| Project site & docs | agentreceipts.ai |
| API reference | Go · TypeScript · Python |
| Blog | Your AI Agent Just Sent an Email · Every MCP Tool Call My AI Makes Now Gets a Signed Receipt |
| Go | sdk/go · mcp-proxy · dashboard |
| npm | @agnt-rcpt/sdk-ts |
| PyPI | agent-receipts |
The fastest way to try Agent Receipts is to put mcp-proxy/ in front of an MCP server you already use.
In one step, you get:
- Signed receipts for every tool call
- A tamper-evident audit chain you can verify later
- Risk scoring and policy hooks without changing the client or server
If you want to audit GitHub MCP in a real agent workflow, start with:
Agent Receipts is an open protocol and set of SDKs for producing cryptographically signed, tamper-evident records of AI agent actions. Every action an agent takes -- API calls, tool use, data access -- gets a verifiable receipt that can be audited later.
| Project | Description |
|---|---|
docs/adr/ |
Architecture Decision Records |
spec/ |
Protocol specification, JSON schemas, governance |
sdk/go/ |
Go SDK |
sdk/ts/ |
TypeScript SDK |
sdk/py/ |
Python SDK |
mcp-proxy/ |
MCP proxy with receipt signing, policy engine, intent tracking |
cross-sdk-tests/ |
Cross-language verification tests |
| dashboard | Local web UI for browsing and verifying receipt databases |
| openclaw | Agent Receipts plugin for OpenClaw |
Install the proxy:
go install github.com/agent-receipts/mcp-proxy/cmd/mcp-proxy@latestWrap any MCP server:
mcp-proxy node /path/to/mcp-server.jsThen point your agent client at the proxy instead of the raw server:
Once your agent makes tool calls, inspect the signed audit trail:
mcp-proxy list
mcp-proxy inspect <receipt-id>
mcp-proxy verify --key pub.pem <chain-id>go get github.com/agent-receipts/ar/sdk/goimport receipt "github.com/agent-receipts/ar/sdk/go/receipt"
r, _ := receipt.New(receipt.WithAction("tool_call", payload))
signed, _ := r.Sign(privateKey)npm install @agnt-rcpt/sdk-tsimport { Receipt } from "@agnt-rcpt/sdk-ts";
const receipt = await Receipt.create({ action: "tool_call", payload });
const signed = await receipt.sign(privateKey);pip install agent-receiptsfrom agent_receipts import Receipt
receipt = Receipt.create(action="tool_call", payload=payload)
signed = receipt.sign(private_key)See CONTRIBUTING.md for development setup and PR guidelines.
See SECURITY.md to report vulnerabilities. The threat model documents trust boundaries, in-scope and out-of-scope threats, and the mitigation roadmap.
Apache License 2.0 -- see LICENSE.
The protocol specification in spec/ is licensed under MIT.