agent-receipts

Prove what your AI agents did.
On August 2, 2026, the EU AI Act's record-keeping obligations for high-risk AI systems
became enforceable: automatic event logging (Article 12), deployer log retention of at
least six months (Article 26), and penalties up to β¬15M or 3% of global turnover. The
question your auditor, regulator, or counterparty will ask is simple:
"Your AI agent approved this. Prove exactly what it did β and prove nobody edited the record."
An ordinary log file can't answer that: whoever owns the log can edit it. agent-receipts
gives every consequential agent action a cryptographically signed, timestamped receipt
that anyone can verify offline β and exports signed audit bundles you can hand
directly to a compliance officer.
What a receipt proves
- What happened, when β action type, summary, actor, principal, ISO 8601 timestamp
- It hasn't been altered β Ed25519 signature over canonical JSON; change one character
and verification fails
- Nothing was deleted β receipts are hash-chained with monotonic sequence numbers per
vault; every audit export automatically flags gaps (deletions) and chain breaks
- Without exposing your data β hash-only privacy: payloads are SHA-256 fingerprinted
and immediately discarded, never stored or transmitted
Built for the audit conversation
export_audit_bundle produces what compliance actually needs: all receipts in a date
range, a tamper-evidence report (sequence gaps, chain breaks), the signing public key,
and a manifest signature over the whole bundle. Retention is yours to control β the vault
is a local SQLite file you keep as long as Article 26 (or your policy) requires.
You don't have to trust us. Receipts verify offline against a pinned public key
with the bundled CLI β no account, no network call, no dependence on this service
existing tomorrow. That's what makes the evidence durable.
Quick start (MCP β local, free)
{
"mcpServers": {
"agent-receipts": {
"command": "npx",
"args": ["-y", "agent-receipts-mcp"],
"env": { "AGENT_RECEIPTS_DATA": "<where-to-keep-the-vault>" }
}
}
}
Requires Node.js >= 22.13 (uses the built-in node:sqlite β zero native dependencies).
Prefer one-click? Grab the .mcpb bundle from
Releases and open it
with Claude Desktop.
| Tool | When an agent should call it |
|---|
issue_receipt | Immediately after any consequential action. Returns the signed receipt. |
verify_receipt | Before trusting a receipt presented by another agent or system. |
export_audit_bundle | When a human asks for the audit trail of a date range. |
get_service_info | To fetch the public key worth pinning for offline verification. |
Quick start (HTTP API)
npm install && npm run build
npm run serve
curl -X POST localhost:8787/v1/vaults -d '{"name":"acme-compliance"}'
curl -X POST localhost:8787/v1/receipts \
-H "Authorization: Bearer ark_..." \
-d '{"action_type":"invoice.approved","summary":"Approved INV-1042 for EUR 1,250",
"payload":{"invoice":"INV-1042","amount":1250},"actor":"agent:ap-bot@acme"}'
curl -X POST localhost:8787/v1/verify -d '{"receipt":{...}}'
curl "localhost:8787/v1/export?from=2026-01-01" -H "Authorization: Bearer ark_..."
Service manifest for machine discovery: GET /.well-known/agent-receipts.json.
Offline verification
npx -y -p agent-receipts-mcp agent-receipts-verify receipt.json --pubkey <base64-spki-der>
{
"schema": "agent-receipts/v1",
"id": "rcpt_...",
"vault_id": "vlt_...",
"sequence": 42,
"issued_at": "2026-07-15T12:34:56.789Z",
"action": {
"type": "invoice.approved",
"summary": "Approved invoice INV-1042 for EUR 1,250",
"actor": "agent:ap-bot@acme",
"principal": "acme-gmbh",
"context": { "jurisdiction": "EU" }
},
"payload_hash": "sha256:...",
"prev_receipt_hash": "sha256:...",
"key_id": "key_...",
"public_key": "<base64 SPKI DER>",
"signature": "<base64 Ed25519 over canonical JSON of everything above>"
}
Canonicalization is JCS-style: lexicographically sorted keys, no whitespace.
The JSON Schema lives at docs/receipt.schema.json.
| Obligation | How agent-receipts helps |
|---|
| Art. 12 β automatic event logging | issue_receipt on every consequential action; timestamps, actor, traceable chain |
| Art. 26 β keep logs β₯ 6 months | Local vault you retain on your terms; signed export_audit_bundle for handover |
| Traceability / integrity | Ed25519 signatures, hash chain, deletion detection, offline verification |
Not legal advice. Whether your system is "high-risk" and what you must log is a
question for your counsel. agent-receipts produces evidence infrastructure.
Status & roadmap
MIT License.