Developer Docs
Developer Overview
Start at the main docs hub.
Verification Lifecycle
Artifact submission, receipts, and later comparison.
API Overview
Public request and response model.
Security Model
Claims boundary and public-safe controls.
Architecture
Workflow fit and trust-boundary framing.
Threat Model
Threat assumptions and review posture.
Developer Docs
Threat Model
This public threat model summarizes the external risks TrustSignal is designed to address in high-loss workflows where incentives exist to modify, substitute, or detach evidence after collection.
Threat Scenarios
The table below focuses on externally visible threats and expected high-level behavior, without exposing proprietary internals.
Evidence tampering after collection
Later verification compares current artifact state to the stored signed verification receipt so drift can be detected during downstream review.
Artifact substitution attacks
Verification signals and receipt-bound commitments make it explicit when a different artifact is presented later under the same workflow context.
Provenance loss in compliance workflows
Receipts preserve verifiable provenance metadata so downstream teams can keep source and lifecycle context attached to the record.
Stale evidence during audit review
Later verification is a separate lifecycle check so older results are not silently reused without checking current receipt state.
Unverifiable documentation chains
Signed verification receipts provide a durable technical record that can travel with the workflow even when documentation moves between systems.
Boundary Conditions
TrustSignal does not provide legal determinations, compliance certification, or fraud adjudication. It provides technical verification artifacts that downstream systems can use in their own workflow controls.