Receipts

A receipt is a small signed JSON blob that proves a specific action happened with specific parameters on a specific account at a specific time.

Shape

{
  "user_id": "did:privy:...",
  "tool": "calendar",
  "action": "create",
  "params_hash": "sha256:...",
  "invoice_reference": "inv_cal_...",
  "payment_tx": "devnet_sim_...",
  "executed_at": "2026-04-17T09:15:22Z",
  "receipt_id": "rec_...",
  "signature": "<ed25519 over canonical JSON>",
  "public_key": "<server pubkey>"
}

Verifying a receipt

1. Fetch the public key from /api/receipts/public-key.
2. Canonicalise the receipt (everything except the signature field).
3. Verify the ed25519 signature of the canonical JSON with that public key.
4. If the signature checks, the receipt is authentic. If it doesn't, we faked it and you caught us.

Merkle root and Solana devnet

Every five receipts, the server computes a Merkle root and publishes it via our Anchor publish_root program on Solana devnet. That gives you a public commitment that makes silently-rewriting history detectable. See the audit-trail post for the full pipeline.