Struct HttpReceipt 

pub struct HttpReceipt {

    pub id: String,
    pub request_id: String,
    pub route_pattern: String,
    pub method: HttpMethod,
    pub caller_identity_hash: String,
    pub session_id: Option<String>,
    pub verdict: Verdict,
    pub evidence: Vec<GuardEvidence>,
    pub response_status: u16,
    pub timestamp: u64,
    pub content_hash: String,
    pub policy_hash: String,
    pub capability_id: Option<String>,
    pub metadata: Option<Value>,
    pub kernel_key: PublicKey,
    pub signature: Signature,
}

Signed receipt for an HTTP request evaluation. Binds the request identity, route, method, verdict, and guard evidence under an Ed25519 signature from the kernel.

Fields

id: String

Unique receipt ID (UUIDv7 recommended).

request_id: String

Unique request ID this receipt covers.

route_pattern: String

The matched route pattern (e.g., “/pets/{petId}”).

method: HttpMethod

HTTP method of the evaluated request.

caller_identity_hash: String

SHA-256 hash of the caller identity.

session_id: Option<String>

Session ID the request belonged to.

verdict: Verdict

The kernel’s verdict.

evidence: Vec<GuardEvidence>

Per-guard evidence collected during evaluation.

response_status: u16

HTTP status Chio associated with the evaluation outcome at receipt-signing time.

For deny receipts this is the concrete error status Chio will emit. For allow receipts produced before an upstream or inner response exists, this is evaluation-time status metadata rather than guaranteed downstream response evidence.

timestamp: u64

Unix timestamp (seconds) when the receipt was created.

content_hash: String

SHA-256 hash binding the request content to this receipt.

policy_hash: String

SHA-256 hash of the policy that was applied.

capability_id: Option<String>

Capability ID that was exercised, if any.

metadata: Option<Value>

Optional metadata for extensibility.

kernel_key: PublicKey

The kernel’s public key (for verification without out-of-band lookup).

signature: Signature

Ed25519 signature over canonical JSON of the body fields.

Implementations

impl HttpReceipt

pub fn sign(body: HttpReceiptBody, keypair: &Keypair) -> Result<Self>

Sign a receipt body with the kernel’s keypair.

pub fn body(&self) -> HttpReceiptBody

Extract the body for re-verification.

pub fn verify_signature(&self) -> Result<bool>

Verify the receipt signature against the embedded kernel key.

pub fn is_allowed(&self) -> bool

Whether this receipt records an allow verdict.

pub fn is_denied(&self) -> bool

Whether this receipt records a deny verdict.

pub fn to_chio_receipt_with_keypair( &self, keypair: &Keypair, ) -> Result<ChioReceipt>

Convert this HTTP receipt into a signed core ChioReceipt for unified storage.

pub fn to_chio_receipt(&self) -> Result<ChioReceipt>

Convert this HTTP receipt into a core ChioReceipt for unified storage.

This method fails closed because a valid ChioReceipt signature cannot be derived from an HttpReceipt without the kernel signing keypair.

Trait Implementations

impl Clone for HttpReceipt

fn clone(&self) -> HttpReceipt

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for HttpReceipt

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for HttpReceipt

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for HttpReceipt

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.