dev.cocore.compute.receipt

cocore.dev

Documentation

main record

No description available.

Record Key tid Timestamp-based ID

Properties

attestation ref com.atproto.repo.strongRef Required

Strong-ref to a dev.cocore.compute.attestation record published by this provider. completedAt MUST fall within [attestedAt, expiresAt] of that attestation.

completedAt string datetime Required

An RFC 3339 formatted timestamp.

enclaveSignature bytes Required

Secure Enclave P-256 signature (DER) over a sorted-key canonical JSON of every other field in this record. Verified against the publicKey of the strong-reffed attestation. This binding survives PDS migration: the repo-commit signature changes when keys rotate, but the enclaveSignature does not.

maxLength: 256
inputCommitment string Required

MUST equal job.inputCommitment.

maxLength: 64 bytesminLength: 64 bytes
model string Required

No description available.

maxLength: 256 bytes
outputCipherCommitment string Optional

Optional SHA-256 hex over the EXACT encrypted bytes delivered to the requester (the sealed reply). Lets a requester confirm the ciphertext they received is the one the provider's enclaveSignature commits to — defends against an intermediary swapping the delivered bytes. Covered by enclaveSignature like every other field.

maxLength: 64 bytesminLength: 64 bytes
outputCipherURL string uri Optional

Optional URL where the encrypted output lives.

outputCommitment string Required

SHA-256 hex over the plaintext output bytes — the decrypted result the requester receives. (The earlier 'encrypted output' wording was a doc error; the provider has always committed to the plaintext, which is what a requester can verify after decrypting. Use outputCipherCommitment to commit to the encrypted bytes on the wire.)

maxLength: 64 bytesminLength: 64 bytes
params ref #generationParams Optional

Optional record of the sampling parameters the provider committed to for this job. Integer-only (canonical JSON forbids floats): temperature/top_p are carried as integer milliunits. Covered by enclaveSignature, so a requester can prove the provider claimed these settings.

proBono boolean Optional

True when the provider served this job pro bono under its `dev.cocore.compute.provider.proBono` election — free, unmetered, no exchange cut. A pro-bono receipt MUST carry `price.amount: 0` and `tokens: { in: 0, out: 0 }`: the work is explicitly not counted, so neither figure is a billing claim. An exchange settling a `proBono: true` receipt takes no fee and moves no balance (`amountCharged`, `providerPayout`, and `exchangeFee` are all 0). Covered by `enclaveSignature` like every other field, so the carve-out is part of the signed, self-verifying record rather than an off-record side channel. Absent/false ≡ a normal metered, billable receipt. Optional / additive; pre-2026-06 readers ignore it and still see a well-formed zero-price receipt.

reasoningCommitment string Optional

Optional SHA-256 hex over the plaintext reasoning ('thinking') output bytes the provider produced for this job, separate from outputCommitment which covers only the answer the requester acts on. Present only when the model emitted reasoning on a distinct channel (a sibling reasoning_content field, or inline <think>...</think> tags the provider split out). Lets a requester independently verify the reasoning trace without it perturbing the answer's commitment. Covered by enclaveSignature.

maxLength: 64 bytesminLength: 64 bytes
requester string did Required

DID of the requester. Denormalized from the job record for indexer convenience; MUST equal the DID owning the job record.

sessionKeyCommitment string Optional

Optional SHA-256 hex over (ephemeralPubKey || sessionNonce) — the per-job ephemeral X25519 key the requester sealed the input to, bound to the request nonce. Present when the job ran under the forward-secret confidential handshake (the enclave minted a fresh ephemeral key, enclave-signed it against the requester's nonce, and the requester sealed to that key after verifying it). Lets a requester prove after the fact that its prompt was sealed to a key the measured enclave controlled for this job, not the long-lived encryptionPubKey. Covered by enclaveSignature.

maxLength: 64 bytesminLength: 64 bytes
sessionNonce string Optional

Optional lowercase hex of the fresh requester nonce that the ephemeral session key was bound to (the freshness challenge for this job). Pairs with sessionKeyCommitment. Covered by enclaveSignature.

maxLength: 64 bytesminLength: 32 bytes
startedAt string datetime Required

An RFC 3339 formatted timestamp.

tier ref dev.cocore.compute.defs#tier Optional

The confidentiality tier this job actually ran under. Set by the provider to `attested-confidential` only when the input was sealed to a verified, enclave-bound ephemeral session key AND served by a measured native engine under a hardware-attested posture; otherwise `best-effort`. A requester recomputes this from the receipt's attestation + sessionKeyCommitment rather than trusting the field. Optional / additive; absent equivalent to `best-effort`.

View raw schema
{
  "key": "tid",
  "type": "record",
  "record": {
    "type": "object",
    "required": [
      "job",
      "requester",
      "model",
      "inputCommitment",
      "outputCommitment",
      "tokens",
      "startedAt",
      "completedAt",
      "price",
      "attestation",
      "enclaveSignature"
    ],
    "properties": {
      "job": {
        "ref": "com.atproto.repo.strongRef",
        "type": "ref",
        "description": "Strong-ref to the requester's dev.cocore.compute.job record."
      },
      "tier": {
        "ref": "dev.cocore.compute.defs#tier",
        "type": "ref",
        "description": "The confidentiality tier this job actually ran under. Set by the provider to `attested-confidential` only when the input was sealed to a verified, enclave-bound ephemeral session key AND served by a measured native engine under a hardware-attested posture; otherwise `best-effort`. A requester recomputes this from the receipt's attestation + sessionKeyCommitment rather than trusting the field. Optional / additive; absent equivalent to `best-effort`."
      },
      "model": {
        "type": "string",
        "maxLength": 256
      },
      "price": {
        "ref": "dev.cocore.compute.defs#money",
        "type": "ref",
        "description": "MUST be <= job.priceCeiling. Currency MUST match job.priceCeiling.currency."
      },
      "params": {
        "ref": "#generationParams",
        "type": "ref",
        "description": "Optional record of the sampling parameters the provider committed to for this job. Integer-only (canonical JSON forbids floats): temperature/top_p are carried as integer milliunits. Covered by enclaveSignature, so a requester can prove the provider claimed these settings."
      },
      "tokens": {
        "ref": "dev.cocore.compute.defs#tokenCounts",
        "type": "ref"
      },
      "proBono": {
        "type": "boolean",
        "description": "True when the provider served this job pro bono under its `dev.cocore.compute.provider.proBono` election — free, unmetered, no exchange cut. A pro-bono receipt MUST carry `price.amount: 0` and `tokens: { in: 0, out: 0 }`: the work is explicitly not counted, so neither figure is a billing claim. An exchange settling a `proBono: true` receipt takes no fee and moves no balance (`amountCharged`, `providerPayout`, and `exchangeFee` are all 0). Covered by `enclaveSignature` like every other field, so the carve-out is part of the signed, self-verifying record rather than an off-record side channel. Absent/false ≡ a normal metered, billable receipt. Optional / additive; pre-2026-06 readers ignore it and still see a well-formed zero-price receipt."
      },
      "requester": {
        "type": "string",
        "format": "did",
        "description": "DID of the requester. Denormalized from the job record for indexer convenience; MUST equal the DID owning the job record."
      },
      "startedAt": {
        "type": "string",
        "format": "datetime"
      },
      "attestation": {
        "ref": "com.atproto.repo.strongRef",
        "type": "ref",
        "description": "Strong-ref to a dev.cocore.compute.attestation record published by this provider. completedAt MUST fall within [attestedAt, expiresAt] of that attestation."
      },
      "completedAt": {
        "type": "string",
        "format": "datetime"
      },
      "sessionNonce": {
        "type": "string",
        "maxLength": 64,
        "minLength": 32,
        "description": "Optional lowercase hex of the fresh requester nonce that the ephemeral session key was bound to (the freshness challenge for this job). Pairs with sessionKeyCommitment. Covered by enclaveSignature."
      },
      "inputCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "MUST equal job.inputCommitment."
      },
      "outputCipherURL": {
        "type": "string",
        "format": "uri",
        "description": "Optional URL where the encrypted output lives."
      },
      "enclaveSignature": {
        "type": "bytes",
        "maxLength": 256,
        "description": "Secure Enclave P-256 signature (DER) over a sorted-key canonical JSON of every other field in this record. Verified against the publicKey of the strong-reffed attestation. This binding survives PDS migration: the repo-commit signature changes when keys rotate, but the enclaveSignature does not."
      },
      "outputCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "SHA-256 hex over the plaintext output bytes — the decrypted result the requester receives. (The earlier 'encrypted output' wording was a doc error; the provider has always committed to the plaintext, which is what a requester can verify after decrypting. Use outputCipherCommitment to commit to the encrypted bytes on the wire.)"
      },
      "reasoningCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "Optional SHA-256 hex over the plaintext reasoning ('thinking') output bytes the provider produced for this job, separate from outputCommitment which covers only the answer the requester acts on. Present only when the model emitted reasoning on a distinct channel (a sibling reasoning_content field, or inline <think>...</think> tags the provider split out). Lets a requester independently verify the reasoning trace without it perturbing the answer's commitment. Covered by enclaveSignature."
      },
      "sessionKeyCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "Optional SHA-256 hex over (ephemeralPubKey || sessionNonce) — the per-job ephemeral X25519 key the requester sealed the input to, bound to the request nonce. Present when the job ran under the forward-secret confidential handshake (the enclave minted a fresh ephemeral key, enclave-signed it against the requester's nonce, and the requester sealed to that key after verifying it). Lets a requester prove after the fact that its prompt was sealed to a key the measured enclave controlled for this job, not the long-lived encryptionPubKey. Covered by enclaveSignature."
      },
      "outputCipherCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "Optional SHA-256 hex over the EXACT encrypted bytes delivered to the requester (the sealed reply). Lets a requester confirm the ciphertext they received is the one the provider's enclaveSignature commits to — defends against an intermediary swapping the delivered bytes. Covered by enclaveSignature like every other field."
      }
    }
  }
}
generationParams object

Sampling parameters committed to in a receipt. Integer-only because the canonical signing form forbids floats — temperature and top_p are carried as milliunits (value × 1000, e.g. temperature 0.7 -> 700).

Properties

maxTokens integer Optional

Max output tokens requested for this job.

minimum: 0
seed integer Optional

RNG seed, when the provider ran with a fixed seed (enables reproducibility claims).

temperatureMilli integer Optional

Sampling temperature × 1000 (e.g. 0.7 -> 700). Omitted when the provider used the model default.

minimum: 0
topPMilli integer Optional

Nucleus sampling top_p × 1000 (e.g. 0.95 -> 950). Omitted when the provider used the model default.

minimum: 0maximum: 1000
View raw schema
{
  "type": "object",
  "properties": {
    "seed": {
      "type": "integer",
      "description": "RNG seed, when the provider ran with a fixed seed (enables reproducibility claims)."
    },
    "maxTokens": {
      "type": "integer",
      "minimum": 0,
      "description": "Max output tokens requested for this job."
    },
    "topPMilli": {
      "type": "integer",
      "maximum": 1000,
      "minimum": 0,
      "description": "Nucleus sampling top_p × 1000 (e.g. 0.95 -> 950). Omitted when the provider used the model default."
    },
    "temperatureMilli": {
      "type": "integer",
      "minimum": 0,
      "description": "Sampling temperature × 1000 (e.g. 0.7 -> 700). Omitted when the provider used the model default."
    }
  },
  "description": "Sampling parameters committed to in a receipt. Integer-only because the canonical signing form forbids floats — temperature and top_p are carried as milliunits (value × 1000, e.g. temperature 0.7 -> 700)."
}

Lexicon Garden

@