| Project site & docs | agentreceipts.ai |
| Daemon setup & migration guide | agentreceipts.ai/getting-started/daemon-setup/ |
| API reference | Go · TypeScript · Python |
| Blog | Your AI Agent Just Sent an Email · Every MCP Tool Call My AI Makes Now Gets a Signed Receipt |
| Go | sdk/go · mcp-proxy · dashboard |
| npm | @agnt-rcpt/sdk-ts |
| PyPI | agent-receipts |
The fastest way to try Agent Receipts is to put mcp-proxy/ in front of an MCP server you already use.
In one step, you get:
- Signed receipts for every tool call
- A tamper-evident audit chain you can verify later
- Risk scoring and policy hooks without changing the client or server
If you want to audit GitHub MCP in a real agent workflow, start with:
Agent Receipts is an open protocol and set of SDKs for producing cryptographically signed, tamper-evident records of AI agent actions. Every action an agent takes -- API calls, tool use, data access -- gets a verifiable receipt that can be audited later.
| Project | Description |
|---|---|
docs/adr/ |
Architecture Decision Records |
spec/ |
Protocol specification, JSON schemas, governance |
sdk/go/ |
Go SDK |
sdk/ts/ |
TypeScript SDK |
sdk/py/ |
Python SDK |
daemon/ |
Signing daemon — out-of-process key custody, shared audit chain |
mcp-proxy/ |
MCP proxy with receipt signing, policy engine, intent tracking |
cross-sdk-tests/ |
Cross-language verification tests |
| dashboard | Local web UI for browsing and verifying receipt databases |
| openclaw | Agent Receipts plugin for OpenClaw |
Install the proxy:
go install github.com/agent-receipts/mcp-proxy/cmd/mcp-proxy@latestWrap any MCP server:
mcp-proxy node /path/to/mcp-server.jsThen point your agent client at the proxy instead of the raw server:
Once your agent makes tool calls, inspect the signed audit trail:
mcp-proxy list
mcp-proxy inspect <receipt-id>
mcp-proxy verify --key pub.pem <chain-id>Not for production. The snippets below keep the signing key inside the agent process. Anyone with code execution in the agent can forge receipts. For real deployments, use the daemon-mediated path, where the daemon owns the key and your app only sends events over a socket.
go get github.com/agent-receipts/ar/sdk/goimport "github.com/agent-receipts/ar/sdk/go/receipt"
keys, _ := receipt.GenerateKeyPair()
unsigned := receipt.Create(receipt.CreateInput{
Issuer: receipt.Issuer{ID: "did:agent:my-agent"},
Principal: receipt.Principal{ID: "did:user:alice"},
Action: receipt.Action{Type: "filesystem.file.read", RiskLevel: receipt.RiskLow},
Outcome: receipt.Outcome{Status: receipt.StatusSuccess},
Chain: receipt.Chain{Sequence: 1, ChainID: "chain_1"},
})
signed, _ := receipt.Sign(unsigned, keys.PrivateKey, "did:agent:my-agent#key-1")npm install @agnt-rcpt/sdk-tsimport {
createReceipt,
generateKeyPair,
signReceipt,
} from "@agnt-rcpt/sdk-ts";
const keys = generateKeyPair();
const unsigned = createReceipt({
issuer: { id: "did:agent:my-agent" },
principal: { id: "did:user:alice" },
action: { type: "filesystem.file.read", risk_level: "low" },
outcome: { status: "success" },
chain: { sequence: 1, previous_receipt_hash: null, chain_id: "chain_1" },
});
const signed = signReceipt(unsigned, keys.privateKey, "did:agent:my-agent#key-1");pip install agent-receiptsfrom agent_receipts import (
create_receipt, generate_key_pair, sign_receipt,
CreateReceiptInput, Issuer, Principal, Outcome, Chain,
)
from agent_receipts.receipt.create import ActionInput
keys = generate_key_pair()
unsigned = create_receipt(CreateReceiptInput(
issuer=Issuer(id="did:agent:my-agent"),
principal=Principal(id="did:user:alice"),
action=ActionInput(type="filesystem.file.read", risk_level="low"),
outcome=Outcome(status="success"),
chain=Chain(sequence=1, previous_receipt_hash=None, chain_id="chain_1"),
))
signed = sign_receipt(unsigned, keys.private_key, "did:agent:my-agent#key-1")See the Python SDK README for the full quick start and daemon delivery.
See CONTRIBUTING.md for development setup and PR guidelines.
See SECURITY.md to report vulnerabilities. The threat model documents trust boundaries, in-scope and out-of-scope threats, and the mitigation roadmap.
Apache License 2.0 -- see LICENSE.
The protocol specification in spec/ is licensed under MIT.