dev.cocore.compute.receipt Documentation (EN)

main record

No description available.

Record Key tid Timestamp-based ID

Properties

attestation ref com.atproto.repo.strongRef Required

Strong-ref to a dev.cocore.compute.attestation record published by this provider. completedAt MUST fall within [attestedAt, expiresAt] of that attestation.

completedAt string datetime Required

An RFC 3339 formatted timestamp.

enclaveSignature bytes Required

Secure Enclave P-256 signature (DER) over a sorted-key canonical JSON of every other field in this record. Verified against the publicKey of the strong-reffed attestation. This binding survives PDS migration: the repo-commit signature changes when keys rotate, but the enclaveSignature does not.

maxLength: 256

inputCommitment string Required

MUST equal job.inputCommitment.

maxLength: 64 bytesminLength: 64 bytes

job ref com.atproto.repo.strongRef Required

Strong-ref to the requester's dev.cocore.compute.job record.

model string Required

No description available.

maxLength: 256 bytes

outputCipherCommitment string Optional

Optional SHA-256 hex over the EXACT encrypted bytes delivered to the requester (the sealed reply). Lets a requester confirm the ciphertext they received is the one the provider's enclaveSignature commits to — defends against an intermediary swapping the delivered bytes. Covered by enclaveSignature like every other field.

maxLength: 64 bytesminLength: 64 bytes

outputCipherURL string uri Optional

Optional URL where the encrypted output lives.

outputCommitment string Required

SHA-256 hex over the plaintext output bytes — the decrypted result the requester receives. (The earlier 'encrypted output' wording was a doc error; the provider has always committed to the plaintext, which is what a requester can verify after decrypting. Use outputCipherCommitment to commit to the encrypted bytes on the wire.)

maxLength: 64 bytesminLength: 64 bytes

params ref #generationParams Optional

Optional record of the sampling parameters the provider committed to for this job. Integer-only (canonical JSON forbids floats): temperature/top_p are carried as integer milliunits. Covered by enclaveSignature, so a requester can prove the provider claimed these settings.

price ref dev.cocore.compute.defs#money Required

MUST be <= job.priceCeiling. Currency MUST match job.priceCeiling.currency.

requester string did Required

DID of the requester. Denormalized from the job record for indexer convenience; MUST equal the DID owning the job record.

startedAt string datetime Required

An RFC 3339 formatted timestamp.

tokens ref dev.cocore.compute.defs#tokenCounts Required

No description available.

View raw schema

{
  "key": "tid",
  "type": "record",
  "record": {
    "type": "object",
    "required": [
      "job",
      "requester",
      "model",
      "inputCommitment",
      "outputCommitment",
      "tokens",
      "startedAt",
      "completedAt",
      "price",
      "attestation",
      "enclaveSignature"
    ],
    "properties": {
      "job": {
        "ref": "com.atproto.repo.strongRef",
        "type": "ref",
        "description": "Strong-ref to the requester's dev.cocore.compute.job record."
      },
      "model": {
        "type": "string",
        "maxLength": 256
      },
      "price": {
        "ref": "dev.cocore.compute.defs#money",
        "type": "ref",
        "description": "MUST be <= job.priceCeiling. Currency MUST match job.priceCeiling.currency."
      },
      "params": {
        "ref": "#generationParams",
        "type": "ref",
        "description": "Optional record of the sampling parameters the provider committed to for this job. Integer-only (canonical JSON forbids floats): temperature/top_p are carried as integer milliunits. Covered by enclaveSignature, so a requester can prove the provider claimed these settings."
      },
      "tokens": {
        "ref": "dev.cocore.compute.defs#tokenCounts",
        "type": "ref"
      },
      "requester": {
        "type": "string",
        "format": "did",
        "description": "DID of the requester. Denormalized from the job record for indexer convenience; MUST equal the DID owning the job record."
      },
      "startedAt": {
        "type": "string",
        "format": "datetime"
      },
      "attestation": {
        "ref": "com.atproto.repo.strongRef",
        "type": "ref",
        "description": "Strong-ref to a dev.cocore.compute.attestation record published by this provider. completedAt MUST fall within [attestedAt, expiresAt] of that attestation."
      },
      "completedAt": {
        "type": "string",
        "format": "datetime"
      },
      "inputCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "MUST equal job.inputCommitment."
      },
      "outputCipherURL": {
        "type": "string",
        "format": "uri",
        "description": "Optional URL where the encrypted output lives."
      },
      "enclaveSignature": {
        "type": "bytes",
        "maxLength": 256,
        "description": "Secure Enclave P-256 signature (DER) over a sorted-key canonical JSON of every other field in this record. Verified against the publicKey of the strong-reffed attestation. This binding survives PDS migration: the repo-commit signature changes when keys rotate, but the enclaveSignature does not."
      },
      "outputCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "SHA-256 hex over the plaintext output bytes — the decrypted result the requester receives. (The earlier 'encrypted output' wording was a doc error; the provider has always committed to the plaintext, which is what a requester can verify after decrypting. Use outputCipherCommitment to commit to the encrypted bytes on the wire.)"
      },
      "outputCipherCommitment": {
        "type": "string",
        "maxLength": 64,
        "minLength": 64,
        "description": "Optional SHA-256 hex over the EXACT encrypted bytes delivered to the requester (the sealed reply). Lets a requester confirm the ciphertext they received is the one the provider's enclaveSignature commits to — defends against an intermediary swapping the delivered bytes. Covered by enclaveSignature like every other field."
      }
    }
  }
}

generationParams object

Sampling parameters committed to in a receipt. Integer-only because the canonical signing form forbids floats — temperature and top_p are carried as milliunits (value × 1000, e.g. temperature 0.7 -> 700).

Properties

maxTokens integer Optional

Max output tokens requested for this job.

minimum: 0

seed integer Optional

RNG seed, when the provider ran with a fixed seed (enables reproducibility claims).

temperatureMilli integer Optional

Sampling temperature × 1000 (e.g. 0.7 -> 700). Omitted when the provider used the model default.

minimum: 0

topPMilli integer Optional

Nucleus sampling top_p × 1000 (e.g. 0.95 -> 950). Omitted when the provider used the model default.

minimum: 0maximum: 1000

View raw schema

{
  "type": "object",
  "properties": {
    "seed": {
      "type": "integer",
      "description": "RNG seed, when the provider ran with a fixed seed (enables reproducibility claims)."
    },
    "maxTokens": {
      "type": "integer",
      "minimum": 0,
      "description": "Max output tokens requested for this job."
    },
    "topPMilli": {
      "type": "integer",
      "maximum": 1000,
      "minimum": 0,
      "description": "Nucleus sampling top_p × 1000 (e.g. 0.95 -> 950). Omitted when the provider used the model default."
    },
    "temperatureMilli": {
      "type": "integer",
      "minimum": 0,
      "description": "Sampling temperature × 1000 (e.g. 0.7 -> 700). Omitted when the provider used the model default."
    }
  },
  "description": "Sampling parameters committed to in a receipt. Integer-only because the canonical signing form forbids floats — temperature and top_p are carried as milliunits (value × 1000, e.g. temperature 0.7 -> 700)."
}