{
  "@context": "https://schema.org",
  "@type": "TechArticle",
  "name": "ThaiNotary Agent Action Receipts (Signed JWT)",
  "version": "1.0.0",
  "description": "Every state-changing agent action (appointment.create, quote.issue, document.request) returns a signed JWT receipt. Receipts are verifiable against /.well-known/jwks.json (kid: thainotary-agent-2026) and serve as cryptographic proof-of-action for downstream agents and auditors.",
  "algorithm": "RS256",
  "issuer": "https://xn--82czbx2bczd4fl8a.online",
  "jwksUri": "https://xn--82czbx2bczd4fl8a.online/.well-known/jwks.json",
  "keyId": "thainotary-agent-2026",
  "ttlSeconds": 31536000,
  "claims": {
    "iss": "https://xn--82czbx2bczd4fl8a.online",
    "sub": "<agent client_id>",
    "aud": "<requesting agent>",
    "iat": "<issued at unix ts>",
    "exp": "<iat + ttl>",
    "jti": "<unique receipt id>",
    "act": {
      "type": "<appointment.create|quote.issue|document.request|webhook.subscribe>",
      "capability": "<capability name>",
      "capabilityVersion": "2.0.0",
      "resourceId": "<entity id>",
      "statusCode": 200,
      "scope": "<oauth scope>"
    },
    "proof": {
      "requestHash": "sha256:<hex of canonical request>",
      "responseHash": "sha256:<hex of canonical response>"
    }
  },
  "verification": {
    "steps": [
      "Fetch JWKS from /.well-known/jwks.json",
      "Locate key by `kid` header (thainotary-agent-2026)",
      "Verify RS256 signature",
      "Validate iss === issuer, exp > now, aud matches",
      "Recompute requestHash/responseHash and compare"
    ]
  },
  "endpoints": {
    "issue": "https://xn--82czbx2bczd4fl8a.online/agent-receipts/issue",
    "verify": "https://xn--82czbx2bczd4fl8a.online/agent-receipts/verify",
    "revocationList": "https://xn--82czbx2bczd4fl8a.online/agent-receipts/revocation-list.json"
  },
  "license": "CC-BY-4.0",
  "dateModified": "2026-05-31T15:13:20.026Z"
}