Gateway receipts
What you'll find here
The redacted craik.capability_receipt records always-on service
actions produce — what context they preserve, how they redact, and the
status values they use.
Audit trail, not authority.
Gateway receipts preserve a trail for decisions already made by gateway policy, identity, allowlist, and scheduler boundaries.
Action coverage
craik.runtime.gateway_receipts covers:
Inbound event handling
Dispatch decisions
Policy checks
Denials
Scheduled automation actions
Context links
Gateway receipt metadata preserves stable links where available:
Channel
Event id
Task id
Policy envelope id
Channel identity id
Paired subject
Schedule id
Automation id
Related receipt ids
Redaction
Always redacted.
Gateway receipts always set redacted = true. Sensitive
metadata keys are removed before receipt construction.
Removed keys: payload · text · body · signature · secret.
The receipt records these names in redacted_fields so operators can
see that payload material was intentionally omitted.
Status
passeddenied