OpenReceipt · Extension Registry · normative

Extension registry.

Normative index of all registered OpenReceipt extension sub-tags. Companion to the core envelope specification.

Namespacing rules

Extensions MUST use one of two forms:

  • x- namespace — vendor-specific claims prefixed x-<vendor>-<key>. Example: x-cloakapi-ledger. No registration required. Verifiers MUST ignore unknown x-* claims without failing verification.
  • Versioned sub-tag — form v1.1-<name> (or a version-marking sub-tag such as v3-attestation). MUST appear in this registry before use. Unregistered sub-tags MUST use the x- namespace instead.
MUST NOT: Receipts adding top-level fields outside the core schema or the x-* namespace fail conformance.

Registered sub-tags

Sub-tag IDclaims keyBrief description
v3-attestationclaims["v3-attestation"]Client-provable attestation set + trust tier (client-signed, gateway blind). Marks the v3 envelope.
v1.1-file-extclaims.file_attestations[]Per-file: MIME, SHA-256 pre/post, OCR injection scan, extractor attestation, face detection
v1.1-streamingclaims.streaming_chunk_attestations[]Per-chunk: index, SHA-256, prev-chunk-hash chain, direction, reconstruction flag
v1.1-routerclaims.routing_decisionRouting decision: provider_id, region, model, reason, provider_request_hash
v1.1-local-aiclaims.local_aiLocal-LLM: model_id, engine_version, device capabilities, zero_egress_proof
v1.1-web-searchclaims.web_searchWeb-search: query_hash, result_count, provider, result_hashes[]

v3-attestation (Receipt v3)

Extends claims["v3-attestation"] (object). Marks the envelope version v: "v3". See core spec §4.2 for the field-by-field semantics.

Records ONLY what the client can cryptographically or architecturally prove (integrity principle, core spec §7): a property that depends on a third party's unverifiable internal behaviour is NEVER attested. Notably, a "no-training" claim is excluded — a client can prove it SET the provider's no-train flag, not that the provider honoured it.

Required fields: tier (gateway-countersigned / beacon-anchored / local-only), no_raw_pii_egress (bool), tokenised_body_hash (SHA-256 hex of the exact bytes that egressed), detector_categories (string[] — categories only, never values), engine_ruleset_version, engine_binary_hash, genuine_engine (bool — true only when the running binary matched the official signed-engine allowlist), privacy_tier, token_binding_hmac (commitment to the token↔PII bindings; proves reversibility-only-by-key without revealing PII), anchoring ({ inclusion_state: countersigned|anchored|pending, beacon_nonce?, receipt_hash?, transparency_log_leaf?, inclusion_proof? }).

Optional fields: self_check ({ fired, extra_tokenised }), attester_public_key (uncompressed P-256 hex — makes the receipt self-contained for fully-offline third-party verification), client_destination (client-asserted egress target), compliance_pack ({ id, definition_hash, origin } — covers built-in AND customer-imported packs).

Two-tier trust (tier): gateway-countersigned = the request went through the gateway, which countersigned relay provider/model + upstream hashes and advanced the per-org chain (strongest). beacon-anchored = off-gateway (browser extension on a third-party site, complete-local online): client-signed locally, then anchored in the public transparency log via a content-free meter beacon that records the receipt hash + token counts (never content). local-only = fully offline; anchors on reconnect.

MUST NOT: Gateway-witnessed routing (provider/model + upstream byte hashes) lives in claims.routing_decision + claims.countersignature, NOT in this sub-tag — a blind client cannot witness them, so self-attesting them is forbidden.

v1.1-file-ext

Extends claims.file_attestations[]. JSON Schema: conformance/schemas/v1.1-file-ext.json (see /source/conformance/).

Core fields: mime (required), sha256_pre (required), sha256_post (required), ocr_text_sha256 (optional), exif_stripped (required), face_detection (optional), processing_ms (required), ocr_injection_scan (optional), extractor_attestation (optional).

ocr_injection_scan (registered 2026-04-23): required scanner_name, scanner_version, verdict (PASS/HIGH_BLOCK/MEDIUM_CONSENT), confidence 0–1; optional blocklist_hits, fail_closed_reason.

extractor_attestation (registered 2026-04-23): required file_sha256, extractor_binary_sha256, extractor_version, extracted_sha256, desktop_sig; optional gateway_countersig. desktop_sig = Ed25519 over the concatenation of all four SHA-256 hex values.

Conformance fixtures: fixtures/positive/v1.1-file-ext/ and negative/v1.1-file-ext/.

v1.1-streaming

Extends claims.streaming_chunk_attestations[]. Schema: conformance/schemas/v1.1-streaming.json. Key fields: chunk_index, sha256, prev_chunk_sha256, direction (request/response), reconstruction_applied. Conformance: positive/v1.1-streaming/ and negative/v1.1-streaming/.

v1.1-router

Extends claims.routing_decision (object). Schema: conformance/schemas/v1.1-router.json. Key fields: provider_id, region, model, reason (cost/latency/capability/failover/policy), provider_request_hash. All reason enum values are covered in positive fixtures. Conformance: positive/v1.1-router/.

v1.1-local-ai

Extends claims.local_ai (object). Schema: conformance/schemas/v1.1-local-ai.json. Key fields: model_id, engine_version, device_capabilities (webgpu, wasm_simd), zero_egress_proof (required). Conformance: positive/v1.1-local-ai/ and negative/v1.1-local-ai/ (missing zero_egress_proof).

Extends claims.web_search (object). Schema: conformance/schemas/v1.1-web-search.json. Key fields: query_hash (required SHA-256 hex), result_count, provider, result_hashes[]. Conformance: positive/v1.1-web-search/ and negative/v1.1-web-search/ (missing query_hash).

Contribution model

  1. Prepare your proposal against the published spec sources at /source/spec/: a JSON Schema draft, two positive + two negative fixtures, and the owning spec reference.
  2. Submit it via the submission process (or email badges@cloakapi.io).
  3. Approval from a neutral maintainer is required.
  4. Once accepted, the sub-tag is added to the Registered sub-tags table above and the central registry in the core specification is updated in the same change.
MUST: Unregistered sub-tags MUST use the x- namespace. Advertising a sub-tag badge for an unregistered sub-tag violates the badge programme terms.

Licensing

Normative prose: CC0 1.0 Universal. Documentation pages: CC-BY-4.0. Reference implementations: MIT / Apache-2.0. No CLA required.

See also

← Core specification Conformance → last edited 2026-07-09 · OpenReceipt v3