Skip to main content
An Answer Receipt is the product surface of Carry — the thing rendered under every answer that turns “the agent remembered” into something you can inspect.

The contract

What each field proves

usedMemories

The exact facts the answer drew on — each with its namespace, source agent, and real walrusRef.

authorized

The memory was allowed by the policy at retrieval. Because the gate runs first, an unauthorized memory could never appear here.

verified

A live GET /v1/blobs/{id} against the Walrus aggregator confirmed the blob resolves — not a flag the app sets.

blockedNamespaces

Namespaces that matched the query but were denied — the proof of what the agent was not allowed to use.

How it’s built

The receipt is honest by construction: authorized is always true for entries in usedMemories precisely because the gate already removed anything unauthorized — and verified reflects a real network check, not an assertion.

From receipt to permanent proof

A receipt lives in the app as JSON. But any receipt can be promoted to a tamper-evident, on-chain Proof object: it’s stored to Walrus, hashed, and anchored on Sui where the chain recomputes the authorization verdict. See Proofs on Sui.