Receipt (draft)

After every successful MCP tool call, the gateway writes a Receipt row to the activity_log table. The append-only Postgres trigger (F4 IRON RULE) prevents tampering: UPDATE/DELETE/TRUNCATE rejected unless the admin DSAR session var is set.

Canonical URL

https://glide.co/schemas/agent-banking/v1/receipt.json

Required fields

Field	Type	Meaning
`eventType`	`string`	`tool_call`, `step_up_completed`, `policy_change`, `kill_switch`, etc.
`timestamp`	`string` (ISO 8601)	UTC instant.
`agentId`	`string`	Acting agent (matches grant’s `act.sub`).
`principalUserId`	`string`	Principal user (matches grant’s `sub`).
`vaultId`	`string`	Resource vault (matches grant’s `aud.vault_id`).
`toolName`	`string`	Which tool was called (e.g. `x402.pay`, `payments.initiate`).
`endpoint`	`'read' \| 'write' \| 'treasury'`	Confused-deputy isolation tier.
`inputDigest`	`string` (hex)	SHA-256 of the redacted input.
`outputDigest`	`string` (hex)	SHA-256 of the redacted output.
`riskVerdict`	`'pass' \| 'flag' \| 'block'`	Anomaly detector verdict.
`policyVersion`	`number`	Envelope version at call time.
`grantId`	`string`	The grant’s `jti`.
`latencyMs`	`number`	End-to-end tool latency.

Optional fields

Field	Type	When populated
`onChainTxHash`	`string`	Money-movement tools after F1 RPC verify settles.
`onChainAmount`	`number` (USD cents)	Same. From `serverFetchChainTx`, never from facilitator receipt.
`stepUpSigil`	`string`	Step-up tools after the principal’s biometric approval.
`redactedFieldsBitmap`	`number`	Bit-flags for fields redacted via DSAR (F4).

F-rule enforcement points

Rule	What’s enforced on the Receipt
F1	`onChainTxHash` + `onChainAmount` come from RPC, not facilitator.
F4	The row is append-only by Postgres trigger. Admin redaction requires session var + `redactedFieldsBitmap` match.
F5	`policyVersion` mismatch with current envelope blocks the row write.

Replay rendering

DSAR redaction does NOT delete the row. It nulls specific fields + sets redactedFieldsBitmap. The replay UI renders the row with [REDACTED] watermark over redacted fields — historical existence preserved.

Example

{
  "eventType": "tool_call",
  "timestamp": "2026-04-25T18:23:45.123Z",
  "agentId": "agent_01H8...",
  "principalUserId": "user_01H7...",
  "vaultId": "vault_01HA...",
  "toolName": "x402.pay",
  "endpoint": "write",
  "inputDigest": "abc123...",
  "outputDigest": "def456...",
  "riskVerdict": "pass",
  "policyVersion": 7,
  "grantId": "grant_01HC...",
  "latencyMs": 142,
  "onChainTxHash": "0xdeadbeef...",
  "onChainAmount": 50
}

Reading list

Money-safety contracts — F1 (RPC verify) + F4 (append-only).
Threat model — T4 (audit-log tampering) + T11 (DSAR loophole).

Grant (draft)ScopedGrantClaims (draft)

​Canonical URL

​Required fields

​Optional fields

​F-rule enforcement points

​Replay rendering

​Example

​Reading list