Glossary

Trust Receipt

A Trust Receipt turns an AI call from an opaque event into a portable, signed artifact. It is the unit of evidence in a sovereign AI deployment: instead of asking a regulator to trust the operator's logs, you hand them a JSON document — an AgentBOM — that any verifier can authenticate against your published public key.

Back to glossary

Definition

A Trust Receipt is AgentAnywhere's signed implementation of the open AgentBOM format — a cryptographically signed, regulator-verifiable record of one AI execution (region, model, data sources, policy decisions, redactions, cost, carbon) signed with Ed25519. Anyone with the issuer's published public key can verify a receipt offline, without access to the platform that produced it.

Also referred to as: Sovereign Receipt · Sovereign Receipts · AI execution receipt · AI audit receipt · cryptographic AI receipt · AI compliance receipt · Signed AgentBOM

Quick facts

Signed with Ed25519; payload is canonical JSON; encoded in base64url.
Wire format: open AgentBOM (spec at agentbom.org).
Verifiable offline against a public key published at /.well-known/soverai-receipts.
Reference verifier: `npx @soverai/verify` (zero-dependency Node CLI/library).
Wire-tag (current): `soverai-receipt/v1` — kept stable for deployed verifiers.
Spec page: https://trustreceipts.agentanywhere.ai

Anatomy of a receipt

Each receipt has two halves. The payload is canonical JSON conformant to the open AgentBOM schema: a stable, deterministic encoding of `agentId`, `region`, `model`, `executionId`, `dataSources` (each fingerprinted with sha256), `policyDecisions`, `redactions`, `cost`, `carbon`, and `orgKid` (the key id that signed it). The signature is an Ed25519 signature over that canonical payload, base64url-encoded.

Canonicalisation matters. Reordering keys, adding whitespace, or changing one byte invalidates the signature deterministically — so a receipt either verifies or it does not, with no grey zone.

How verification works

A verifier (the AgentAnywhere public verifier API, the `npx @soverai/verify` CLI, a regulator's own implementation) does three things. It fetches the issuer's public key from `/.well-known/soverai-receipts`, picks the key whose `kid` matches the receipt, and runs Ed25519 verification over the canonical payload. The verifier never needs to talk to the issuer's database; the cryptography is sufficient.

Key rotation is handled by publishing multiple `kid`s in the well-known document. Old receipts remain verifiable as long as their `kid` is still listed.

Trust Receipt vs AgentBOM

AgentBOM is the open format — schema, canonicalization rules, reference verifier — published at agentbom.org. A Trust Receipt is what you get when AgentAnywhere Sovereign issues an AgentBOM: same wire format, plus the regulator share-link, redaction profiles, and console workflow that make the receipt usable in an enterprise audit. Other vendors can issue AgentBOMs that interoperate with the same verifiers; only AgentAnywhere can issue a Trust Receipt.

Why receipts and not just logs

Audit logs live inside the operator's control plane. They prove what the operator says they prove. Trust Receipts (and any AgentBOM) are externally-verifiable artifacts: a regulator, a court, an end-user, or a downstream auditor can authenticate them with no platform access and no NDA. That property is what makes them admissible in regulatory contexts that cloud audit logs cannot reach.

Primary sources

Where the regulatory or technical authority for this term actually lives. We cite primary sources so this entry can be checked, not just trusted.

Related terms

Sovereign AI

Sovereign AI is the practice of running AI systems — models, data, and compute — within the legal and physical boundaries of a chosen jurisdiction, so that data sovereignty, regulatory accountability, and supply-chain control remain under that jurisdiction's authority.

AgentBOM (Agent Bill of Materials)

An AgentBOM (Agent Bill of Materials) is a cryptographically verifiable manifest of every component used in an AI agent execution — model and weights, prompt template, system message, toolset, retrieval corpora, fine-tune lineage, and outbound dependencies. It is to agentic AI what an SBOM is to software supply chains.

Data residency for AI

Data residency for AI is the requirement that every byte processed by an AI system — training data, retrieval corpora, prompts, embeddings, outputs, and audit logs — remains within a specified legal jurisdiction for the entire lifecycle of the request.

Last reviewed: 2026-05-23.

Need this in your RFP or board memo?

We maintain canonical definitions for sovereign AI, Trust Receipts, data residency, AgentBOM, and agentic AI so procurement, security, and legal teams can quote a primary source instead of paraphrasing one. Email enterprise@soverai.ai if you need an extended PDF reference for a specific regulator.

Email enterprise

Trust Receipt

Back to glossary