What Is a Receipt
<!-- hierarchy:nav -->
Path: OIP › Thinker Reference › Protocol Concepts › What Is a Receipt
Shelf: Protocol Concepts · Traversal: self-explaining · hierarchical · voxel-ready
Machine root: OIP tree · Registry
What Is a Receipt
§SELF — what-is-receipt
What this page is: A definition of a receipt as a technical object in protocol design. What it explains: What a receipt contains, what properties it has, and why it is the fundamental unit of proof in OIP. Why read it: To understand how to prove that an action happened — not with a log entry or a status code, but with a self-contained, verifiable, immutable record.
What a Receipt Is
In protocol design, a receipt is a proof that an action was performed. It is not a log entry (a chronological record of events). It is not an audit trail (a history of who accessed what). It is a self-contained, verifiable, immutable record of a single invocation — one specific call to one specific function with one specific result.
A receipt is created at the moment an invocation completes. It cannot be changed afterward. If the invocation was wrong, a new receipt is created to correct it. The original receipt remains.
Why It Matters
In most systems, "proof that something happened" means a log line in a database, a 200 HTTP status code, or an entry in an audit trail. These are not proof. A log line can be deleted. A status code is ephemeral — it exists only in the response and is not stored. An audit trail tracks access, not action.
A receipt fixes this. It is a cryptographic object: it has hashes, signatures, and unique identifiers. It can be verified by anyone with access to the confirm URL. It can be replayed (run again to check the result). It can be repaired (superseded by a corrected invocation, with both receipts linked). The receipt is the only object that proves an action occurred. Everything else is a signal, a record, or a claim — not proof.
The Key Idea
The central concept is proof through immutability and linkage. A receipt proves an action happened because:
- It was created at the moment of the action (it is contemporaneous).
- It contains hashes of the input and output (tampering is detectable).
- It is stored immutably (it cannot be altered after creation).
- It is linked to related receipts (parent invocations, repairs, replays form a chain).
Errors are not corrected by editing. They are corrected by creating a new receipt that references the old one. The history of corrections is itself a provable chain.
What a Receipt Contains
A receipt has four sections:
Identity:
invocation_id— a unique identifier for this specific invocation (UUID, never reused).timestamp— when the invocation completed.actor— who invoked the action (a principal identifier).credential_scope— what authority the actor was exercising (which credentials they presented).
Object:
object_key— what was invoked (the function or operation).object_version— which version of the function was used.input_hash— the cryptographic hash of the input parameters.input_body— the actual input parameters (optional if the hash is sufficient).
Result:
runner— what executed the invocation (the compute environment or service).status— the outcome:successorfailure.output_hash— the cryptographic hash of the output.artifact_urls— links to any files produced by the invocation.
Lineage:
error— if the status isfailure, the error details.ledger_url— the canonical location where this receipt is stored.confirm_url— a public URL where anyone can verify this receipt exists.replay_url— a URL that reruns the same invocation, producing a new receipt.repair_url— a URL to create a corrected invocation if this one failed.parent_invocation_id— if this invocation was delegated from another, the parent's ID.repair_of_invocation_id— if this receipt corrects a failed one, the failed receipt's ID.
Properties of a Receipt
Immutable: Once created, a receipt is never changed. If an invocation produced the wrong result, a repair receipt is created. The original receipt remains, linked to the repair via repair_of_invocation_id. This preserves a complete, auditable history of what happened and what was done about it.
Verifiable: Anyone can confirm a receipt exists by checking its confirm_url. No secret key, no special access, no database query is required. Verification is a public operation.
Replayable: The same invocation can be run again from the receipt. The replay_url reruns the same object_key with the same input_body. The new receipt is linked to the original via parent_invocation_id. This lets you check whether the same inputs produce the same outputs.
Repairable: A failed invocation is not deleted or edited. A new invocation is created with a link back to the failed receipt via repair_of_invocation_id. The failed receipt's repair_url points forward to the correction. The linkage is bidirectional.
How It Connects to Other Ideas
- Blockchain transactions: A blockchain transaction is a proof that a transfer occurred. Like a receipt, it is immutable, verifiable, and linked (to previous blocks). Unlike a receipt, a blockchain transaction is typically public, permanent, and does not have a built-in repair mechanism. Receipts are more flexible: they can be private, scoped to a specific ledger, and explicitly repairable.
- Merkle trees: A collection of receipts can be organized into a Merkle tree. The root hash of the tree commits to all receipts. A single receipt can be proven to be in the tree with a Merkle proof — the receipt plus a logarithmic number of sibling hashes. This is how BitTorrent verifies file pieces and how OIP can prove receipt inclusion without revealing the whole ledger.
- Event sourcing: In event-sourced systems, state is derived from a log of events. A receipt is similar to an event, but it is self-proving (hashes, confirm URLs) and explicitly linked to related events (parent, repair, replay). Event sourcing typically does not include cryptographic verification or public confirmation.
- OIP's §SELF block: The §SELF block is a form of receipt — it is a self-contained description of an article that can be verified against the article's content. The conformance test suite generates receipts (pass/fail records with hashes of expected vs. actual output). The voxel graph links receipts into a dependency structure.
Sources
- OIP Protocol Specification: Receipt Format (v1).
- OIP Protocol Specification: Invocation Lifecycle (v1).
- OIP Protocol Specification: Ledger and Confirmation (v1).
---
Up the tree
- OIP root — protocol root, zero-context entry
- Thinker Reference hub — full hierarchy map
- Protocol Concepts shelf — siblings on this shelf
- Voxel graph article — how pages link as voxels
- Self-describing protocol
Related on this shelf
- What Is Autopoiesis
- What Is Capability-Based Security
- What Is a Capability Token
- What Is a Confused Deputy
- What Is Context as Cursor
- What Is a Convergence Catalogue
- What Is a Falsification Surface
- What Is HATEOAS
Machine surfaces
- Public page:
https://miscsubjects.com/a/what-is-receipt - JSON article:
https://miscsubjects.com/api/articles/what-is-receipt - OIP ask:
https://miscsubjects.com/api/dispatch?ask=What%20Is%20a%20Receipt
Ask this article · 2 suggested prompts
Text the build (+14245134626) or WhatsApp — slug|question creates a question node. Paste evidence with ingest slug|q:NODE_ID|your paste.