Trust Receipts

Evidence that an autonomous action was authorized.

A trust receipt is a hash-chained, signed record that proves identity, authority, consent, policy, action, timestamp, revocation state, and custody hash for a single execution event.

What a receipt asserts

Who

Identity & authority

References the acting actor and the AVC that authorized the action, including the full delegation chain.

What

Action & policy

Records the action descriptor, the policy domain in effect, the policy hash at execution time, and the outcome: permitted · denied · partial.

Where in time

Sequence & custody

Carries a custody hash linked to the prior receipt for the same actor, plus a deterministic timestamp and signature.

Anatomy

{
  "id": "tr_0003",
  "avc_id": "avc_001",
  "actor_id": "actor_003",
  "policy_hash": "sha3:bb01…aa44",
  "action_descriptor": "procure.purchase:po-2026-0234",
  "outcome": "permitted",
  "custody_hash": "sha3:0003…cccc",
  "prev_hash":    "sha3:0002…bbbb",
  "timestamp": "2026-02-13T09:22:46Z",
  "signature": { "algorithm": "ML-DSA-65", "value": "0xa11d…f0c2" }
}

Sample trust receipt · human-readable view

Trust receipt vs. settlement receipt

Trust receipts always exist when an authorized autonomous action occurs. Settlement receipts exist when the economic layer is invoked. The two layers are independent: AVC validity does not consult pricing, and settlement issuance does not gate trust.

Under the launch policy, every settlement receipt carries amount = 0 EXO with an explicit ZeroFeeReason. The transaction mechanism is live, preserved for the day governance enables nonzero pricing.

Zero-priced launch settlementThe transaction mechanism is live. Every active price resolves to 0 EXO with an explicit ZeroFeeReason. Future governance amendments may enable nonzero pricing.