schemas.governedwork.com
The canonical schema + specification namespace for Governed Work attestation receipts.
A GovernanceReceipt is the signed, neutral evidence artifact for
one governed action: who acted, under which decision, with whose approval,
with what outcome — cryptographically verifiable, with no product-specific shape. Its
spine is CADF (DMTF DSP0262)
(observer / initiator / action / target / outcome); it is carried as the
predicate of an
in-toto v1 Statement,
DSSE-signed, with the predicate
digest computed over RFC 8785 (JCS)
canonical bytes.
GovernanceReceipt — core predicate (v1)
| Artifact | URI |
|---|---|
| Specification (human-readable) | /attestation/governance-receipt/v1 |
| JSON Schema (Draft 2020-12) | /attestation/governance-receipt/v1/schema.json |
| Predicate type (in-toto) | https://schemas.governedwork.com/attestation/governance-receipt/v1 |
The predicate-type URI carries the major only (/v1),
matching in-toto / SLSA practice (e.g. slsa.dev/provenance/v1). Full SemVer
rides in the payload schemaVersion field and the schema $id.
Naming
Microsoft's Agent
Governance Toolkit also names a per-tool-call artifact
GovernanceReceipt. The names collide; the layers do not.
This namespace's GovernanceReceipt is the per-governed-action
artifact in the governedwork.com family — a coarser, neutral evidence
record. See the specification §1 for the
full layer map.