{
"id": "dev.cocore.compute.paymentAuthorization",
"defs": {
"main": {
"key": "tid",
"type": "record",
"record": {
"type": "object",
"required": [
"exchange",
"ceiling",
"scope",
"nonce",
"expiresAt",
"createdAt"
],
"properties": {
"nonce": {
"type": "string",
"maxLength": 32,
"minLength": 32,
"description": "16 random bytes, hex-encoded. Replay protection: any settlement re-using a consumed nonce is invalid."
},
"scope": {
"type": "string",
"description": "singleJob: authorization is consumed by a single matching receipt. session: a bounded set of jobs may share this authorization until expiresAt.",
"knownValues": [
"singleJob",
"session"
]
},
"ceiling": {
"ref": "dev.cocore.compute.defs#money",
"type": "ref",
"description": "Maximum amount the exchange may charge under this authorization."
},
"exchange": {
"type": "string",
"format": "did",
"description": "DID of the exchange authorized to charge."
},
"createdAt": {
"type": "string",
"format": "datetime"
},
"expiresAt": {
"type": "string",
"format": "datetime"
},
"sessionBudget": {
"ref": "dev.cocore.compute.defs#money",
"type": "ref",
"description": "When scope=session, total cumulative charges across all settlements under this authorization MUST NOT exceed sessionBudget. Ignored when scope=singleJob."
}
}
}
}
},
"$type": "com.atproto.lexicon.schema",
"lexicon": 1,
"description": "A requester's signed authorization permitting a named exchange to charge them up to a ceiling for a specific job. Published in the requester's repo before any work runs. Settlement records strong-ref this authorization to prove consent."
}