# dev.cocore.compute.job

> Published by [cocore.dev](https://lexicon.garden/identity/did:plc:5quuhkmwe2q4k3azfsgg7kdz)

✓ This is the authoritative definition for this NSID.

## Description

A request for computational work. Published by the requester in their own repo before the work runs, so the provider has something to commit a receipt against.

## Links

- [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.job)
- [Documentation](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.job/docs)
- [Examples](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.job/examples)

## Definitions

### `dev.cocore.compute.job`

**Type**: `record`

**Key**: `tid`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `model` | `string` | Yes | Opaque model identifier the requester wants the provider to honor. |
| `nonce` | `string` | Yes | 16 random bytes, hex-encoded. Replay protection. |
| `createdAt` | `string` (datetime) | Yes |  |
| `expiresAt` | `string` (datetime) | Yes | Provider must complete by this time. Receipts whose completedAt > expiresAt are invalid. |
| `inputFormat` | `string` | No | How to interpret the sealed input bytes that `inputCommitment` covers. Absent (legacy) or `text`: the bytes are the raw prompt string. `messages-v1`: the bytes are the UTF-8 of a canonical-JSON multimodal envelope { v: 1, messages: [ { role, content } ] }, where `content` is either a string or an array of parts — { type: "text", text } and { type: "image", mime, data } with `data` base64-encoded image bytes inline. A verifier reconstructs the same canonical bytes to recompute `inputCommitment`. Additive: providers that don't understand a format reject the job rather than mis-serving it. |
| `maxTokensOut` | `integer` | Yes |  |
| `priceCeiling` | `ref` → `dev.cocore.compute.defs#money` | Yes | Maximum price the requester will accept for this job. The provider's receipt MUST list a price <= this ceiling, else the receipt is invalid. |
| `inputCipherURL` | `string` (uri) | No | Optional URL where the encrypted prompt blob can be fetched. May be a PDS blob (at://...) or any other content-addressed URL. The commitment is what matters; this is a convenience pointer. |
| `inputCommitment` | `string` | Yes | SHA-256 hex over the SEALED input plaintext bytes the provider decrypts — i.e. the exact bytes both the requester (before sealing) and the provider (after opening) hash, so it is self-consistent without either side parsing the payload. The plaintext is never on-chain. The byte layout is described by `inputFormat`: absent/`text` means the bytes are the raw prompt string; `messages-v1` means they are the UTF-8 of the canonical multimodal envelope (see `inputFormat`). |
| `acceptedExchanges` | `array` | No | Exchange DIDs allowed to settle this job. MUST be non-empty in practice; the named paymentAuthorization MUST cover one of these. |
| `acceptedProviders` | `array` | No | Specific provider DIDs allowed to serve this job. Empty/absent means any provider that meets acceptedTrustLevel. |
| `acceptedTrustLevel` | `ref` → `dev.cocore.compute.defs#trustLevel` | Yes | Minimum trust level the requester will accept from a provider serving this job. |
| `paymentAuthorization` | `ref` → `com.atproto.repo.strongRef` | Yes | Strong-ref to a dev.cocore.compute.paymentAuthorization record in the same repo, naming an exchange and a ceiling >= this job's priceCeiling. |

## Raw Schema

```json
{
  "id": "dev.cocore.compute.job",
  "defs": {
    "main": {
      "key": "tid",
      "type": "record",
      "record": {
        "type": "object",
        "required": [
          "model",
          "inputCommitment",
          "maxTokensOut",
          "priceCeiling",
          "acceptedTrustLevel",
          "paymentAuthorization",
          "nonce",
          "expiresAt",
          "createdAt"
        ],
        "properties": {
          "model": {
            "type": "string",
            "maxLength": 256,
            "description": "Opaque model identifier the requester wants the provider to honor."
          },
          "nonce": {
            "type": "string",
            "maxLength": 32,
            "minLength": 32,
            "description": "16 random bytes, hex-encoded. Replay protection."
          },
          "createdAt": {
            "type": "string",
            "format": "datetime"
          },
          "expiresAt": {
            "type": "string",
            "format": "datetime",
            "description": "Provider must complete by this time. Receipts whose completedAt > expiresAt are invalid."
          },
          "inputFormat": {
            "type": "string",
            "description": "How to interpret the sealed input bytes that `inputCommitment` covers. Absent (legacy) or `text`: the bytes are the raw prompt string. `messages-v1`: the bytes are the UTF-8 of a canonical-JSON multimodal envelope { v: 1, messages: [ { role, content } ] }, where `content` is either a string or an array of parts — { type: \"text\", text } and { type: \"image\", mime, data } with `data` base64-encoded image bytes inline. A verifier reconstructs the same canonical bytes to recompute `inputCommitment`. Additive: providers that don't understand a format reject the job rather than mis-serving it.",
            "knownValues": [
              "text",
              "messages-v1"
            ]
          },
          "maxTokensOut": {
            "type": "integer",
            "maximum": 2000000,
            "minimum": 1
          },
          "priceCeiling": {
            "ref": "dev.cocore.compute.defs#money",
            "type": "ref",
            "description": "Maximum price the requester will accept for this job. The provider's receipt MUST list a price <= this ceiling, else the receipt is invalid."
          },
          "inputCipherURL": {
            "type": "string",
            "format": "uri",
            "description": "Optional URL where the encrypted prompt blob can be fetched. May be a PDS blob (at://...) or any other content-addressed URL. The commitment is what matters; this is a convenience pointer."
          },
          "inputCommitment": {
            "type": "string",
            "maxLength": 64,
            "minLength": 64,
            "description": "SHA-256 hex over the SEALED input plaintext bytes the provider decrypts — i.e. the exact bytes both the requester (before sealing) and the provider (after opening) hash, so it is self-consistent without either side parsing the payload. The plaintext is never on-chain. The byte layout is described by `inputFormat`: absent/`text` means the bytes are the raw prompt string; `messages-v1` means they are the UTF-8 of the canonical multimodal envelope (see `inputFormat`)."
          },
          "acceptedExchanges": {
            "type": "array",
            "items": {
              "type": "string",
              "format": "did"
            },
            "maxLength": 16,
            "description": "Exchange DIDs allowed to settle this job. MUST be non-empty in practice; the named paymentAuthorization MUST cover one of these."
          },
          "acceptedProviders": {
            "type": "array",
            "items": {
              "type": "string",
              "format": "did"
            },
            "maxLength": 64,
            "description": "Specific provider DIDs allowed to serve this job. Empty/absent means any provider that meets acceptedTrustLevel."
          },
          "acceptedTrustLevel": {
            "ref": "dev.cocore.compute.defs#trustLevel",
            "type": "ref",
            "description": "Minimum trust level the requester will accept from a provider serving this job."
          },
          "paymentAuthorization": {
            "ref": "com.atproto.repo.strongRef",
            "type": "ref",
            "description": "Strong-ref to a dev.cocore.compute.paymentAuthorization record in the same repo, naming an exchange and a ceiling >= this job's priceCeiling."
          }
        }
      }
    }
  },
  "$type": "com.atproto.lexicon.schema",
  "lexicon": 1,
  "description": "A request for computational work. Published by the requester in their own repo before the work runs, so the provider has something to commit a receipt against."
}
```
