paybondpaybond
Sign in

Agent receipts

Portable signed receipts for autonomous agent actions — policy, model context, payment, and evidence by digest.

An agent receipt (paybond.agent_receipt_v1) is Paybond's portable signed JSON artifact for a single autonomous action (or, in a later scope, an intent-terminal outcome). It answers:

This action happened, under this policy, by this model configuration, with this payment and evidence proof — and here is the Gateway signature.

Public guide: Agent Receipt Standard (ARS).

Agent receipts complement — they do not replace — existing Paybond artifacts:

ArtifactWhat it proves today
Protocol settlement receiptIntent-terminal outcome for AP2/mandate flows
Harbor completion evidencePayee-signed predicate satisfaction
MPP / x402 funding headersFunding transport credentials
Spend authorization decisionPer-verify policy decision (not exported as a receipt)
Agent run traceOperator observability timeline

Agent receipts compose those pieces into one offline-verifiable envelope using digests and references.

When receipts are emitted

ScopeWhenStatus
actionAfter evidence submit for a side-effecting tool callShipped — Gateway compose, persist, fetch, verify, audit export
intent_terminalHarbor reaches terminal stateReferences references.settlement_receipt_id; follows protocol settlement receipt path

Runtime compose runs in Gateway after Kit middleware completes the authorize → execute → evidence path for action scope. Receipt ids are deterministic: sha256(intent_id + "\x00" + tool_call_id) hex for action scope.

Privacy model

Receipts are hash-only for prompts, tool arguments, tool results, and evidence payloads. The schema rejects raw sensitive fields. Tenants can require prompt_hash_sha256_hex and config_hash_sha256_hex without exposing prompt text to verifiers.

Trust model

  1. Gateway signature — Composite receipts are signed by Paybond Gateway with a dedicated agent-receipt key (same rotation posture as other Gateway signing keys).
  2. Payee evidence — Referenced by evidence.payee_signature_digest_sha256_hex; Gateway does not re-sign payee evidence.
  3. Operator counter-signature (optional)operator_attestation signs the Gateway message_digest_sha256_hex for model attestation; Kit attach helpers add it when an operator signing key is available.
  4. Offline verify — Kit, Gateway, Rust (paybond-agent-receipt), and Go (agentreceipt) expose verify helpers; Gateway publishes the JSON Schema at GET /.well-known/agent-receipt-v1.json.

Discovery and API routes

RouteAuthPurpose
GET /.well-known/agent-receipt-v1.jsonPublicJSON Schema for paybond.agent_receipt_v1
POST /protocol/v2/agent-receipts/verifyPublicVerify a signed receipt JSON body
GET /protocol/v2/agent-receipts/{receipt_id}Tenant-boundFetch one signed receipt
GET /protocol/v2/agent-receiptsTenant-boundList or resolve by intent_id + tool_call_id query params

See also v2 protocol trust for related discovery routes and Gateway API reference for the full route table.

Developer surfaces

SurfaceCapability
Rust paybond-agent-receiptTypes, hash helpers, verify
Go go/gateway/internal/agentreceiptTypes, hash helpers, verify, compose
Kit TS/Python verifyAgentReceiptV1Offline verify
Kit paybond.agent.getReceipt()Tenant-bound fetch after evidence submit
CLI paybond receipts get|verify --kind agentFetch and verify action receipts
MCP paybond://receipt/{receipt_id}Agent-to-agent handoff via resources/read
Audit export agent_receipts includeCompliance bundle copies at agent_receipts/{receipt_id}.json
Signal fraud inputsAGENT_RECEIPT_VOLUME_SPIKE, AGENT_RECEIPT_POLICY_DRIFT (score-neutral)

Normative details: designs/agent-receipt-v1.md. Conformance vectors: kit/agent-receipt/conformance/.