Developers
Receipts are structured evidence objects for AI workflows.
Everything the SDK writes, everything a bundle consumes. Fields are stable across SDK versions; new fields are additive.
Fields
| Field | Type | Purpose |
|---|---|---|
| receipt_id | string | Content-addressed hash of the signed payload. |
| action | string | The consequential action: loan.approved, claim.denied, refund.issued. |
| model | object | id, version, config — identifies the acting system. |
| input_hash | string | Hash of the bound input. Does not leak content. |
| output_hash | string | Hash of the emitted output. |
| policy_ref | string | Identifier of the binding policy at action time. |
| controls | array | List of control checks and whether each fired. |
| human_review | object | required, status, reviewer — the oversight record. |
| signer | string | Key that signed this receipt. |
| signed_at | iso8601 | Timestamp of signature. |
| prev_hash | string | Prior receipt hash. Preserves chronology. |
| verdict | string | The action's outcome. |
Verification
Verify locally. No BLKBXS call required.
- 01Fetch the receipt by ID.
- 02Recompute the payload hash.
- 03Verify the signature against the signer key.
- 04Walk prev_hash back through the chain.
- 05Emit VALID or INVALID.
import { verify } from "@blkbxs/sdk";
const result = await verify(receipt);
if (result.status !== "VALID") {
throw new Error("Receipt tampered");
}