Receipts
Receipts prove what happened. Outcomes prove what mattered. Patterns reuse what worked.
A receipt is a JSON record of a single inference call, canonicalized via RFC 8785 JCS + Unicode NFC and signed with Ed25519. Every BYOK call, every managed-MPP call, and every anonymous-sandbox call produces one.
Response headers
Every successful call returns three response headers:
Payment-Receipt: https://receipts.prxy.monster/r/<receipt_id>
Payment-Receipt-Digest: sha-256=:<base64-digest>: (RFC 9530)
Payment-Receipt-Kid: prxy-receipt-2026-q2Streaming calls additionally get Payment-Receipt-Provisional: true at stream open and a finalized triple at stream close.
Receipt body fields
Grouped by purpose:
Identity
receipt_id, request_id, parent_receipt_id, client_request_id, idempotency_key, agent_id, tenant_id, project_id, customer_id, environment, api_key_id, user_id.
Provider attribution
provider (the wire — anthropic / openai / google / aws_bedrock / openrouter / groq), upstream_provider (model vendor when wire is a routing provider; null for direct), model_id, region, aws_account_id, iam_principal.
Outcome
receipt_type (inference / cache_hit / blocked / failed / settlement / refund / reconciliation_adjustment), status, http_status, provider_status, error_class, error_code, error_message_hash.
Tokens + cost
input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, tokens_source, cost_source, cost_estimated_usd, cost_estimate_confidence (complete / partial / low), cost_final_usd, cost_currency, pricing_table_id, pricing_version, pricing_effective_at.
Pipeline
routing_decision, policy_decision, cache_status, module_chain[], settlement_protocol.
Hashes + payload capture
client_request_hash, provider_request_hash, provider_response_hash, client_response_hash, payload_capture (hash_only / encrypted_at_rest / none), encrypted_request_blob, encrypted_response_blob, encryption_alg, encryption_pubkey_fingerprint.
Visibility
visibility, public_receipt_hash, redaction_policy.
Timing
request_started_at, request_ended_at, created_at.
Signature
signing_algorithm (ed25519 default; hmac_sha256 fallback during the migration window), signing_key_id, signature (base64url over the JCS-canonicalized body without the signature field).
Visibility levels
| Level | Audience | Fields |
|---|---|---|
private | Default. Owning tenant + lair operator. | Full schema. |
public_demo | Anonymous sandbox receipts; linkable from /r/<id>. | receipt_id, verified, provider, model, status, tokens, cost, module_chain, cache_status, policy_decision, payload_capture, environment, signing metadata. Hidden: tenant_id, project_id, agent_id, customer_id, api_key_id, user_id, IAM principal, AWS account id, IP-like fields, provider trace ids. |
public_minimal | Opt-in. Same shape as public_demo with the agent handle attached when an agent_profile is claimed. | |
public_redacted | Opt-in. Public proof of work for an agent or project, redacted by policy before publish. | |
public_full | Opt-in. Full receipt body published; nothing redacted. |
Verification
Three live verifier surfaces, all running the same canonicalize-and-verify path:
prxy-cli receipt verify <id>— fetches the receipt + JWKS, JCS-canonicalizes, Ed25519-verifies. Offline-capable once both bodies are cached.- Lair browser verifier at
lair.prxy.monster/dashboard/verify— Web Crypto Ed25519 + JCS. Paste a receipt URL or JSON; runs entirely client-side. <VerifyBadge>onreceipts.prxy.monster/r/<id>— Web Crypto Ed25519. The ✓ you see is a real proof, not a server claim.
Library callers can use @prxy/receipt-signing and call verifyReceipt(receipt, jwks).
The flow
- Fetch the receipt body via
GET /v1/receipts/:id. - Fetch the JWKS at
/.well-known/prxy-receipt-keys.json. Active key id today isprxy-receipt-2026-q2. - Canonicalize the body with RFC 8785 JCS and Unicode NFC; exclude the
signaturefield. - Verify the receipt’s
signatureagainst the JWKS public key matchingsigning_key_id. Ed25519 by default.
Compact receipt pointer (header-only)
Payment-Receipt-Digest follows RFC 9530. Combined with the Payment-Receipt URL and Payment-Receipt-Kid, an integrator can fingerprint the response without persisting the full receipt body.