Skip to main content

ChioReceipt

chio_listing::receipt

Struct ChioReceipt 

Source 
pub struct ChioReceipt {
Show 16 fields
    pub id: String,
    pub timestamp: u64,
    pub capability_id: String,
    pub tool_server: String,
    pub tool_name: String,
    pub action: ToolCallAction,
    pub decision: Decision,
    pub content_hash: String,
    pub policy_hash: String,
    pub evidence: Vec<GuardEvidence>,
    pub metadata: Option<Value>,
    pub trust_level: TrustLevel,
    pub tenant_id: Option<String>,
    pub kernel_key: PublicKey,
    pub algorithm: Option<SigningAlgorithm>,
    pub signature: Signature,

}
Expand description

A Chio receipt. Signed proof that a tool call was evaluated by the Kernel.

Fields§

§id: String

Unique receipt ID (UUIDv7 recommended).

§timestamp: u64

Unix timestamp (seconds) when the receipt was created.

§capability_id: String

ID of the capability token that was exercised (or presented).

§tool_server: String

Tool server that handled the invocation.

§tool_name: String

Tool that was invoked (or attempted).

§action: ToolCallAction

The action that was evaluated.

§decision: Decision

The Kernel’s decision.

§content_hash: String

SHA-256 hash of the evaluated content for this receipt.

§policy_hash: String

SHA-256 hash of the policy that was applied.

§evidence: Vec<GuardEvidence>

Per-guard evidence collected during evaluation.

§metadata: Option<Value>

Optional receipt metadata for stream/accounting details.

§trust_level: TrustLevel

Strength of kernel mediation that produced this receipt. Defaults to Mediated. Older receipts that omit this field deserialize to Mediated for backward compatibility.

§tenant_id: Option<String>

Phase 1.5 multi-tenant receipt isolation: tenant identifier for multi-tenant deployments. None in single-tenant mode; derived from the authenticated session’s enterprise identity context and MUST NOT be taken from caller-provided request fields (caller choice would defeat the isolation intent).

Serialized only when set, so receipts emitted by single-tenant deployments remain byte-identical on the wire.

§kernel_key: PublicKey

The Kernel’s public key (for verification without out-of-band lookup).

§algorithm: Option<SigningAlgorithm>

Signing algorithm used for ChioReceipt::signature. Absent means Ed25519 for backward compatibility with receipts issued prior to the introduction of SigningAlgorithm. Informational only: verification dispatches off the self-describing encoding of the signature itself.

§signature: Signature

Signature over canonical JSON of all fields above.

Implementations§

Source§

impl ChioReceipt

Source

pub fn sign( body: ChioReceiptBody, keypair: &Keypair, ) -> Result<ChioReceipt, Error>

Sign a receipt body with the Kernel’s Ed25519 keypair.

Source

pub fn sign_with_backend( body: ChioReceiptBody, backend: &dyn SigningBackend, ) -> Result<ChioReceipt, Error>

Sign a receipt body with an arbitrary SigningBackend.

The body.kernel_key must equal backend.public_key().

Source

pub fn body(&self) -> ChioReceiptBody

Extract the body for re-verification.

Source

pub fn verify_signature(&self) -> Result<bool, Error>

Verify the receipt signature against the embedded kernel key.

Source

pub fn is_allowed(&self) -> bool

Whether this receipt records an allow decision.

Source

pub fn is_denied(&self) -> bool

Whether this receipt records a deny decision.

Source

pub fn is_cancelled(&self) -> bool

Whether this receipt records a cancelled terminal outcome.

Source

pub fn is_incomplete(&self) -> bool

Whether this receipt records an incomplete terminal outcome.

Source

pub fn financial_metadata(&self) -> Option<FinancialReceiptMetadata>

Extract typed financial receipt metadata when present.

Source

pub fn financial_budget_authority_metadata( &self, ) -> Option<FinancialBudgetAuthorityReceiptMetadata>

Extract typed budget-authority lineage for monetary receipts when present.

Trait Implementations§

Source§

impl Clone for ChioReceipt

Source§

fn clone(&self) -> ChioReceipt

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ChioReceipt

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for ChioReceipt

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<ChioReceipt, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for ChioReceipt

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,