Helix StudioGenome IDE
← Docs
Helix CLI docs
Browse Helix CLI docs

RFC 0003 — Run receipt v1

Purpose

Signed statement that a runner executed a pinned job and produced a bundle.

Fields (run_receipt_v1)

schema: "helix.receipt.run.v1"
canonicalization_id: "json.c14n.v1"
run_id: string
job_id: string
workspace_id: string
project_id: string
created_at_utc: RFC3339

policy_digest: "sha256:…"
config_digest: "sha256:…"
plugin_digests: ["sha256:…", ...]
bundle_core_digest: "sha256:…"
backend_fingerprint_digest: "sha256:…"

backend_fingerprint:
  toolchain: string
  runner_image_digest: string
  deterministic_flags: [string, ...]
  host_os: string
  cpu_arch: string

signature:
  alg: "ed25519"
  key_id: string
  sig_b64: string

Signing rule

Signature is computed over canonical JSON bytes of the receipt with signature.sig_b64 omitted or empty.

Verifier checks signature.key_id against trusted runner keys for the workspace/project.

Reference schema

  • schemas/hub/run_receipt_v1.schema.json
  • src/helix/schema/hub/run_receipt_v1.schema.json