PDF export for agent receipts is a presentation layer only. The signed JSON artifact remains canonical; PDFs are derived views for human review, similar to compliance audit export bundles.
Verification order
- Verify the signed JSON with
POST /protocol/v2/agent-receipts/verifyor Kit offline verify (paybond receipts verify --kind agent). - Treat any PDF as a non-authoritative rendering of the verified JSON.
- Reject PDFs that cannot be tied to a verified JSON
receipt_idandmessage_digest_sha256_hex.
Source artifacts
| Source | Path / API | Role |
|---|---|---|
| Gateway fetch | GET /protocol/v2/agent-receipts/{receipt_id} | Live signed JSON |
| Audit export | agent_receipts/{receipt_id}.json | Compliance bundle copy |
| Evidence timeline | evidence_timeline.json domain agent_receipt | Cross-links receipt to intent/tool timeline |
PDF section mapping
| PDF section | JSON source | Notes |
|---|---|---|
| Cover / title | kind, scope, receipt_id, issued_at | Show scope (action vs intent_terminal) |
| Tenant & identity | tenant_id, authorization.principal_did, authorization.actor_subject | No raw user prompts |
| Agent attestation | authorization.agent.* | Model family, config/prompt digests only |
| Policy | authorization.policy.*, authorization.decision_id, authorization.audit_id | Include content_digest_sha256_hex |
| Tool execution | execution.* | Tool name, operation, outcome, duration; argument/result digests only |
| Merchant | merchant.* | Payee DID and vendor references |
| Evidence | evidence.* | Completion preset, payload/artifacts digests, predicate result |
| Payment | payment.* | Intent, rail, funding reference digests |
| Outcome | outcome.*, references.* | Harbor state, ledger seq, linked settlement receipt |
| External proofs | external_attestations[] | Partner attestations (SEP-2828, x402, etc.) |
| Operator counter-sig | operator_attestation (optional) | Model attestation layer over Gateway digest |
| Signature block | signing_algorithm, message_digest_sha256_hex, signing_public_key_ed25519_hex | QR/deep-link to verify endpoint optional |
Must NOT appear in PDF
- Raw system or user prompts
- Tool arguments or tool results (only
*_digest_sha256_hex) - Evidence payloads or artifact bodies
- Payment card numbers (PAN), CVV, or full bank account numbers
- Capability tokens, API keys, or private signing material
Renderer guidance (v1 out of scope)
v1 does not ship a PDF renderer in-repo. Implementors should:
- Fetch or load verified JSON.
- Map fields using the table above.
- Stamp
Derived from paybond.agent_receipt_v1withreceipt_idandmessage_digest_sha256_hexin the footer. - Never embed unsigned JSON inside the PDF as a substitute for Gateway verification.