Environment receipts
What you'll find here
How provider, MCP, sandbox, local-process, remote-shell, browser, and
container decisions persist as craik.capability_receipt records —
context, actions, redaction, and the boundary on what the builder
does (and doesn't) do.
The builder records; it doesn't execute.
The builder in craik.runtime.environment_receipts does not execute
actions or grant authority. It produces auditable, redacted receipt
records for callers that have already made provider or sandbox routing
decisions.
Receipt context
EnvironmentReceiptContext links receipts to:
Task id
Agent session id
Policy envelope id
Provider id
Sandbox backend id
Route id
Target id
Command reference
Prior receipt ids
agent_session_id is optional for one-shot runs and populated by the
persistent-agent prompt loop. Operator views use it to correlate
provider actions, sandbox decisions, denials, handoffs, and recovery
state without duplicating raw prompt, command, or credential material in
the session record.
Actions
For persistent agents, a missing side-effect grant records denial
rather than upgrading the sandbox action to passed.
environment_decisionprovider_actionsandbox_actiondenialRedaction
References, not raw payloads.
Receipts store command references and target references — not raw command strings, environment maps, SSH material, provider tokens, or unredacted tool payloads.
Redacted fields include environment variables, credentials, command payloads, raw commands, stdin, stdout, stderr, target payloads, and secret-like metadata keys such as tokens, API keys, passwords, and credentials.