# dev.cocore.compute.receipt

> Published by [cocore.dev](https://lexicon.garden/identity/did:plc:5quuhkmwe2q4k3azfsgg7kdz)

✓ This is the authoritative definition for this NSID.

## Description

A signed receipt of a single completed compute job. Published by the provider in its own repo. Strong-refs the requester's job and the active attestation. Carries an additional Secure-Enclave-bound signature so it remains verifiable across PDS migrations.

## Links

- [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.receipt)
- [Documentation](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.receipt/docs)
- [Examples](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.receipt/examples)

## Definitions

### `dev.cocore.compute.receipt`

**Type**: `record`

**Key**: `tid`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `job` | `ref` → `com.atproto.repo.strongRef` | Yes | Strong-ref to the requester's dev.cocore.compute.job record. |
| `model` | `string` | Yes |  |
| `price` | `ref` → `dev.cocore.compute.defs#money` | Yes | MUST be <= job.priceCeiling. Currency MUST match job.priceCeiling.currency. |
| `params` | `ref` → `#generationParams` | No | Optional record of the sampling parameters the provider committed to for this job. Integer-only (canonical JSON forbids floats): temperature/top_p are carried as integer milliunits. Covered by enclaveSignature, so a requester can prove the provider claimed these settings. |
| `tokens` | `ref` → `dev.cocore.compute.defs#tokenCounts` | Yes |  |
| `requester` | `string` (did) | Yes | DID of the requester. Denormalized from the job record for indexer convenience; MUST equal the DID owning the job record. |
| `startedAt` | `string` (datetime) | Yes |  |
| `attestation` | `ref` → `com.atproto.repo.strongRef` | Yes | Strong-ref to a dev.cocore.compute.attestation record published by this provider. completedAt MUST fall within [attestedAt, expiresAt] of that attestation. |
| `completedAt` | `string` (datetime) | Yes |  |
| `inputCommitment` | `string` | Yes | MUST equal job.inputCommitment. |
| `outputCipherURL` | `string` (uri) | No | Optional URL where the encrypted output lives. |
| `enclaveSignature` | `bytes` | Yes | Secure Enclave P-256 signature (DER) over a sorted-key canonical JSON of every other field in this record. Verified against the publicKey of the strong-reffed attestation. This binding survives PDS migration: the repo-commit signature changes when keys rotate, but the enclaveSignature does not. |
| `outputCommitment` | `string` | Yes | SHA-256 hex over the plaintext output bytes — the decrypted result the requester receives. (The earlier 'encrypted output' wording was a doc error; the provider has always committed to the plaintext, which is what a requester can verify after decrypting. Use outputCipherCommitment to commit to the encrypted bytes on the wire.) |
| `outputCipherCommitment` | `string` | No | Optional SHA-256 hex over the EXACT encrypted bytes delivered to the requester (the sealed reply). Lets a requester confirm the ciphertext they received is the one the provider's enclaveSignature commits to — defends against an intermediary swapping the delivered bytes. Covered by enclaveSignature like every other field. |

### `dev.cocore.compute.receipt#generationParams`

**Type**: `object`

Sampling parameters committed to in a receipt. Integer-only because the canonical signing form forbids floats — temperature and top_p are carried as milliunits (value × 1000, e.g. temperature 0.7 -> 700).

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `seed` | `integer` | No | RNG seed, when the provider ran with a fixed seed (enables reproducibility claims). |
| `maxTokens` | `integer` | No | Max output tokens requested for this job. |
| `topPMilli` | `integer` | No | Nucleus sampling top_p × 1000 (e.g. 0.95 -> 950). Omitted when the provider used the model default. |
| `temperatureMilli` | `integer` | No | Sampling temperature × 1000 (e.g. 0.7 -> 700). Omitted when the provider used the model default. |

## Raw Schema

```json
{
  "id": "dev.cocore.compute.receipt",
  "defs": {
    "main": {
      "key": "tid",
      "type": "record",
      "record": {
        "type": "object",
        "required": [
          "job",
          "requester",
          "model",
          "inputCommitment",
          "outputCommitment",
          "tokens",
          "startedAt",
          "completedAt",
          "price",
          "attestation",
          "enclaveSignature"
        ],
        "properties": {
          "job": {
            "ref": "com.atproto.repo.strongRef",
            "type": "ref",
            "description": "Strong-ref to the requester's dev.cocore.compute.job record."
          },
          "model": {
            "type": "string",
            "maxLength": 256
          },
          "price": {
            "ref": "dev.cocore.compute.defs#money",
            "type": "ref",
            "description": "MUST be <= job.priceCeiling. Currency MUST match job.priceCeiling.currency."
          },
          "params": {
            "ref": "#generationParams",
            "type": "ref",
            "description": "Optional record of the sampling parameters the provider committed to for this job. Integer-only (canonical JSON forbids floats): temperature/top_p are carried as integer milliunits. Covered by enclaveSignature, so a requester can prove the provider claimed these settings."
          },
          "tokens": {
            "ref": "dev.cocore.compute.defs#tokenCounts",
            "type": "ref"
          },
          "requester": {
            "type": "string",
            "format": "did",
            "description": "DID of the requester. Denormalized from the job record for indexer convenience; MUST equal the DID owning the job record."
          },
          "startedAt": {
            "type": "string",
            "format": "datetime"
          },
          "attestation": {
            "ref": "com.atproto.repo.strongRef",
            "type": "ref",
            "description": "Strong-ref to a dev.cocore.compute.attestation record published by this provider. completedAt MUST fall within [attestedAt, expiresAt] of that attestation."
          },
          "completedAt": {
            "type": "string",
            "format": "datetime"
          },
          "inputCommitment": {
            "type": "string",
            "maxLength": 64,
            "minLength": 64,
            "description": "MUST equal job.inputCommitment."
          },
          "outputCipherURL": {
            "type": "string",
            "format": "uri",
            "description": "Optional URL where the encrypted output lives."
          },
          "enclaveSignature": {
            "type": "bytes",
            "maxLength": 256,
            "description": "Secure Enclave P-256 signature (DER) over a sorted-key canonical JSON of every other field in this record. Verified against the publicKey of the strong-reffed attestation. This binding survives PDS migration: the repo-commit signature changes when keys rotate, but the enclaveSignature does not."
          },
          "outputCommitment": {
            "type": "string",
            "maxLength": 64,
            "minLength": 64,
            "description": "SHA-256 hex over the plaintext output bytes — the decrypted result the requester receives. (The earlier 'encrypted output' wording was a doc error; the provider has always committed to the plaintext, which is what a requester can verify after decrypting. Use outputCipherCommitment to commit to the encrypted bytes on the wire.)"
          },
          "outputCipherCommitment": {
            "type": "string",
            "maxLength": 64,
            "minLength": 64,
            "description": "Optional SHA-256 hex over the EXACT encrypted bytes delivered to the requester (the sealed reply). Lets a requester confirm the ciphertext they received is the one the provider's enclaveSignature commits to — defends against an intermediary swapping the delivered bytes. Covered by enclaveSignature like every other field."
          }
        }
      }
    },
    "generationParams": {
      "type": "object",
      "properties": {
        "seed": {
          "type": "integer",
          "description": "RNG seed, when the provider ran with a fixed seed (enables reproducibility claims)."
        },
        "maxTokens": {
          "type": "integer",
          "minimum": 0,
          "description": "Max output tokens requested for this job."
        },
        "topPMilli": {
          "type": "integer",
          "maximum": 1000,
          "minimum": 0,
          "description": "Nucleus sampling top_p × 1000 (e.g. 0.95 -> 950). Omitted when the provider used the model default."
        },
        "temperatureMilli": {
          "type": "integer",
          "minimum": 0,
          "description": "Sampling temperature × 1000 (e.g. 0.7 -> 700). Omitted when the provider used the model default."
        }
      },
      "description": "Sampling parameters committed to in a receipt. Integer-only because the canonical signing form forbids floats — temperature and top_p are carried as milliunits (value × 1000, e.g. temperature 0.7 -> 700)."
    }
  },
  "$type": "com.atproto.lexicon.schema",
  "lexicon": 1,
  "description": "A signed receipt of a single completed compute job. Published by the provider in its own repo. Strong-refs the requester's job and the active attestation. Carries an additional Secure-Enclave-bound signature so it remains verifiable across PDS migrations."
}
```