The same signed receipt looks different depending on who you are. The holder sees the full record. The regulator sees the compliance-relevant slice. The counterparty sees only what concerns them. One canonical signature. Three audited views. No copies, no edits, no plausible deniability.
The full canonical receipt. Every field, every hash. Used for personal audit and dispute defense.
The compliance slice. Policy id, scope ceiling, spend totals, jurisdictional fields. No business secrets, no counterparty identities beyond what the regulation requires.
Their slice only. Receipt id, the resource transacted, the price and timestamp. None of the agent's other activity.
Most systems solve this with three different exports — the audit log for compliance, the customer copy for the counterparty, the back-office record for the holder. Drift is inevitable, and disputes turn into a fight about which record is real. ViewKey collapses that into one signed record. The signature is on the canonical payload. The lenses are deterministic projections of that payload. Everyone sees less, but they all see the same thing.