the proof in one act: what was done, what data went in, what came out, and who signed it.

Receipts are chained. Each receipt can point to its parent via parent_id, forming a directed graph from raw source through every transformation to the final output. Walk the chain backward to verify the full provenance.

{
  "id": "rcpt_a1b2c3d4e5f6a7b8",
  "action": "signals.row.nasdaq",
  "timestamp": "2026-04-07T06:00:40.045Z",
  "input_hash": "sha256:7d4e3eec80026719...",
  "output_hash": "sha256:3f2b8a91cc4d7e6f...",
  "duration_ms": 496,
  "parent_id": "rcpt_9c8b7a6f5e4d3c2b",
  "metadata": {
    "_meta": {
      "protocol": "drm3-provenance-v1",
      "product": "DRM3 3P Signals",
      "signer": "signals-3p/nasdaq",
      "source": "nasdaq",
      "vendor": "nasdaq",
      "api_urls": [
        "https://api.nasdaq.com/api/quote/AAPL/info"
      ],
      "query_description": "NASDAQ listings - 12455 securities",
      "fetched_at": "2026-04-07T06:00:40Z",
      "response_status": 200,
      "bytes_in": 0,
      "bytes_out": 839597,
      "duration_ms": 496,
      "data_license": "https://github.com/DRM3Labs/drm3-data-licenses/blob/73e09ab/third-party/nasdaq.md",
      "attestation": "This data was fetched from nasdaq at 2026-04-07T06:00:40Z and signed with Ed25519 by signals-3p/nasdaq. US Government public domain data."
    }
  },
  "public_key": "ed25519:cfc9748b46dc1945a6ef4fdabff44871de40fad616c59fee98d7ec90e73dac22",
  "signature": "ed25519:..."
}

Core fields

input_hashSHA-256 of canonicalized inputs. Proves what went in.

output_hashSHA-256 of canonicalized outputs (including _meta). Proves what came out.

signatureEd25519 signature over the canonical receipt payload.

public_keySigner's Ed25519 key. Verifiable on-chain via the DRM3Registry.

parent_idLinks to the previous receipt in the chain. How provenance flows.

The _meta attestation packet

Every receipt that signs fetched or external data includes a _meta object inside the outputs. Because output_hash covers the data and _meta together, the attestation is cryptographically inseparable from the data it describes.

api_urlsThe exact URL(s) queried to produce this data. The literal request.

signerKey derivation path identifying who signed (e.g. signals-3p/nasdaq).

attestationHuman-readable statement: what was fetched, from where, when, by whom.

data_licenseCommit-pinned GitHub URL to the source's license at time of fetch.

response_statusHTTP status from the upstream source. 200 = valid fetch.

bytes_outSize of the data received. Proves the scope of what was signed.

On-Chain Lookup

Check any signer path against the DRM3Registry on Base. No wallet needed. Reads directly from the contract via public RPC.

DRM3Registry: 0xdad6...93F9e on BaseView on BaseScan

Verify a Receipt

Paste a DRM3 provenance receipt below. Verification runs entirely in your browser using the Web Crypto API. Nothing is sent to any server.