Full documentation is moving to docs.deja.dev — launching Q3 2026.
Start in minutes.
The DSR/1.0.2 spec and verifier are stable today. Full integration guides and interactive walkthroughs are moving to docs.deja.dev — launching Q3 2026.
Initialize a vault
# scaffold a new vault npx deja init
Scaffolds a vault config and writes a deja.json manifest in the current directory. No account required.
Connect a source
# OAuth + webhook → test signal deja connect --source github \ --vault my-vault
Authorizes the GitHub integration, registers a webhook, and fires a test signal to confirm the connection is live.
Verify a receipt
# runs fully offline — no API call needed dsr-verifier-cli verify receipt.json
Confirms the Ed25519 signature covers the JCS-canonical payload and that the receipt conforms to DSR/1.0.2. Runs fully offline — no Déjà account required.
DSR/1.0.2 — open specification
Every receipt Déjà issues is validated against the DSR/1.0.2 JSON Schema. The spec defines receipt format, signing algorithm (Ed25519 over JCS-canonical payload per RFC 8785), verification procedure, and all ten receipt classes. The schema is machine-readable and publicly hosted.
Delivery channels
Signed receipts are delivered downstream-only — delivery has zero effect on how receipts are issued, signed, or appended to the ledger. A delivery outage never loses a receipt.
| Channel | Status | Destination | Notes |
|---|---|---|---|
| Slack | LIVE | Slack workspace (Incoming Webhook) | Messages posted to a channel; attach-only. |
| LIVE | Recipient email addresses | Recipient double opt-in; unsubscribe link on every message. | |
| Webhook | LIVE | Customer HTTPS endpoint | HMAC-SHA256 signed payload; rotation and retry built-in. |
| ServiceNow | LIVE | Customer ServiceNow instance (OAuth) | Attach work note + signed receipt to the matched incident. See below. |
| Jira Service Management | LIVE | Atlassian cloud instance (OAuth 3LO) | Internal comment + signed receipt attached to the matched request. See below. |
- Connection
- Déjà connects via Atlassian OAuth 3LO with
read:jira-work write:jira-workscope only — no admin or transition scope is requested or granted. - Matching
- Jira has no standard correlation field. You tell Déjà where your alerting tool writes the alert key — a label, a custom field, or an issue property. Déjà matches with an exact JQL query (equals, never a contains/text search) — deterministic, never a guess. One match attaches; zero holds up to the configured window then moves to Unmatched; two or more goes Unmatched immediately.
- Attach-only
- Déjà adds an internal comment and an attachment and never creates, edits, transitions, assigns, or resolves a request. Every attempt is logged.
- What lands on the request
- An internal (agent-only) comment listing the receipt ID, attribution, CCS score, and a
dsr-verifier-cli verify deja-receipt-{id}.jsoncommand, plus the signed receipt JSON as an attachment. - Offline verification
- Download the attached
deja-receipt-{id}.jsonfile and rundsr-verifier-cli verify deja-receipt-{id}.json. The signature verifies fully offline against Déjà's public key — no API call needed. - Receipts on your ledger
- Receipts are signed and written to the ledger regardless of delivery state. A failed or unmatched attach never loses a receipt. Unmatched jobs can be retried automatically or matched manually to a specific request key from the Connections page.
- Matching
- Each receipt carries an alert key (the incident's
correlation_idor a custom field). Déjà queriesWHERE {field} = {alert_key}— exact equality only. One match attaches; zero holds up to the configured window then goes Unmatched; two or more goes Unmatched immediately (never picks one). - Attach-only
- The only writes are a work note (
PATCH work_notes) and a file attachment. Déjà never creates, edits, reassigns, resolves, or closes an incident. - What lands on the incident
- A work note listing the receipt ID, attribution, CCS score, and a
dsr-verifier-cli verify deja-receipt-{id}.jsoncommand, plus the signed receipt JSON as an attachment. - Offline verification
- Download the attached
deja-receipt-{id}.jsonfile and rundsr-verifier-cli verify deja-receipt-{id}.json. The file contains the byte-exact signed payload; the signature verifies fully offline against Déjà's public key without contacting Déjà's API. - Failed attach
- A failed or missing delivery never loses a receipt. The signed receipt is on your immutable ledger regardless of delivery state. Unmatched and failed jobs can be retried or manually matched from the Connections page.