This playground demonstrates the core claim: a Digital Action Receipt (DAR) can be verified independently using only the receipt + public key + deterministic logic. No API calls. No database. No issuer cooperation. Demo keys are stored in localStorage for convenience (do not use demo keys in production).
The DAR stores context_hash (SHA-256 of canonicalized context JSON). You can keep context separate for privacy or include it with the receipt.
Canonical payload is hashed then signed using ECDSA P-256 (WebCrypto). Signature and hashes are embedded in dar.json.
Verification performs: canonicalize → hash → signature verify. No network calls.
✅ Integrity: any mutation breaks verification
✅ Authenticity: issuer key must match signature
✅ Survivability: verifier needs only receipt + public key + open logic