{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "urn:the-embassy:receipt.schema:v0.3.3", "title": "Embassy Receipt", "description": "A signed audit receipt issued by The Embassy", "type": "object", "required": [ "receipt_version", "type", "receipt_id", "issued_at", "issuer", "issuer_mode", "kid", "subject", "event", "links", "signature", "sig_alg" ], "properties": { "receipt_version": { "type": "string", "const": "1", "description": "Version of receipt format" }, "type": { "type": "string", "enum": ["gate_decision", "agent_registration", "agent_revocation", "visa_revocation", "payment_settlement", "service_receipt"], "description": "Type of receipt event" }, "receipt_id": { "type": "string", "pattern": "^rct_[a-f0-9]+$", "description": "Unique receipt identifier" }, "issued_at": { "type": "string", "format": "date-time", "description": "ISO 8601 timestamp of receipt issuance" }, "issuer": { "type": "string", "const": "The Embassy", "description": "Issuer identifier" }, "issuer_mode": { "type": "string", "enum": ["reference", "authoritative"], "description": "Issuer mode: reference (reference implementation) or authoritative (production)" }, "kid": { "type": "string", "pattern": "^[a-f0-9]{12}$", "description": "Key identifier (first 12 chars of SHA-256 of Embassy public key)" }, "subject": { "type": "object", "properties": { "agent_id": { "type": ["string", "null"], "pattern": "^emb_[a-f0-9]+$", "description": "Agent identifier if available" }, "identity_hash": { "type": ["string", "null"], "pattern": "^[a-f0-9]{64}$", "description": "SHA-256 hash of agent identity (never raw token or public key)" } }, "required": ["agent_id", "identity_hash"] }, "event": { "type": "object", "properties": { "decision": { "type": ["string", "null"], "enum": ["permit", "refuse", null], "description": "Decision for gate_decision type" }, "reason_code": { "type": ["string", "null"], "description": "Reason code for decision" }, "requested_scope": { "type": "array", "items": { "type": "string" }, "description": "Array of requested scopes" }, "granted_scope": { "type": "array", "items": { "type": "string" }, "description": "Array of granted scopes" }, "disclaimer": { "type": "string", "description": "Non-interpretation disclaimer" }, "dispute": { "type": ["object", "null"], "properties": { "refers_to": { "type": ["string", "null"], "pattern": "^rct_[a-f0-9]+$", "description": "Optional receipt_id this dispute refers to" }, "note": { "type": ["string", "null"], "description": "Optional free text narrative (unsigned)" } }, "description": "Optional dispute reference. Embassy does not validate or act upon this field." } }, "required": ["decision", "reason_code", "requested_scope", "granted_scope", "disclaimer"] }, "links": { "type": "object", "properties": { "verify_endpoint": { "type": "string", "const": "/api/verify", "description": "Endpoint to verify receipt signature" }, "well_known_keys": { "type": "string", "const": "/.well-known/embassy.json", "description": "Endpoint to discover signing keys" } }, "required": ["verify_endpoint", "well_known_keys"] }, "signature": { "type": "string", "description": "Base64-encoded Ed25519 signature" }, "sig_alg": { "type": "string", "const": "ed25519", "description": "Signature algorithm" } }, "additionalProperties": false }