Independent Submission C. Hopley Internet-Draft AlgoVoi Intended status: Informational 30 May 2026 Expires: 1 December 2026 Categorical Refund Receipt Format for Agentic-Payment Flows draft-hopley-x402-refund-receipt-02 Abstract This document specifies a categorical refund receipt format for agentic-payment flows. The format is the post-settlement counterpart to the admission-time compliance receipt format specified in draft- hopley-x402-compliance-receipt: where the compliance receipt records an admission decision under regulatory screening obligations, the refund receipt records a reversal-of-funds event with the same canonicalisation discipline and the same audit-chain semantics. The receipt format uses a closed enumeration of categorical outcomes (FULL, PARTIAL, REJECTED) rather than a continuous percentage or amount-only representation. The categorical outcome is load-bearing for downstream regulatory obligations: under PSD2 (Directive 2015/2366) Article 89 a REJECTED outcome carries dispute-evidence obligations that a PARTIAL refund does not, and the categorical distinction must be preserved at the canonical-bytes level rather than collapsed to a percentage projection of the original amount. Receipts are canonicalised under RFC 8785 (JSON Canonicalization Scheme) with an in-band canonicalisation rule pin (canon_version). The pin enables year-N re-verification from retained bytes alone, without dependence on an out-of-band rule registry that the operator must continue to publish. The refund receipt format composes with the compliance receipt format via the original_payment_ref field, a content-addressed reference to the original payment record. A verifier walking the audit chain can confirm the full payment lifecycle from admission-time screening through settlement to refund event under one byte-deterministic canonicalisation pin. This document is complementary to draft-vauban-x402-stark-receipts (which covers cryptographic settlement-time payment-condition proofs) and to draft-hopley-x402-compliance-receipt (which covers admission- time compliance screening receipts). The three documents pin the same urn:x402:canonicalisation:jcs-rfc8785-v1 canonicalisation discipline. Hopley Expires 1 December 2026 [Page 1] Internet-Draft x402-refund-receipt May 2026 Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 1 December 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Relationship to other Internet-Drafts . . . . . . . . . . 5 1.4. Relationship to draft-vauban-x402-stark-receipts . . . . 5 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 6 2.1. Notation . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6 3. Receipt Format Specification . . . . . . . . . . . . . . . . 6 3.1. refund_result . . . . . . . . . . . . . . . . . . . . . . 6 3.2. jurisdiction_flags . . . . . . . . . . . . . . . . . . . 7 3.3. original_payment_ref . . . . . . . . . . . . . . . . . . 7 3.4. refund_amount . . . . . . . . . . . . . . . . . . . . . . 8 3.5. refund_provider_did . . . . . . . . . . . . . . . . . . . 9 3.6. refund_timestamp_ms . . . . . . . . . . . . . . . . . . . 9 Hopley Expires 1 December 2026 [Page 2] Internet-Draft x402-refund-receipt May 2026 3.7. canon_version . . . . . . . . . . . . . . . . . . . . . . 9 4. Canonicalisation . . . . . . . . . . . . . . . . . . . . . . 9 5. Audit Chain Composition . . . . . . . . . . . . . . . . . . . 10 5.1. Chain Row Shape . . . . . . . . . . . . . . . . . . . . . 10 5.2. Linkage Verification . . . . . . . . . . . . . . . . . . 11 5.3. Composition with Compliance Receipts . . . . . . . . . . 11 5.4. Retention Storage . . . . . . . . . . . . . . . . . . . . 12 6. Year-N Auditability Properties . . . . . . . . . . . . . . . 12 7. Composition with Other x402 Substrate . . . . . . . . . . . . 13 7.1. Compliance Receipt Linkage . . . . . . . . . . . . . . . 13 7.2. STARK Receipt Linkage . . . . . . . . . . . . . . . . . . 14 7.3. Composite Trust-Query . . . . . . . . . . . . . . . . . . 14 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 8.1. URN Namespace Registration . . . . . . . . . . . . . . . 14 8.2. Receipt Format Identifier . . . . . . . . . . . . . . . . 14 9. Security Considerations . . . . . . . . . . . . . . . . . . . 14 9.1. Receipt Tampering . . . . . . . . . . . . . . . . . . . . 14 9.2. Chain Truncation and Reordering . . . . . . . . . . . . . 15 9.3. Double-Refund Attacks . . . . . . . . . . . . . . . . . . 15 9.4. Cross-Asset Refund Substitution . . . . . . . . . . . . . 15 9.5. Operator Continuity Loss . . . . . . . . . . . . . . . . 15 9.6. DID Resolution Compromise . . . . . . . . . . . . . . . . 16 9.7. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 16 Appendix A. References . . . . . . . . . . . . . . . . . . . . . 16 A.1. Normative References . . . . . . . . . . . . . . . . . . 16 A.2. Informative References . . . . . . . . . . . . . . . . . 16 Appendix B. Appendix A. Examples (Informative) . . . . . . . . 17 B.1. A.1. FULL refund under UK + EU joint jurisdiction . . . 18 B.2. A.2. PARTIAL refund . . . . . . . . . . . . . . . . . . 18 B.3. A.3. REJECTED refund (PSD2 Article 89 dispute evidence) . . . . . . . . . . . . . . . . . . . . . . . . 18 Appendix C. Appendix B. Reference Implementations (Informative) . . . . . . . . . . . . . . . . . . . . . . 19 Appendix D. Appendix C. Acknowledgments . . . . . . . . . . . . 20 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 21 1. Introduction 1.1. Motivation Agentic-payment flows generate two classes of receipt over the lifecycle of a transaction: admission-time receipts (compliance screening, payment authorisation, mandate verification) and post- settlement receipts (settlement confirmation, refund, dispute resolution). Hopley Expires 1 December 2026 [Page 3] Internet-Draft x402-refund-receipt May 2026 A refund is a state transition that creates a new record on the post- settlement chain: funds previously transferred to a payee are returned in full, in part, or the return request is denied. The operational and regulatory significance of this state transition is load-bearing: * Under UK Consumer Rights Act 2015 and EU Consumer Rights Directive 2011/83/EU Article 9, a FULL refund within the statutory window closes the consumer's right to further remedy. * Under PSD2 (Directive 2015/2366) Article 89, an unauthorised payment must be refunded immediately or rejected with documented reasons. A REJECTED outcome creates dispute-evidence obligations distinct from a FULL or PARTIAL outcome. * Under UK POCA 2002 and EU AML Directives 5/6, a refund triggered by post-settlement sanctions screening or fraud detection requires audit-chain linkage to the original compliance receipt for retention-period audit by competent authorities. A receipt format that collapses these distinctions to a continuous amount-only representation loses the load-bearing operational distinction. This document specifies a refund receipt format that preserves the categorical outcome at the canonical-bytes level. The same canonicalisation discipline and audit-chain semantics as draft- hopley-x402-compliance-receipt apply, so a verifier can use one implementation to walk the entire payment lifecycle. 1.2. Scope This document specifies: * The canonical JSON shape of the refund receipt (Section 3) * The canonicalisation rule applicable to the receipt (Section 4) * The audit chain composition under which refund receipts compose with compliance receipts and settlement records (Section 5) * The year-N auditability properties the format pins (Section 6) * Worked examples covering FULL, PARTIAL, and REJECTED outcomes (Appendix A) * Reference implementations and conformance vectors (Appendix B) The document does NOT specify: * The refund orchestration protocol (operator-layer concern; out of scope) * Dispute-resolution state machines (a refund receipt records one state transition; multi-party dispute orchestration is a separate problem class) Hopley Expires 1 December 2026 [Page 4] Internet-Draft x402-refund-receipt May 2026 * Cross-chain settlement mechanisms (an asset substitution between original payment and refund is permitted in the receipt format but the bridge mechanism is out of scope) * Card-network chargeback or interchange formats (ISO 8583 / ISO 20022 message families serve that purpose) 1.3. Relationship to other Internet-Drafts This document is one of a coordinated suite of five AlgoVoi-authored receipt and response format Internet-Drafts, all anchoring to the canonicalisation discipline specified in draft-hopley-x402- canonicalisation-jcs: * draft-hopley-x402-canonicalisation-jcs -- the JCS canonicalisation discipline pinned by Section 4 of this document. * draft-hopley-x402-compliance-receipt -- admission-time compliance screening receipt. A refund receipt's original_payment_ref MAY equal the content_hash of the compliance receipt that admitted the original payment. * draft-hopley-x402-settlement-attestation -- per-settlement categorical attestation. A refund receipt's original_payment_ref MAY equal the content_hash of a settlement attestation when the refund reverses a previously-SETTLED payment. * draft-hopley-x402-cancellation-receipt -- the mandate cancellation receipt format. A USER_REQUESTED cancellation under PSD2 Article 64 MAY chain forward to a refund receipt on the audit chain when Article 64 refund obligations attach to a recently-settled debit. * draft-hopley-x402-composite-trust-query -- verifier-side composite-trust-query response format. A verifier walking an audit chain containing a refund receipt emits a single composite- trust response over the chain. The five formats share the same canonicalisation pin, audit chain row shape, integer-millisecond timestamp encoding (Substrate Rule 2), jurisdiction_flags ordering convention, and closed-enumeration discipline. A verifier walking the full payment lifecycle requires only one implementation of the canonicalisation discipline. 1.4. Relationship to draft-vauban-x402-stark-receipts draft-vauban-x402-stark-receipts covers cryptographic settlement-time payment-condition proofs (STARK receipts). The refund receipt specified in this document MAY reference a STARK receipt as its original_payment_ref value: when a payment that was settled with a STARK proof is subsequently refunded, the refund receipt links back to the STARK-receipt content_hash and the verifier walks the chain across both formats under one canonicalisation pin. Hopley Expires 1 December 2026 [Page 5] Internet-Draft x402-refund-receipt May 2026 2. Conventions and Definitions 2.1. Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2.2. Definitions *refund receipt*: a JSON object of the shape specified in Section 3, canonicalised under the discipline specified in Section 4. *content_hash*: SHA-256, lowercase hex, of the JCS-canonical bytes of the receipt object. *original_payment_ref*: a string of the form sha256: identifying the original payment record by content hash. The original record MAY be a compliance receipt, a settlement attestation, or an operator-specific payment record. *refund_amount*: a two-field object {amount_minor, asset_id} representing the refunded value. amount_minor is a decimal-digit string in the asset's minor unit; asset_id identifies the asset and its decimal precision. *canon_version*: an in-band string identifying the canonicalisation discipline. Fixed value jcs-rfc8785-v1 for this version. *audit chain row*: a four-field object linking receipts via SHA-256 hash chain, shape specified in Section 5.1. 3. Receipt Format Specification A refund receipt is a JSON object with the following seven fields. All fields are REQUIRED. The receipt is canonicalised under RFC 8785 (JCS) per Section 4. Field names are sorted lexicographically by JCS during canonicalisation; the receipt object itself uses arbitrary authoring order. 3.1. refund_result A string-valued field. The value MUST be one of: * FULL -- the entire original payment amount has been returned to the payer. Hopley Expires 1 December 2026 [Page 6] Internet-Draft x402-refund-receipt May 2026 * PARTIAL -- less than the original payment amount has been returned. The refund_amount field carries the actual refunded value; the verifier compares against the original via original_payment_ref linkage. * REJECTED -- a refund request was processed and denied. No funds moved. The receipt records the denial event so downstream dispute / chargeback chains can reference it. The three-element enumeration is closed. Implementations MUST reject any other value at validation time before canonicalisation. Score, percentage, or amount-only projections are not acceptable substitutes for the categorical outcome. The regulatory distinction is load-bearing. Under PSD2 (Directive 2015/2366) Article 89, a payer denied a refund (REJECTED) must receive a documented denial; this is operationally distinct from a PARTIAL refund where some-but-not-all of the original amount has been returned. Under UK Consumer Rights Act 2015 and EU Consumer Rights Directive 2011/83/EU Article 9, only a FULL refund within the statutory window closes the consumer's right to further remedy. A percentage or amount-only representation cannot preserve these distinctions. 3.2. jurisdiction_flags An ordered array of string-valued ISO-3166-1 alpha-2 country codes or alpha-3 region codes identifying the applicable regulatory frameworks for the refund event. Authoring convention: primary jurisdiction first (where the operating entity is licensed), secondary jurisdictions in order of regulatory precedence. Array element ORDER is SIGNIFICANT and load-bearing. RFC 8785 does not normalise array order during canonicalisation. The array ["UK", "EU"] and the array ["EU", "UK"] produce byte-distinct canonical representations and distinct content_hash values. 3.3. original_payment_ref A string-valued field of the form sha256:. The hex digest is SHA-256 of the JCS-canonical bytes of the original payment record being refunded. Hopley Expires 1 December 2026 [Page 7] Internet-Draft x402-refund-receipt May 2026 When refunding a payment that was admitted under a compliance receipt (per draft-hopley-x402-compliance-receipt), the original_payment_ref MAY equal the content_hash of the compliance receipt itself. This is the conventional choice and enables the audit-chain composition described in Section 5. When refunding a payment that was settled with a STARK proof (per draft-vauban-x402-stark-receipts), the original_payment_ref MAY equal the content_hash of the STARK receipt. Implementations MUST NOT strip the sha256: prefix during canonicalisation or verification. The prefix is part of the canonical bytes. 3.4. refund_amount A sub-object with exactly two fields: * amount_minor -- a string of decimal digits representing the refunded value in the asset's minor unit. String typing avoids float-precision loss and JavaScript-integer-overflow concerns for large values, and is representable losslessly under JCS. * asset_id -- a string identifying the asset and its decimal precision. Convention: . for chain-native assets (e.g. USDC.6, ALGO.6, ETH.18); :. for ASA-style assets (e.g. algo:31566704.6). The sub-object's keys are sorted lexicographically by RFC 8785 during canonicalisation: amount_minor then asset_id. Verifiers MUST treat {"amount_minor":"100000","asset_id":"USDC.6"} as equivalent to the same content produced by an authoring layer that emitted fields in asset_id-first order; JCS canonicalisation removes the distinction. For a PARTIAL refund, refund_amount carries the actual refunded value. For a FULL refund, refund_amount carries the entire original payment amount. For a REJECTED refund, refund_amount carries the amount that WOULD have been refunded had the request been accepted (the requested-but-denied amount), enabling the denial-evidence chain to capture the operational claim. Cross-asset refunds (where the refund asset differs from the original payment asset, e.g. paid in USDC on Base, refunded in USDC on Solana) are permitted: refund_amount.asset_id MAY differ from the asset of the original payment. The cross-chain mechanism by which the substitution is achieved is out of scope of this document. Hopley Expires 1 December 2026 [Page 8] Internet-Draft x402-refund-receipt May 2026 3.5. refund_provider_did A string-valued DID URI identifying the entity issuing the refund. For Verifiable-Credentials-class identities this is the issuer DID; for centralised gateway-class identities this is did:web:. 3.6. refund_timestamp_ms An integer-valued field carrying the epoch-millisecond timestamp of the refund event in UTC. This field MUST be an integer in the canonical receipt. RFC 3339 string forms (e.g. "2026-05-28T12:00:00Z") MUST be rejected at the validation layer before canonicalisation; silent type-coercion breaks year-N auditability and cross-implementation byte-determinism. The integer-only restriction is required because RFC 8785 canonicalises the integer 1716494400000 and the string "1716494400000" to distinct canonical-bytes representations. A receipt format that accepted both forms could produce two byte- distinct receipts for the same logical refund event, breaking the dedup and audit-chain linkage properties. This rule is formalised in x402-foundation/x402 pull request #2436 (canonicalisation discipline), normatively specified in draft-hopley- x402-canonicalisation-jcs Section 4.1, and is referred to in the AlgoVoi substrate as Substrate Rule 2. 3.7. canon_version A string-valued in-band canonicalisation rule pin. For this version of the receipt format the value MUST be jcs-rfc8785-v1. The pin enables year-N re-verification from retained bytes alone. A future revision of the canonicalisation discipline MAY introduce a successor pin (e.g. jcs-rfc8785-v2); a verifier reading a receipt with the successor pin applies the corresponding rule. The pin is itself canonicalised and signed-over so it cannot be silently re- narrated post-emission. 4. Canonicalisation The refund receipt MUST be canonicalised under JSON Canonicalization Scheme (JCS) as specified in [RFC8785]. The canonicalisation discipline pinned by this document is: urn:x402:canonicalisation:jcs-rfc8785-v1 Hopley Expires 1 December 2026 [Page 9] Internet-Draft x402-refund-receipt May 2026 This discipline mandates: * RFC 8785 canonical JSON for the receipt object. * UTF-8 encoding with no byte-order mark. * Object keys sorted lexicographically by code point at every level (per RFC 8785 Section 3.2.3). * Array element order preserved (per RFC 8785 Section 3.2.3). * Numeric values canonicalised per RFC 8785 Section 3.2.2.3. * Integer-only encoding for refund_timestamp_ms (Substrate Rule 2), applied at the validation layer before canonicalisation. The discipline pinned here is identical to that pinned by draft- hopley-x402-compliance-receipt Section 4, normatively specified in draft-hopley-x402-canonicalisation-jcs, and to the canonicalisation specification at x402-foundation/x402 specs/canonicalisation.md (PR #2436). The discipline is byte-for-byte cross-validated across eight independent JCS implementations in eight programming languages per the AlgoVoi conformance attestation dated 2026-05-24: [AlgoVoi-JCS- 8-impl]. 5. Audit Chain Composition A refund receipt MAY participate in an audit chain alongside compliance receipts and other receipt classes that pin the same canonicalisation discipline. 5.1. Chain Row Shape An audit chain row is a JSON object with four fields: { "row_number": 1, "content_hash": "", "prev_hash": "", "row_content_hash": "" } * row_number: integer, 1-indexed. * content_hash: SHA-256, lowercase hex, of the JCS-canonical bytes of the receipt object anchored by this row. * prev_hash: SHA-256, lowercase hex, of the previous row's row_content_hash. For row 1, prev_hash MUST be 64 zero hex characters (0000...0000). Hopley Expires 1 December 2026 [Page 10] Internet-Draft x402-refund-receipt May 2026 * row_content_hash: SHA-256, lowercase hex, of the JCS-canonical bytes of this row object (with row_content_hash itself excluded from the JCS computation; the row's first three fields {row_number, content_hash, prev_hash} are canonicalised and hashed to produce row_content_hash). This row shape is identical to the audit-chain row shape specified in draft-hopley-x402-compliance-receipt Section 5.1. The two documents pin the same chain composition so receipts of either class can be linked into one verifiable chain. 5.2. Linkage Verification A verifier reading a chain segment performs these checks: * For each row, recompute the row's row_content_hash from its first three fields under JCS and compare against the stored value. Mismatch indicates row tampering. * For each row N > 1, check that row N's prev_hash equals row N-1's row_content_hash. Mismatch indicates chain truncation, reordering, or row deletion. * For row 1, check that prev_hash is 64 zero hex characters (the chain genesis anchor). * For each row, optionally fetch the receipt body whose content_hash is referenced and verify the body re-canonicalises to the same hash. This step is required for receipt-level audit but optional for row-level chain integrity. A chain that passes all of the above is byte-deterministically verifiable from retained bytes alone, with no dependence on the originating gateway's continued operation. 5.3. Composition with Compliance Receipts When a refund receipt references a compliance receipt via original_payment_ref, the audit-chain composition is: chain row N chain row N+1 +------------+ +------------+ | compliance |-->| refund | | receipt | | receipt | | (content_ | | (content_ | | hash) | | hash) | +------------+ +------------+ Hopley Expires 1 December 2026 [Page 11] Internet-Draft x402-refund-receipt May 2026 Row N anchors the compliance receipt (admission decision). Row N+1 anchors the refund receipt; the refund receipt's original_payment_ref equals the content_hash of the compliance receipt anchored by row N. The chain row N+1's prev_hash equals row N's row_content_hash. A verifier walking this segment confirms: 1. The compliance receipt admitted the original payment. 2. The refund receipt links to that admission via original_payment_ref. 3. The chain rows preserve hash-linkage with no truncation or reordering. The same composition extends to longer chains: multi-leg PARTIAL refunds, refund reversals (refund-of-refund), and disputed REJECTED refunds with subsequent re-evaluation each contribute one or more rows to the chain. 5.4. Retention Storage Retention storage of refund receipts and their audit chains is out of scope of this document. Operators MUST retain receipts for the period required by applicable regulatory frameworks (UK Consumer Rights Act 2015 disclosure period; PSD2 Article 89 dispute window; MiCA Article 80 records retention; AMLR Article 56 records retention). Object Lock COMPLIANCE-mode retention on object stores supporting WORM retention (Amazon S3, Backblaze B2, Cloudflare R2) is a practical implementation; refund receipts and their audit-chain rows MUST NOT be modifiable during the retention period. 6. Year-N Auditability Properties This receipt format preserves the following properties so that retained bytes are independently verifiable years after emission, without dependence on the originating gateway's continued operation. 1. *Self-describing canonicalisation pin.* The canon_version field is an in-band identifier (jcs-rfc8785-v1) so a verifier reading retained bytes can determine which canonicalisation rule to apply. 2. *No external rule registry required.* The canonical bytes produced under jcs-rfc8785-v1 are RFC 8785 plus the integer- millisecond timestamp encoding rule (Substrate Rule 2). Both rules are specified in this document and in draft-hopley-x402- compliance-receipt; neither requires the operator to continue to publish a canonicalisation rule registry. Hopley Expires 1 December 2026 [Page 12] Internet-Draft x402-refund-receipt May 2026 3. *Cross-implementation verifiability.* The JCS RFC 8785 canonicalisation discipline has been byte-for-byte cross- validated across eight independent reference implementations in eight programming languages: Python (rfc8785), TypeScript (canonicalize), Go (gowebpki/jcs), Rust (serde_jcs), Java (cyberphone/json-canonicalization, authored by Anders Rundgren, RFC 8785 editor), PHP (root23/php-json-canonicalization), C#/.NET (Baqhub.Packages.JsonCanonicalization), and Ruby (json- canonicalization). 192/192 byte-for-byte agreements across 24 vectors in 3 anchor sets. The attestation record is published at [AlgoVoi-JCS-8-impl]. A verifier built with any of these eight implementations produces identical canonical bytes for any refund receipt under this format. 4. *Tamper detection.* Per-row content_hash and chain prev_hash linkage (Section 5) detect single-row tampering and chain truncation / reordering respectively. 5. *Regulatory distinction preserved.* The closed enumeration on refund_result (Section 3.1) preserves the load-bearing distinction between FULL, PARTIAL, and REJECTED for the full retention period. 6. *Compositional verifiability.* A refund receipt's original_payment_ref MAY reference any other receipt class that pins the same canonicalisation discipline (compliance receipt, STARK receipt, settlement attestation). The verifier needs only one canonicalisation implementation to walk the full payment lifecycle. 7. Composition with Other x402 Substrate This receipt format composes with other elements of the x402 substrate: 7.1. Compliance Receipt Linkage The conventional original_payment_ref target for an admission-then- refund flow is the content_hash of the compliance receipt that admitted the original payment under draft-hopley-x402-compliance- receipt. The two receipts compose into one audit-chain segment that records the full admission-through- refund lifecycle. See Section 5.3. Hopley Expires 1 December 2026 [Page 13] Internet-Draft x402-refund-receipt May 2026 7.2. STARK Receipt Linkage When a payment was settled with a STARK proof per draft-vauban-x402- stark-receipts, the refund receipt's original_payment_ref MAY equal the content_hash of the STARK receipt. The verifier confirms the STARK-proven settlement and the subsequent refund event under one canonicalisation pin. 7.3. Composite Trust-Query Multiple emitters' attestations may participate in a composite trust- query per x402-foundation/x402 pull request #2440. A refund provider's attestation row in a composite-trust-query MAY reference a refund receipt's content_hash as the underlying evidence. 8. IANA Considerations 8.1. URN Namespace Registration This document references the URN urn:x402:canonicalisation:jcs- rfc8785-v1 registered by draft-hopley-x402-canonicalisation-jcs Section 10.1. No additional URN namespace registration is required by this document. 8.2. Receipt Format Identifier This document defines the receipt format identifier: urn:x402:receipt:refund-v1 This identifier MAY be used by composite-trust-query implementations (per x402-foundation/x402 PR #2440) to refer to refund receipts as a class. Registration with IANA is requested under the x402- foundation/x402 receipt-format identifier namespace. 9. Security Considerations 9.1. Receipt Tampering A refund receipt's content_hash is the SHA-256 of its JCS-canonical bytes. Tampering with any field of the receipt produces a different content_hash; the tampered receipt fails verification against any audit-chain row that references the original content_hash. Hopley Expires 1 December 2026 [Page 14] Internet-Draft x402-refund-receipt May 2026 9.2. Chain Truncation and Reordering The audit chain prev_hash linkage (Section 5.2) detects truncation, reordering, or row deletion. A verifier walking the chain confirms that every row's prev_hash equals the previous row's row_content_hash; any deviation indicates chain integrity loss. 9.3. Double-Refund Attacks A malicious operator might attempt to issue two refund receipts for the same original payment, each linking to the same original_payment_ref. Detection requires the verifier to walk the chain forward from the compliance receipt and observe both refund rows; the chain itself does not prevent the double-issuance but makes it byte-detectable. Operators SHOULD enforce single-refund-per-payment at the operator- layer orchestration before emitting receipts. For PARTIAL refunds that genuinely require multiple legs (e.g. a customer returning two items from a single order), each leg's refund receipt MUST link to the original payment ref AND to the prior refund row to make the leg- sequence verifiable; the chain order encodes the cumulative refunded amount. 9.4. Cross-Asset Refund Substitution A refund receipt MAY refund in a different asset than the original payment. A verifier cannot determine equivalence-of-value between the original asset and the refund asset from the receipt alone; asset-substitution claims of equivalence require additional external evidence (price oracle attestations, settlement proofs) and are out of scope of this document. Operators substituting assets MUST disclose the substitution clearly to the payer at the time of the refund and MUST retain evidence of the equivalence claim under the same retention period as the receipt itself. 9.5. Operator Continuity Loss If the original refund-issuing operator becomes unavailable, the audit chain and its receipts MUST remain independently verifiable from retained bytes plus the eight reference implementations cited in Section 6. This document specifies year-N auditability properties so that operator continuity loss does not break verifiability. Hopley Expires 1 December 2026 [Page 15] Internet-Draft x402-refund-receipt May 2026 9.6. DID Resolution Compromise refund_provider_did is a DID URI. If the DID resolution infrastructure is compromised at verification time, the verifier MAY be unable to resolve the DID to an authoritative key. The receipt format MAY be combined with offline DID document snapshots (captured at the time of receipt emission and retained alongside the receipt) to make verification independent of live DID resolution. 9.7. Privacy The original_payment_ref field is content-addressed, not cleartext. A receipt does not leak payer identity, payee identity, or original payment amount on its face. The refund_amount field carries the refunded value but the original payment amount is not in the receipt; cross-receipt linkage (via original_payment_ref to a compliance receipt) is required to recover the original amount, and the linkage is itself content-addressed. Appendix A. References A.1. Normative References * [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. * [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017. * [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017. * [RFC8785] Rundgren, A., Jordan, B., and S. Erdtman, "JSON Canonicalization Scheme (JCS)", RFC 8785, DOI 10.17487/RFC8785, June 2020. * [RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017. A.2. Informative References * draft-hopley-x402-canonicalisation-jcs Hopley, C., "JCS Canonicalisation Discipline for Agentic-Payment Receipts", draft- hopley-x402-canonicalisation-jcs-v1, May 2026. * draft-hopley-x402-compliance-receipt Hopley, C., "Categorical Compliance Screening Receipt Format for Agentic-Payment Flows", draft-hopley-x402-compliance-receipt-01, May 2026. * draft-hopley-x402-settlement-attestation Hopley, C., "Categorical Settlement Attestation Format for Agentic-Payment Flows", draft- hopley-x402-settlement-attestation-00, May 2026. Hopley Expires 1 December 2026 [Page 16] Internet-Draft x402-refund-receipt May 2026 * draft-hopley-x402-cancellation-receipt Hopley, C., "Categorical Mandate Cancellation Receipt Format for Agentic-Payment Flows", draft-hopley-x402-cancellation-receipt-00, May 2026. * draft-hopley-x402-composite-trust-query Hopley, C., "Composite Trust Query Response Format for Agentic-Payment Audit Chains", draft-hopley-x402-composite-trust-query-00, May 2026. * draft-vauban-x402-stark-receipts (companion document on STARK receipt format). * AlgoVoi, "Substrate Adopters Registry", target="https://docs.algovoi.co.uk/adopters" (https://docs.algovoi.co.uk/adopters) * x402-foundation/x402 pull request #2436 -- canonicalisation discipline (AlgoVoi-authored normative section with subsequent review co-signatures from Vauban Pay and Arian Gogani). * x402-foundation/x402 pull request #2440 -- composite trust-query algorithm. * [AlgoVoi-JCS-8-impl] AlgoVoi, "Eight-implementation cross- validation attestation for JCS RFC 8785", 2026-05-24, target="https://github.com/chopmob-cloud/algovoi-jcs-conformance- vectors/blob/main/_attestations/2026-05-24-8-impl-cross- validation.md" (https://github.com/chopmob-cloud/algovoi-jcs- conformance-vectors/blob/main/_attestations/2026-05-24-8-impl- cross-validation.md) * [AlgoVoi-Substrate-Authorship] AlgoVoi, "Substrate Authorship and Provenance", target="https://docs.algovoi.co.uk/substrate- authorship-provenance" (https://docs.algovoi.co.uk/substrate- authorship-provenance) * UK Consumer Rights Act 2015. * EU Consumer Rights Directive 2011/83/EU, Article 9. * EU Payment Services Directive 2 (PSD2, Directive 2015/2366), Article 89 (unauthorised payment refunds). * UK Money Laundering Regulations 2017. * UK Proceeds of Crime Act 2002, Section 330. * EU Anti-Money Laundering Directive 5 (Directive (EU) 2018/843). * EU Anti-Money Laundering Directive 6 (Directive (EU) 2018/1673). * EU Markets in Crypto-Assets Regulation (MiCA, Regulation (EU) 2023/1114), Article 80. * EU Anti-Money Laundering Regulation (AMLR, Regulation (EU) 2024/1624), Article 56. Appendix B. Appendix A. Examples (Informative) The following example refund receipts illustrate the format. All three are canonicalised under jcs-rfc8785-v1 and produce the content_hashes pinned in the AlgoVoi refund_receipt_v1 conformance vector set. Hopley Expires 1 December 2026 [Page 17] Internet-Draft x402-refund-receipt May 2026 B.1. A.1. FULL refund under UK + EU joint jurisdiction { "canon_version": "jcs-rfc8785-v1", "jurisdiction_flags": ["UK", "EU"], "original_payment_ref": "sha256:0dd5d0b76c9b9281fdeb2509ad38ab132b16a17385ca01d976ff9e6e12563a0f", "refund_amount": {"amount_minor": "100000", "asset_id": "USDC.6"}, "refund_provider_did": "did:example:refund-provider-1", "refund_result": "FULL", "refund_timestamp_ms": 1716494400000 } Refunds 0.1 USDC (100000 minor units, 6 decimals) under joint UK + EU jurisdiction. The original_payment_ref references a payment record whose content_hash is the listed value (e.g. a compliance receipt from draft-hopley-x402-compliance-receipt). FULL closes the consumer's right to further remedy under UK Consumer Rights Act 2015 and EU Consumer Rights Directive 2011/83/EU Article 9. B.2. A.2. PARTIAL refund { "canon_version": "jcs-rfc8785-v1", "jurisdiction_flags": ["UK", "EU"], "original_payment_ref": "sha256:0dd5d0b76c9b9281fdeb2509ad38ab132b16a17385ca01d976ff9e6e12563a0f", "refund_amount": {"amount_minor": "100000", "asset_id": "USDC.6"}, "refund_provider_did": "did:example:refund-provider-1", "refund_result": "PARTIAL", "refund_timestamp_ms": 1716494400000 } refund_amount carries the actual refunded value; the verifier compares against the original via original_payment_ref to confirm the refund is strictly less than the original. PARTIAL does not close the consumer's right under consumer-rights statutes; further remedy may remain. B.3. A.3. REJECTED refund (PSD2 Article 89 dispute evidence) { "canon_version": "jcs-rfc8785-v1", "jurisdiction_flags": ["UK", "EU"], "original_payment_ref": "sha256:0dd5d0b76c9b9281fdeb2509ad38ab132b16a17385ca01d976ff9e6e12563a0f", "refund_amount": {"amount_minor": "100000", "asset_id": "USDC.6"}, "refund_provider_did": "did:example:refund-provider-1", "refund_result": "REJECTED", "refund_timestamp_ms": 1716494400000 } Hopley Expires 1 December 2026 [Page 18] Internet-Draft x402-refund-receipt May 2026 A refund request was processed and denied. refund_amount carries the requested-but-denied amount so the denial-evidence chain can record the operational claim. Under PSD2 Article 89, a payer denied a refund must receive a documented denial; this receipt fulfils that documentation obligation. Appendix C. Appendix B. Reference Implementations (Informative) The following open-source packages implement the format specified in this document. None of these implementations is privileged; the format is fully specified by Section 3. * algovoi-refund-receipt (Python) on PyPI: target="https://pypi.org/project/algovoi-refund-receipt/" (https://pypi.org/project/algovoi-refund-receipt/) Provides build_refund_receipt(). Depends on algovoi-substrate for the JCS canonicalisation primitive. Apache 2.0 licensed. * @algovoi/refund-receipt (TypeScript) on npm: target="https://www.npmjs.com/package/@algovoi/refund-receipt" (https://www.npmjs.com/package/@algovoi/refund-receipt) Byte-for- byte parity with the Python sibling. Depends on @algovoi/ substrate for the JCS canonicalisation primitive. Apache 2.0 licensed. * algovoi-substrate (Python) on PyPI: target="https://pypi.org/project/algovoi-substrate/" (https://pypi.org/project/algovoi-substrate/) Provides build_compliance_receipt() and the JCS canonicalisation primitive used by the refund receipt builder. Apache 2.0 licensed. * @algovoi/substrate (TypeScript) on npm: target="https://www.npmjs.com/package/@algovoi/substrate" (https://www.npmjs.com/package/@algovoi/substrate) Byte-for-byte parity with the Python substrate. Apache 2.0 licensed. * algovoi-audit-verifier (Python) on PyPI: target="https://pypi.org/project/algovoi-audit-verifier/" (https://pypi.org/project/algovoi-audit-verifier/) Implements the audit-chain verification logic (Section 5.2) including per-row content_hash recomputation and chain linkage walk. MIT licensed. * @algovoi/audit-verifier (TypeScript) on npm: target="https://www.npmjs.com/package/@algovoi/audit-verifier" (https://www.npmjs.com/package/@algovoi/audit-verifier) Byte-for- byte parity with the Python verifier. MIT licensed. Cross-implementation conformance vectors are published at: Hopley Expires 1 December 2026 [Page 19] Internet-Draft x402-refund-receipt May 2026 target="https://github.com/chopmob-cloud/algovoi-jcs-conformance- vectors" (https://github.com/chopmob-cloud/algovoi-jcs-conformance- vectors) The refund_receipt_v1 vector set is at vectors/refund_receipt_v1/ and includes eight byte-level reference vectors, five pair invariants, and three chain invariants. The eight-implementation cross-validation attestation records dated 2026-05-24 (JCS canonicalisation layer and RFC 9421 transport layer) apply to refund receipts as they do to compliance receipts. Appendix D. Appendix C. Acknowledgments This document, the receipt format it specifies, and the conformance vectors derived from it are AlgoVoi-authored work. Substrate authorship history, including production code anchored on 2026-04-12 and the eight-implementation cross-validation attestation records, is catalogued at target="https://docs.algovoi.co.uk/substrate- authorship-provenance" (https://docs.algovoi.co.uk/substrate- authorship-provenance). The canonicalisation discipline pinned by Section 4 (urn:x402: canonicalisation:jcs-rfc8785-v1) is normatively specified in draft- hopley-x402-canonicalisation-jcs-v1. The integer-millisecond canonical timestamp convention (Substrate Rule 2 of that document) used by every timestamp field in this refund receipt format was first posted publicly on x402-foundation/x402 issue #2357 on 2026-05-20 by Andy Salvo (Crest Deployment Systems LLC). The conformance vector 0009 (field-name-load-bearing) on x402-foundation/x402 pull request #2398, also contributed by Andy Salvo, demonstrates the same invariant from the work-receipt layer. The canonicalisation discipline was earlier explored in x402- foundation/x402 pull request #2436 (closed 2026-05-24), reviewed at that time by seritalien (Vauban Pay, APPROVED 2026-05-22) and arian- gogani (Arian Gogani, LGTM). The framework-bound-retention scoping clause in that discipline was contributed by feedoracle (FeedOracle). This document is the post-settlement companion to the admission-time compliance receipt format specified in draft-hopley-x402-compliance- receipt by the same author. The two documents share the same canonicalisation pin, audit-chain shape, and integer-millisecond timestamp encoding so that a verifier walking the full payment lifecycle requires only one implementation of the canonicalisation discipline. Hopley Expires 1 December 2026 [Page 20] Internet-Draft x402-refund-receipt May 2026 Author's Address Christopher Hopley AlgoVoi Email: chopmob@gmail.com Hopley Expires 1 December 2026 [Page 21]