Organization-scoped API keys
Every customer request resolves an organization from the authenticated key. Callers cannot submit or override organization_id.
Trust and status
ActionReceipts.ai is designed to record signed evidence of agent actions while keeping patient identifiers, raw prompts, completions, screenshots, DOM snapshots, and source-system payload bodies out of storage.
Receipt metadata only; customer correlation remains opaque.
Signature key ID is bound into every signed payload.
Postgres live tests are gated behind explicit environment variables.
Every customer request resolves an organization from the authenticated key. Callers cannot submit or override organization_id.
Billing state lives locally. Suspended states return `403 subscription_suspended` before customer API actions proceed.
Receipt creation records usage locally first and never blocks audit evidence creation.
Customer and admin rate limits, request size limits, and zero-PHI validation run before receipts are accepted.
| Area | Status |
|---|---|
| Receipt API | Ready for demo |
| Verification | Ready for demo |
| Healthcare Audit Mode | Ready for beta |
| Receipt Console | Next build |
Healthcare workflows require signed BAA coverage before PHI-touching production use.