Receipts
Receipts are cryptographically signed records of authorization decisions. They provide an immutable audit trail that proves what actions were authorized, when, and under what authority.
What is a Receipt?
When an authorizer grants access, it can generate a receipt:
βββββββββββββββββββββββββββββββββββββββββββ
β Receipt β
βββββββββββββββββββββββββββββββββββββββββββ€
β ID: tnu_rct_xyz789 β
β Warrant ID: tnu_wrt_abc123 β
β Action: "read:documents" β
β Outcome: "allowed" β
β Issued At: 2024-01-15T10:30:00Z β
β Authorizer: authorizer-prod-1 β
β Signature: (Ed25519 signature) β
βββββββββββββββββββββββββββββββββββββββββββWhy Receipts?
Receipts solve several problems:
| Problem | Solution |
|---|---|
| "Who authorized this action?" | Receipt shows the warrant and authorizer |
| "Was this action actually allowed?" | Cryptographic proof of authorization |
| "What exactly was permitted?" | Receipt includes action and constraints |
| "Can we audit AI agent actions?" | Complete trail of all authorized actions |
Receipt Contents
| Field | Description |
|---|---|
id | Unique receipt identifier |
warrant_id | The warrant that was used |
action | The specific action that was authorized |
outcome | allowed or denied |
issued_at | When the authorization decision was made |
expires_at | When the receipt expires |
authorizer_id | Which authorizer issued the receipt |
action_args | Parameters of the action (optional) |
output_hash | Hash of action output (optional) |
signature | Cryptographic signature from notary key |
How Receipts Work
ββββββββββββββ βββββββββββββββ ββββββββββββββ
β Agent β β Authorizer β β Backend β
βββββββ¬βββββββ ββββββββ¬βββββββ βββββββ¬βββββββ
β β β
β Present Warrant β β
βββββββββββββββββββ>β β
β β β
β Receipt β β
β<βββββββββββββββββββ β
β β β
β Request + Receipt β
ββββββββββββββββββββββββββββββββββββββ>β
β β β
β β β Verify receipt
β β β Execute action
β β β
β Response β
β<ββββββββββββββββββββββββββββββββββββββ- Agent presents warrant to authorizer
- Authorizer issues a receipt (if authorized)
- Agent includes receipt with backend request
- Backend verifies receipt before executing
Viewing Receipts
The Receipts page in the dashboard shows:
- Recent receipts across all authorizers
- Filter by warrant, action, or time range
- Verify receipt signatures
- Export for compliance
Receipt Chains
For multi-step workflows, receipts can form chains:
Receipt 1: "allowed read:data"
β
βΌ
Receipt 2: "allowed process:data" (references Receipt 1)
β
βΌ
Receipt 3: "allowed write:result" (references Receipt 2)This creates a complete audit trail of complex operations.
Notary Keys
Receipts are signed by notary keys - special keys dedicated to signing receipts:
Root Key
β
βββ Issuer Key (signs warrants)
β
βββ Notary Key (signs receipts)Use Cases
Compliance Auditing
Receipts provide cryptographic proof that actions were properly authorized. Export receipts for compliance reports.
Incident Investigation
When investigating an issue, receipts show exactly what was authorized and when.
Non-repudiation
Neither the agent nor the authorizer can deny that an authorization occurred - the receipt proves it.
Chained Operations
Use receipt chains to track multi-step AI workflows end-to-end.
Best Practices
Enable receipts for sensitive actions
Generate receipts for actions that require audit trails.
Include action arguments
Store relevant parameters in the receipt for complete context.
Retain receipts appropriately
Keep receipts for your compliance retention period.
Verify receipts on critical paths
For high-security actions, verify receipt signatures in your backend.
Receipt vs Audit Log
| Aspect | Receipt | Audit Log |
|---|---|---|
| Location | Generated at authorizer | Stored in Tenuo Cloud |
| Signature | Cryptographically signed | Not signed |
| Portability | Can be passed between services | Dashboard only |
| Purpose | Proof of authorization | Operation history |
Both are complementary - use audit logs for operational visibility and receipts for cryptographic proof.