Action Receipts
Receipt Structure
Section titled “Receipt Structure”An Action Receipt is a signed record of an action performed by an agent. Receipts form a tamper-evident, hash-chained log.
{ "id": "rcpt_01HQ3P9LYCD8ZH3ENQWT6G7F0U", "version": "0.1.0", "timestamp": "2026-02-24T12:30:00.000Z", "agent": "did:idprova:example.com:kai-lead-agent", "delegation": "dat_01HQ3N8KXBC7YG2DMPVS5F6E9T", "action": { "type": "mcp:tool:filesystem:read", "target": "/projects/idprova/README.md", "method": "readFile", "parameters": { "path": "/projects/idprova/README.md", "encoding": "utf-8" }, "result": { "status": "success", "bytesRead": 4096, "contentHash": "blake3:f8c3..." } }, "context": { "sessionId": "sess_01HQ3P2KABC...", "parentReceiptId": "rcpt_01HQ3P8KXBC...", "traceId": "trace_01HQ3P1JABC...", "environment": "production", "runtimeVersion": "openclaw/v2.1" }, "chain": { "previousHash": "blake3:7a8b9c0d1e2f...", "sequenceNumber": 42 }, "signature": { "algorithm": "hybrid-ed25519-mldsa65", "keyId": "did:idprova:example.com:kai-lead-agent#key-ed25519-1", "value": "z4sK7qN2vR8wX1yT5uP3mJ6nB9cF0dA..." }}Field Definitions
Section titled “Field Definitions”| Field | Type | Required | Description |
|---|---|---|---|
id | string | Yes | Unique receipt identifier. Format: rcpt_ + ULID. |
version | string | Yes | IDProva protocol version. |
timestamp | ISO 8601 | Yes | When the action was performed. MUST include milliseconds. |
agent | DID | Yes | DID of the agent that performed the action. |
delegation | string | Yes | jti of the DAT that authorised this action. |
action | object | Yes | Details of the action performed. |
context | object | No | Contextual information about the action. |
chain | object | Yes | Hash chain linkage. |
signature | object | Yes | Cryptographic signature over the receipt. |
Action Object
Section titled “Action Object”| Field | Type | Required | Description |
|---|---|---|---|
type | string | Yes | Scope string of the action (same grammar as DAT scopes). |
target | string | Yes | The resource acted upon. |
method | string | No | The specific method/function called. |
parameters | object | No | Input parameters (sensitive values SHOULD be redacted). |
result | object | Yes | Outcome of the action. |
result.status | string | Yes | success, failure, or error. |
Hash Chain
Section titled “Hash Chain”Action Receipts form a hash chain for tamper detection. Each receipt includes the hash of the previous receipt and a monotonically increasing sequence number.
Chain Construction
Section titled “Chain Construction”Receipt[0]: chain.previousHash = BLAKE3("GENESIS:" + agent_did) chain.sequenceNumber = 0
Receipt[n]: chain.previousHash = BLAKE3(CanonicalJSON(Receipt[n-1])) chain.sequenceNumber = nCanonical Serialization
Section titled “Canonical Serialization”The input to the hash function is the receipt serialized using JSON Canonicalization Scheme (JCS, RFC 8785), with the signature field removed:
HashInput(receipt): 1. receipt_copy = DeepCopy(receipt) 2. delete receipt_copy.signature 3. canonical = JCS_Serialize(receipt_copy) 4. return BLAKE3(canonical)Genesis Receipt
Section titled “Genesis Receipt”The first receipt in a chain uses a deterministic genesis hash:
genesisHash = BLAKE3("GENESIS:" + agent_did)This allows verifiers to identify the start of a chain without out-of-band information.
Integrity Verification
Section titled “Integrity Verification”Full Chain Verification
Section titled “Full Chain Verification”VerifyChain(receipts[]): 1. Sort receipts by sequenceNumber ascending 2. if receipts[0].chain.sequenceNumber != 0: return INVALID("chain does not start at genesis") 3. expected_prev = BLAKE3("GENESIS:" + receipts[0].agent) 4. for each receipt in receipts: a. if receipt.chain.previousHash != expected_prev: return INVALID("hash chain break at seq " + receipt.chain.sequenceNumber) b. if receipt.chain.sequenceNumber != expected_seq: return INVALID("sequence gap at " + expected_seq) c. agent_did = resolver.resolveDID(receipt.agent) d. if not VerifySignature(receipt, agent_did): return INVALID("invalid signature at seq " + receipt.chain.sequenceNumber) e. expected_prev = HashInput(receipt) f. expected_seq = receipt.chain.sequenceNumber + 1 5. return VALID(length=len(receipts))Partial Verification
Section titled “Partial Verification”Verifiers MAY verify a subset of the chain by accepting a trusted checkpoint (a known-good receipt hash and sequence number) and verifying only from that point forward.
Compliance Mapping
Section titled “Compliance Mapping”Action Receipts satisfy existing compliance framework controls out of the box.
NIST 800-53 Rev. 5
Section titled “NIST 800-53 Rev. 5”| Control | Receipt Field | Description |
|---|---|---|
| AU-2 (Auditable Events) | action.type | Every significant action produces a receipt |
| AU-3 (Content of Audit Records) | All fields | Who, what, when, where, outcome |
| AU-8 (Time Stamps) | timestamp | ISO 8601 with milliseconds |
| AU-9 (Protection of Audit Information) | chain.*, signature | Hash chaining + signatures |
| AU-10 (Non-repudiation) | signature | Agent signs with own key |
| AU-12 (Audit Record Generation) | agent, delegation | Automated on every action |
| IA-2 (Identification & Authentication) | agent, delegation | DID-based identity in every receipt |
| AC-6 (Least Privilege) | delegation.scope | Enforceable scoped permissions |
Australian ISM
Section titled “Australian ISM”| ISM Control | Receipt Field | Description |
|---|---|---|
| ISM-0585 | agent, delegation | Identification of processes acting on data |
| ISM-0988 | action.type, action.target | Logging of privileged actions |
| ISM-0580 | chain.*, signature | Integrity of audit logs |
| ISM-1405 | timestamp, context.sessionId | Centralised event logging |
| ISM-0859 | context.environment | System configuration logging |
SOC 2 Trust Services Criteria
Section titled “SOC 2 Trust Services Criteria”| Criteria | Receipt Field | Description |
|---|---|---|
| CC6.1 | agent, delegation | Logical access security — identity of actor |
| CC6.2 | delegation, action.type | Authorised scope of access |
| CC6.3 | chain.* | Integrity of audit trail |
| CC7.2 | action.result.status | Monitoring of system operations |
| CC8.1 | context.runtimeVersion | Change management tracking |
Use Cases
Section titled “Use Cases”Post-incident forensics: Walk the receipt chain backwards to trace exactly what happened, who authorised it, and when.
Real-time monitoring: Stream receipts to detect anomalies — unusual action frequency, actions outside normal scope, unexpected time patterns.
Compliance auditing: Map receipts directly to compliance controls. Assessors verify the chain and confirm control coverage.
Attribution: Trace any action back through the delegation chain to the authorising human principal. Complete accountability from action to human.
Next Steps
Section titled “Next Steps”- Protocol Bindings — How receipts are requested and returned over MCP, A2A, HTTP
- Cryptography — Signature algorithms used in receipts
- Audit (Concepts) — High-level audit trail overview