Open console →

Receipts

The one-sentence version

A Plumb receipt is proof that an AI gave you a specific answer, at a specific cost, at a specific time — signed by the Plumb operator so no one can forge it.

Why they matter

Think of it like a real-world receipt from a store. Before receipts existed, you had no way to prove you bought something. You'd tell the store "I bought a toaster here last week" and they'd shrug. Receipts solved that. They're short, they're signed (the cashier's initials, the register ID), and you can hand one over as proof.

Most AI services don't give you receipts. You send a prompt, you get a response, you pay. If the provider later says "we never ran that" — or if they swapped your expensive model for a cheap one and pocketed the difference — you have no way to push back.

Plumb receipts fix that. Every answer comes with one. You keep yours. If anything's in dispute, you hand it over and the math either proves your story or it doesn't. No arguing with support, no trust required.

What's in a receipt

When you ask Plumb a question, the answer comes back as usual. Alongside it, the server records a receipt that looks like this:

id:          c7f3e0a4-5b82-4a1c-9c8e-1d2e3f4a5b6c
who:         your wallet address
model:       anthropic/claude-sonnet-4.5
cost:        482,000 micro-PLMB (about half a credit)
time:        2026-04-22 at 18:30:15 UTC
question →   fingerprint: 0x7a1b2c…
answer   →   fingerprint: 0xabcdef…
signature:   (long cryptographic stamp)

A few things to notice:

  • Your question and answer aren't in the receipt. Just their fingerprints — short strings that change completely if even one character of the original text changes. This means the receipt is small and doesn't leak your prompt text, but you can still prove later "yes, this was my exact question."
  • The signature is the magic. It's a small piece of cryptography that anyone can check. It says "yes, the Plumb server with this specific identity produced this receipt." Nobody else can forge it, and changing any field invalidates the signature.
  • The cost is in micro-PLMB. PLMB is Plumb's credit unit — like arcade tokens. One PLMB = one million micro-PLMB. The receipt records the exact amount you were charged.

What a receipt proves

If the signature checks out, you've proven four things at once:

  1. The answer came from the Plumb server you're talking to (nobody made it up).
  2. The answer was produced by the specific model named in the receipt (no silent bait-and-switch).
  3. You were charged exactly the amount in the receipt (no surprise fees).
  4. The receipt was produced at the time it says (no backdating).

That's a strong set of guarantees for a small piece of data.

What a receipt doesn't prove

Being honest about limits:

  • It doesn't prove the model's answer is correct. AI models hallucinate. A receipt proves the response was served, not that it's true.
  • It doesn't protect you against the Plumb operator. If the operator is lying — e.g., secretly running a cheaper model and claiming it's the expensive one — the signature will still be valid for whatever the operator signed. The receipt proves what the operator committed to; it doesn't prove the operator is honest.
  • Upgrades to close the second gap are on the roadmap. "TEE attestation" (think: a tamper-evident hardware seal around the server) would prove the server ran the claimed model, not just that it said it did. That's future work.

How to check a receipt

Two ways.

The easy way: open the receipt in the explorer and click a button.

Every receipt has a public URL like https://explorer.plumbtech.xyz/receipt/<id>. Open it, click Verify signature, and your browser does the math in about 50 milliseconds. Green check = valid, red X = invalid or tampered.

The code way: if you're writing software, three lines of Python:

from plumb_sdk import Client

c = Client(base_url="https://api.plumbtech.xyz")
rcpt = c.receipts.get("c7f3e0a4-...")
assert c.verify_receipt(rcpt)  # True if genuine

Both paths end up doing the same math. See Verification for the full story.

The on-chain part

Every couple of minutes, Plumb rolls up all recent receipts into a "batch" and records a summary of that batch on the Base blockchain. The summary is tiny — not the full receipts, just a cryptographic fingerprint that commits to the whole batch at once.

Why? Because a receipt signed by the Plumb operator is only as trustworthy as the operator. If the operator disappears, you want a backup: something independent of Plumb that confirms the receipt existed. The blockchain is that backup. Once the batch summary is on Base, nobody — not even the Plumb team — can erase it.

Your receipt eventually picks up a settlement_tx_hash field pointing to the exact on-chain transaction that committed its batch. You can look that transaction up on Blockscout (a free block explorer) and see the record. See Settlement for the details.

For developers

The exact byte format that gets signed is a small text-based "canonical payload" in a format called v1. The signature is ed25519, a widely-used public-key signature scheme. The fingerprints are SHA-256 hashes. The batch summary committed on-chain is a Merkle root built with OpenZeppelin's StandardMerkleTree.

If you care about exactly how the bytes are laid out or which libraries we use, the reference version of this page and the Verification deep dive have the full details. If you just wanted to know what a receipt is and why it matters, you're done.