paybondpaybond
Sign in

Agent receipt PDF export (derived view)

Normative mapping from signed paybond.agent_receipt_v1 JSON to a human-readable PDF presentation layer.

PDF export for agent receipts is a presentation layer only. The signed JSON artifact remains canonical; PDFs are derived views for human review, similar to compliance audit export bundles.

Verification order

  1. Verify the signed JSON with POST /protocol/v2/agent-receipts/verify or Kit offline verify (paybond receipts verify --kind agent).
  2. Treat any PDF as a non-authoritative rendering of the verified JSON.
  3. Reject PDFs that cannot be tied to a verified JSON receipt_id and message_digest_sha256_hex.

Source artifacts

SourcePath / APIRole
Gateway fetchGET /protocol/v2/agent-receipts/{receipt_id}Live signed JSON
Audit exportagent_receipts/{receipt_id}.jsonCompliance bundle copy
Evidence timelineevidence_timeline.json domain agent_receiptCross-links receipt to intent/tool timeline

PDF section mapping

PDF sectionJSON sourceNotes
Cover / titlekind, scope, receipt_id, issued_atShow scope (action vs intent_terminal)
Tenant & identitytenant_id, authorization.principal_did, authorization.actor_subjectNo raw user prompts
Agent attestationauthorization.agent.*Model family, config/prompt digests only
Policyauthorization.policy.*, authorization.decision_id, authorization.audit_idInclude content_digest_sha256_hex
Tool executionexecution.*Tool name, operation, outcome, duration; argument/result digests only
Merchantmerchant.*Payee DID and vendor references
Evidenceevidence.*Completion preset, payload/artifacts digests, predicate result
Paymentpayment.*Intent, rail, funding reference digests
Outcomeoutcome.*, references.*Harbor state, ledger seq, linked settlement receipt
External proofsexternal_attestations[]Partner attestations (SEP-2828, x402, etc.)
Operator counter-sigoperator_attestation (optional)Model attestation layer over Gateway digest
Signature blocksigning_algorithm, message_digest_sha256_hex, signing_public_key_ed25519_hexQR/deep-link to verify endpoint optional

Must NOT appear in PDF

  • Raw system or user prompts
  • Tool arguments or tool results (only *_digest_sha256_hex)
  • Evidence payloads or artifact bodies
  • Payment card numbers (PAN), CVV, or full bank account numbers
  • Capability tokens, API keys, or private signing material

Renderer guidance (v1 out of scope)

v1 does not ship a PDF renderer in-repo. Implementors should:

  1. Fetch or load verified JSON.
  2. Map fields using the table above.
  3. Stamp Derived from paybond.agent_receipt_v1 with receipt_id and message_digest_sha256_hex in the footer.
  4. Never embed unsigned JSON inside the PDF as a substitute for Gateway verification.