Audit (Action Receipts)

Overview

Action Receipts are signed, hash-chained records of actions performed by AI agents. They answer the question: “What did this agent do, when, and under what authority?”

Every significant action produces a receipt that:

• Is signed by the acting agent’s key
• Is hash-chained to the previous receipt (tamper-evident)
• References the DAT that authorised the action
• Maps to compliance controls (NIST 800-53, ISM, SOC 2)

Receipt Structure

{
  "version": "0.1",
  "id": "receipt-2026-02-24-00042",
  "sequenceNumber": 42,
  "timestamp": "2026-02-24T14:30:00Z",
  "agent": "did:idprova:example.com:kai-lead-agent",
  "delegationRef": "dat-2026-02-24-a1b2c3d4",
  "action": {
    "type": "mcp:tool-call",
    "resource": "filesystem",
    "operation": "read",
    "target": "/data/report.pdf",
    "result": "success"
  },
  "previousHash": "blake3:a1b2c3d4e5f67890...",
  "hash": "blake3:f8e7d6c5b4a39281...",
  "signature": "z3FXQjecWg3dBGZBCY9K..."
}

Hash Chaining

Each receipt includes the hash of the previous receipt, forming a tamper-evident chain:

Receipt[0]
  hash: blake3:aaa...
  previousHash: null (genesis)

Receipt[1]
  hash: blake3:bbb...
  previousHash: blake3:aaa...  ← links to Receipt[0]

Receipt[2]
  hash: blake3:ccc...
  previousHash: blake3:bbb...  ← links to Receipt[1]

Tamper detection: If any receipt in the chain is modified, inserted, or removed, the hash chain breaks. Verifiers detect this by recomputing hashes and checking continuity.

Verification

Receipt chain verification checks:

1. Chain continuity — No gaps in sequence numbers
2. Hash integrity — Each receipt’s previousHash matches the computed hash of the prior receipt
3. Signature verification — Each receipt’s signature is valid for the agent’s public key
4. Delegation correlation — Each receipt references a valid, non-expired, non-revoked DAT
5. Scope compliance — The action in the receipt is permitted by the referenced DAT’s scope

Compliance Mapping

Action Receipts are designed to satisfy existing compliance frameworks out of the box:

NIST 800-53 Rev. 5

Control	How Receipts Satisfy
AU-2 (Auditable Events)	Every significant action produces a receipt
AU-3 (Content of Audit Records)	Receipts include who, what, when, where, outcome
AU-8 (Time Stamps)	ISO 8601 timestamps on every receipt
AU-9 (Protection of Audit Information)	Hash chaining provides tamper evidence
AU-10 (Non-repudiation)	Agent signs receipts with own key
AU-12 (Audit Record Generation)	Automated receipt generation on every action
IA-2 (Identification & Authentication)	DID-based agent identity in every receipt
AC-6 (Least Privilege)	Receipt references DAT scope — enforceable

Australian ISM

Control	How Receipts Satisfy
ISM-0585	Identification of processes acting on data
ISM-0988	Logging of privileged actions
ISM-0580	Audit log integrity protection
ISM-1405	Event log content (who, what, when)

SOC 2

Criteria	How Receipts Satisfy
CC6.1	Logical access security — identity-linked actions
CC6.2	Authorised scope — DAT reference in every receipt
CC6.3	Audit trail integrity — hash chaining + signatures
CC7.2	System operations monitoring — receipt logs

Use Cases

Post-incident forensics: Walk the receipt chain backwards to trace exactly what happened, who authorised it, and when.

Real-time monitoring: Stream receipts to detect anomalies — unusual action frequency, actions outside normal scope, unexpected time patterns.

Compliance auditing: Map receipts directly to compliance controls. Assessors can verify the chain and confirm control coverage.

Attribution: Trace any action back through the delegation chain to the authorising human principal. Complete accountability.

Next Steps

• Trust Levels — Progressive trust model
• Identity (AIDs) — Agent Identity Documents
• Receipts Protocol Specification — Full technical reference