Plate I The attestation frame.
Receipts, not trust verification by construction.
The phrase "TarotScript is to AI decision-making what SQL is to data querying" is not metaphor alone. It is an engineering claim.
SQL turns database intent into an explicit, inspectable query contract. TarotScript does the same for agentic decision flows: deck bindings, spread source, seed, correspondence tables, and emitted claims are bound into a deterministic attestation surface that can be re-checked later.
Plate II One route, explicit outcomes.
curl https://tarotscript-worker.blue-pine-edf6.workers.dev/verify/<hash>| State | Meaning |
|---|---|
verified: true | Receipt signature matches the canonical payload for this hash. |
verified: false, reason: "tampered" | A signed receipt exists, but recomputed HMAC does not match stored signature. |
verified: false, reason: "unknown-hash" | No receipt row and no legacy reading row exist under this hash. |
verified: false, reason: "unsigned-legacy" | Reading exists but predates signed receipt substrate, or verifier secret is absent. |
verified: false, reason: "key-retired" | Signed under a key outside the active verifier keyset. |
Plate III Deterministic inputs.
Reproducibility contract
source: full spread/program text that produced the reading.seed: deterministic draw seed for the runtime execution.deck_bindings: deck alias to content-hash map.spread_hash: SHA-256 of source text (source-only attestation lane).correspondence_hash: SHA-256 of canonicalized correspondence tables.claims_attested: published claim entries (bounded and signed).bundle_bindings(optional): artifact slug to SHA-256 bytes map for Trust Bundles.schema_version: signed schema version for contract continuity.
SQL-level bridge: this contract is the difference between "the model said it" and "the system can prove which deterministic structure produced it."
Plate IV What verification does not claim.
Limits
- Verification proves structural provenance and integrity, not factual truth of each claim.
- Verification proves a receipt was signed, not that external evidence delivery was perfect.
- Verification does not replace governance review; it narrows ambiguity by making claims inspectable and tamper-evident.