ProtocolGovGuardFinGuardExplorerPlaygroundAdoptCloudTrustDocsRequest Pilot
DEMO RECEIPT — synthetic vendor scenario, signed with a stable Ed25519 demo keypair. The full document and public key are returned unauthenticated by GET /api/demo/trust-receipts/tr_example/evidence. The signature below verifies via the “Verify it yourself” block. Production receipts come from POST /api/v1/trust-receipts.
EP-RECEIPT-v1 · TRUST RECEIPT

vendor_bank_account_change

tr_example
allow_with_signoffenforce

What happened

Vendor bank-account change — fraud signals tripped, two-party approval required.

On April 15, 2026 at 22:14 UTC, the vendor self-service portal received a request to change the deposit account of record for Acme Industrial LLC (vendor VEND-9821). EMILIA flagged four risk signals (new destination, after-hours, no change in 30 days, unusual submitter ASN). Policy required two independent named humans to approve before the change could be applied. With $248,750 in vendor payments scheduled to that account, no payment was released until both approvals were on record.

Two named humans approved. Change applied. Cryptographic record below.

Risk signals fired

EMILIA's Eye layer matched these signals against the policy and required signoff before consume.

NEW_DESTINATIONAFTER_HOURS_SUBMISSIONNO_PRIOR_CHANGE_30DUNUSUAL_SUBMITTER_ASN

The action

Organization
org_demo_treasury
Action type
vendor_bank_account_change
Decision
allow_with_signoff
Enforcement mode
enforce
Before (hashed)
sha256:f85ac1e8f666cfdfa
After (hashed)
sha256:fd9fc7745f7e9c387
Payments held
$248,750 pending until both approvals on record
Expires at
2026-04-16T22:14:08.000Z

Accountable signoff

Policy: two_party_independent_approval. Each approver assumes named, cryptographically bound responsibility for this exact action.

Approval 1 of 2
ap_controller_jane_park
AP Controller
2026-04-15T22:32:41.000Z
Approval 2 of 2
cfo_delegate_kevin_chen
CFO Delegate
2026-04-15T22:48:17.000Z

Execution

Consumed at
2026-04-15T22:48:22.000Z
By system
vendor_master_data_svc
Execution ref
vmd_change_8E2A1F4B

Timeline

2026-04-15 22:14:08
guard.trust_receipt.created
vendor_portal_agent
2026-04-15 22:14:08
eye.risk.flagged
ep_eye
2026-04-15 22:14:09
guard.signoff.requested
ep_policy_engine
2026-04-15 22:32:41
guard.signoff.approved
ap_controller_jane_park
2026-04-15 22:48:17
guard.signoff.approved
cfo_delegate_kevin_chen
2026-04-15 22:48:22
guard.trust_receipt.consumed
vendor_master_data_svc

Verify it yourself

This receipt's signature is verifiable offline by anyone — zero EP infrastructure required. Install the package, fetch the evidence packet, run verify:

npm install @emilia-protocol/verify@^1.0.1

import { verifyReceipt } from '@emilia-protocol/verify';

// Public unauthenticated endpoint — only serves the demo receipt:
const { document, public_key } = await fetch(
  'https://emiliaprotocol.ai/api/demo/trust-receipts/tr_example/evidence'
).then(r => r.json());

const result = verifyReceipt(document, public_key);
// → { valid: true, checks: { version: true, signature: true, anchor: null } }
//
// The deeply-nested claim.context.change.after_bank_hash and every
// risk_signal are bound by the recursive canonical signature.

Demo public key (stable, hardcoded in lib/demo-receipt.js): MCowBQYDK2VwAyEAElZsl_xk08JOnjfQXhZCy7H1us1TrV8l
Production receipts use operator keys held in EP_OPERATOR_KEYS (env, never in source).

Want a receipt like this for every high-risk action your team takes?

EP GovGuardEP FinGuardRequest Pilot
Trust Receipt — EMILIA Protocol | EMILIA Protocol