A receipt is a JWS (JSON Web Signature) signed by the Tresor router that freezes the routed model, request and response digests, and the attestation evidence captured for the router TEE and upstream provider TEE at issuance time. Verifying it gives you a non-repudiable audit trail without having to trust the router itself — only the public key it signs with.
For the step-by-step procedure to fetch and verify one, see the Verify a receipt guide.
| Property | What it gives you |
|---|---|
| Signed with ES256 | Anyone with the public JWKS can verify; no shared secret with Tresor. |
| Bound to request/response digests | Ties the signed receipt to the exact exchange, not just the receipt id. |
| Bound to the resolved model | Detects silent provider/model-route swaps. |
| Embeds two attestation hops | Captures the router TEE and the upstream inference TEE in one signed payload. |
| Carries release binding material | Router receipts can embed a signed workload manifest and trust bundle for offline checks. |
| Issued on every completion | Default-on; no per-request opt-in needed. |
| Stored briefly, fetched by id | Skips streaming overhead; trade receipt_id for the signed receipt response later. |
receipt_id is returned in the tresor.receipt_id field of the response (or finish chunk on a stream).GET /v1/receipts/{id} to retrieve the signed receipt response at any time./.well-known/jwks.json and verifies the signature locally with tresor-verify or any ES256-capable library. → How-to.To opt out of receipt issuance for a specific call, send X-Tresor-Receipt: false. No receipt is stored and receipt_id is omitted.
| Field | Description |
|---|---|
jti | Stable receipt identifier. Matches the receipt_id returned on the API response. |
iat | Unix timestamp for when the receipt was issued. |
requested_route | Normalized primary route the caller asked the router to use before automatic resolution or failover. |
routed_model | Fully resolved route used for the request. |
prompt_tokens | Prompt tokens counted by the router. |
completion_tokens | Completion tokens counted by the router. |
request_digest | Hash of the canonicalized request payload. |
response_digest | Hash of the canonicalized response payload. |
digest_version | Digest schema version used for the request and response hashes. |
failover | true when routing failover moved the request from the preferred route to a secondary route. |
router_attestation | Attestation block for the Tresor router TEE. |
inference_attestation | Attestation block for the upstream inference TEE, when available. |
receipt_signature | Historical signing metadata captured at issuance. |
router_attestation and inference_attestation share the same base shape, but
not every field is populated for both hops.
Older receipts may label the upstream hop provider_attestation instead of inference_attestation.
| Field | Description |
|---|---|
tee | TEE technology reported for that hop. |
measurement | Workload or platform measurement supplied by that hop. |
workload_identity_tag | SHA-256 tag of the release-signed workload manifest. Present for the router hop today. |
workload_identity_manifest_jws | Compact JWS of the release-signed workload manifest for offline verification. |
trust_bundle_url | URL of the trust bundle used to validate the workload manifest, when published. |
trust_bundle_jws | Compact JWS of that trust bundle for offline validation. |
verified | Whether that hop verified successfully when the receipt was issued. |
verification_mode | Verification path used for that hop at issuance time. |
verified_at | Unix timestamp for when that hop was verified. |
attestation_strength | Adapter-reported strength classification. |
evidence_summary | Stable summary fields you can use in policy decisions. |
message_attestation | Message-bound inference proof artifact, when the provider exposes one. |
evidence_raw | Provider-specific raw evidence captured at issuance. |
receipt_signature captures kid, alg, verified, verification_mode,
and verified_at for the receipt-signing key as it existed when the JWS was
issued.
Receipts are signed by the router's enclave-resident ES256 key. Public keys are published as a JWKS at /.well-known/jwks.json. When the enclave rotates, the new public key is added to the JWKS before the old one is retired, so verifiers that follow the standard JWKS pattern handle rotation transparently.
tresor-verify, Python / Node.js)GET /v1/receipts/{id} — endpoint reference