What Is a Receipt?
A receipt is a structured, cryptographically chained log entry that records:
- What decision the system made -- allow or deny
- Why the decision was made -- which gates evaluated to what values, with what evidence
- When the decision was made -- timestamp and sequence number
- What evidence supported the decision -- metrics, thresholds, context at decision time
- Who authorized it -- including any human override metadata
A receipt is not a log line. It is not a CSV export pulled the next morning. It is a real-time, machine-readable proof that governance happened at the moment it was supposed to happen.
When people talk about AI safety, they tend to mean alignment: the model understands what you want and tries to do it. When they talk about governance, they usually mean constraints: rules the system must follow. Neither conversation surfaces evidence. Yet evidence is where control actually lives.
A well-aligned model can still make a catastrophic mistake. A correctly constrained system can still be bypassed at runtime. The only way to prove that governance operated as designed -- that a decision was made by policy, not by accident or exception -- is to have receipts.
Why Receipts Matter More Than Rules
Consider a trading system with a stated rule: no position larger than 2% of capital.
You can read the rule in source code. You can test it in simulation. But at runtime, when the system holds a 5% position, you have no immediate proof of what happened without receipts. Did the rule fail to fire? Did it fire and get overridden? Did the check run against stale capital data?
With a receipt, the answer is immediate and verifiable:
```json
{
"decision_id": "receipt-1847293",
"proposal": {
"position_id": "SOL-LONG-20260604-0930",
"size_usd": 50000,
"capital_at_decision": 1000000
},
"gates": {
"position_size_gate": {
"allowed": true,
"max_allowed_usd": 50000,
"reason": "position_pct = 5.0%, threshold = 5.0%, decision = ALLOW_AT_THRESHOLD"
},
"leverage_gate": {
"allowed": false,
"reason": "proposed leverage 2.5x exceeds max 2.0x"
},
"drawdown_gate": {
"allowed": true,
"current_drawdown": 1.2,
"max_drawdown": 3.0
}
},
"overall_decision": "DENY",
"denying_gates": ["leverage_gate"],
"execution": "NOT_EXECUTED",
"timestamp_utc": "2026-06-04T14:30:15.237Z",
"sequence_number": 1847293,
"hmac_sha256": "a7f9e2d3c1b8..."
}
```
This receipt is self-contained. If someone disputes whether policy was enforced, you show the receipt. The HMAC proves it has not been tampered with. The denial reason is explicit. There is nothing to reconstruct.
The Receipt Chain
Receipts become significantly stronger when chained. Each receipt references the HMAC of the previous one:
```json
{
"sequence_number": 1847294,
"previous_receipt_hmac": "7d2c8f5a9e1b3...",
"this_receipt_hmac": "a7f9e2d3c1b8...",
"timestamp_utc": "2026-06-04T14:30:16.441Z"
}
```
If someone tries to alter or delete a receipt, the chain breaks. Downstream HMACs no longer verify. The tampering becomes detectable.
This does not require blockchain or distributed consensus. It is forward-chaining, the same technique filesystem journaling uses to detect corruption. The chain is an audit trail that cannot be erased without leaving evidence of the erasure.
What Gets Logged
Not every system action needs a full cryptographic receipt. Routine telemetry -- price ticks, performance counters, debug output -- goes to a separate observability layer.
Receipts are for decisions that carry material consequence:
- Capital deployment: position entries, exits, sizing changes, leverage adjustments
- Risk state changes: stop-loss modifications, drawdown resets, mode transitions
- Policy overrides: human judgment overriding a gate's DENY
- System state transitions: engine activations, quarantines, regime switches
- Non-execution evidence: proposals that were denied, logged with reasons
The last category is often the most valuable. A proposal that was blocked -- and why it was blocked -- is forensic evidence that the governance system was functioning. Non-execution receipts are not failure records; they are proof of governance working as designed.
The Cost of Receipts
Computationally, writing a receipt is cheap: a few kilobytes of structured JSON and an HMAC-SHA256 hash, which runs in microseconds. The bottleneck is I/O, not computation.
At high decision rates, receipt systems use standard techniques: batching receipts in memory before flushing to disk, async logging queues so the main execution path is not blocked, and tiered storage to keep recent receipts fast while archiving older ones.
The throughput cost is real and bounded. For a system making dozens of consequential decisions per day, it is negligible. For a system operating at higher rates, the architecture scales -- the evidence requirement does not shrink.
Receipt Verification and Forensics
Receipts enable four categories of post-hoc analysis:
Replay: given a sequence of receipts, you can reconstruct the governance decisions in order and verify that each was correct against the policy in force at the time.
Blame assignment: when a loss occurs, receipts show exactly which gates allowed the trade, what evidence they evaluated, and at what values. The question shifts from "what happened?" to "was this the right call given what the system knew?"
Pattern detection: over time, gate behavior reveals system weaknesses. A gate that fires DENY at a high rate may be too conservative. A gate that almost never fires may be measuring the wrong thing. Receipts surface these patterns quantitatively.
Accountability: for any system managing capital, user data, or consequential decisions, regulators and counterparties will ask for proof that policy was followed. Receipts are that proof.
Receipts as a Learning Signal
Receipts are not just a compliance mechanism. They are a feedback loop.
If a proposal was denied by gate X, but the proposed action would in retrospect have been correct, that receipt is evidence that gate X is miscalibrated. You can tune the gate's threshold.
If a proposal was allowed by all gates and the action produced a loss, those receipts show what the system believed at the time. You can identify which gate should have caught this case and add the missing dimension.
Without receipts, governance tuning is guesswork. With receipts, it is data-driven. The receipt ledger is the empirical record that governance learns from.
Receipts vs. Logging vs. Monitoring
These three things are often conflated, but they serve distinct purposes.
Logging is about observability: what happened, in what order? It is the raw record of system activity.
Monitoring is about alerting: is something wrong right now? It watches metrics and fires alarms.
Receipts are about authority: was the right entity allowed to make this decision, and did it follow policy when doing so?
A monitoring system might alert: "Drawdown breaker activating, position at -3.1%."
A receipt would capture: "Drawdown gate evaluated at T-30 seconds, found current_dd=3.1% against threshold=3.0%, returned DENY, execution blocked, proposal logged to receipt 1847391 in the immutable ledger."
Monitoring tells you something is wrong. Receipts tell you what governance decided about it and whether that decision was authoritative.
A Minimal Implementation
```python
from dataclasses import dataclass
from typing import Dict, Any
import hmac, hashlib, json, time
@dataclass(frozen=True)
class Receipt:
sequence_number: int
proposal_id: str
decision: str # ALLOW or DENY
gates_evaluated: Dict[str, Any]
timestamp_utc: float
previous_hmac: str
def compute_hmac(self, secret_key: bytes) -> str:
payload = json.dumps({
'sequence_number': self.sequence_number,
'proposal_id': self.proposal_id,
'decision': self.decision,
'gates_evaluated': self.gates_evaluated,
'timestamp_utc': self.timestamp_utc,
'previous_hmac': self.previous_hmac,
}, sort_keys=True)
return hmac.new(secret_key, payload.encode(), hashlib.sha256).hexdigest()
class ReceiptLedger:
def __init__(self, secret_key: bytes):
self.secret_key = secret_key
self.receipts = []
self.previous_hmac = "0" * 64 # genesis
def append(self, proposal_id: str, decision: str, gates: Dict[str, Any]) -> str:
receipt = Receipt(
sequence_number=len(self.receipts),
proposal_id=proposal_id,
decision=decision,
gates_evaluated=gates,
timestamp_utc=time.time(),
previous_hmac=self.previous_hmac,
)
hmac_val = receipt.compute_hmac(self.secret_key)
self.receipts.append((receipt, hmac_val))
self.previous_hmac = hmac_val
return hmac_val
```
This is the foundation. A frozen dataclass (immutable in Python), HMAC chaining, append-only storage. You build upward from here: persistence to SQLite or an object store, a verification function that walks the chain, query tooling for forensics.
Where Receipts Save You
Scenario: a trading system executes a catastrophic position -- five times the policy limit, heading toward liquidation.
Without receipts, you spend hours investigating: did the size gate misfire? Was the capital data stale? Did someone modify the code?
With receipts, the answer is immediate:
```json
{
"decision_id": "receipt-9472839",
"position_size_gate": {
"allowed": false,
"reason": "proposed_size=5000000 exceeds max=2000000"
},
"overall_decision": "DENY",
"execution": "NOT_EXECUTED"
}
```
The governance system denied this trade. So how does the position exist? Now you know exactly where to look: a prior position that grew through unrealized gains, a bypass in the execution adapter, or a human override without a corresponding receipt. Receipts do not prevent every problem; they narrow the search space from hours to minutes.
Conclusion: Evidence Over Assertion
Governance without receipts is an assertion. It is a process that exists in documentation, tested in simulation, believed by the team.
Governance with receipts is a proof. It is a machine-readable record, logged at decision time, chained and verifiable, available for forensic review at any point after the fact.
If you are building a system that manages capital, affects users at scale, or makes consequential decisions automatically, build receipt infrastructure before you build the gates. Before the policies. Before the model.
The receipts are the evidence. Everything else is assertion without them.