- A receipt is the signed record for one response.
- A session is the immutable verified security context for a confidential upstream channel.
Receipt Lifecycle
Every inference response includesx-receipt-id. Fetch it with Get Receipt:
| Event | What it records |
|---|---|
request.received | Hash of the request body observed by the gateway. |
route.selected | Selected backend route. |
request.forwarded | Hash of the provider-facing request. |
upstream.verified | Provider verification result, channel binding, claims, and session_id. |
response.received | Hash of the provider response before post-processing. |
response.returned | Hash of the final wire response. |
What a Receipt Proves
A verified receipt proves:- The receipt was signed by a key in the attested gateway keyset.
workload_idandworkload_keyset_digestmatch the attestation report.- The returned response bytes match
response.returned.wire_hash. - The upstream verification result for that response is recorded.
Streaming Responses
For streaming,x-receipt-id can arrive before the stream ends. Fetch the receipt after the stream completes because response.returned.wire_hash covers the full response body.
Attested Sessions
When the gateway verifies a confidential upstream, it records an attested session. A receipt references it fromupstream.verified.session_id.
A session captures:
- Verified upstream identity and endpoint.
- Enforced channel binding.
- Typed claims and reasons.
- Evidence digest and evidence payload.
session_id is content-addressed. If the verified material changes, the session id changes.