Skillget

obsigna

mcp
Security Audit
Pass
Health Pass
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 18 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool provides a protocol and SDKs for generating cryptographically signed, tamper-evident audit trails for actions performed by AI agents. It is designed to help developers securely track and verify agent interactions.

Security Assessment
The overall risk is Low. The automated code scan reviewed 12 files and found no dangerous patterns, hardcoded secrets, or requests for excessive permissions. As an audit and proxy tool, it handles action data and uses cryptography, but it does not appear to execute arbitrary or hidden shell commands. The tool requires standard network capabilities to function as a proxy and interact with external APIs, but it does not access inherently sensitive local data like private keys beyond what is explicitly passed by the user for signing.

Quality Assessment
The project is actively maintained, with its last code push occurring today. It uses the permissive Apache-2.0 license, includes clear documentation, and runs continuous integration tests across Go, TypeScript, and Python. However, community adoption is currently very low, with only 5 GitHub stars. Because of this low visibility, the tool has not been widely battle-tested or vetted by a large audience.

Verdict
Use with caution. While the code is clean, safe, and actively maintained, its extremely low community visibility means it should be evaluated carefully before relying on it in production environments.
SUMMARY

Agent Receipts — cryptographically signed audit trails for AI agent actions. Protocol spec, SDKs (Go, TypeScript, Python), and MCP proxy.

README.md

Agent Receipts

Cryptographically signed audit trails for AI agent actions

Go Tests
TS Tests
Python Tests
License: Apache-2.0
Project site & docs agentreceipts.ai
Daemon setup & migration guide agentreceipts.ai/getting-started/daemon-setup/
API reference Go · TypeScript · Python
Blog Your AI Agent Just Sent an Email · Every MCP Tool Call My AI Makes Now Gets a Signed Receipt
Go sdk/go · mcp-proxy · dashboard
npm @agnt-rcpt/sdk-ts
PyPI agent-receipts

Start here

The fastest way to try Agent Receipts is to put mcp-proxy/ in front of an MCP server you already use.

In one step, you get:

  • Signed receipts for every tool call
  • A tamper-evident audit chain you can verify later
  • Risk scoring and policy hooks without changing the client or server

If you want to audit GitHub MCP in a real agent workflow, start with:

What is this?

Agent Receipts is an open protocol and set of SDKs for producing cryptographically signed, tamper-evident records of AI agent actions. Every action an agent takes -- API calls, tool use, data access -- gets a verifiable receipt that can be audited later.

How it works: Authorize → Act → Sign → Link → Audit

Project layout

Project Description
docs/adr/ Architecture Decision Records
spec/ Protocol specification, JSON schemas, governance
sdk/go/ Go SDK
sdk/ts/ TypeScript SDK
sdk/py/ Python SDK
daemon/ Signing daemon — out-of-process key custody, shared audit chain
mcp-proxy/ MCP proxy with receipt signing, policy engine, intent tracking
cross-sdk-tests/ Cross-language verification tests
dashboard Local web UI for browsing and verifying receipt databases
openclaw Agent Receipts plugin for OpenClaw

10-minute audited MCP quick start

Install the proxy:

go install github.com/agent-receipts/mcp-proxy/cmd/mcp-proxy@latest

Wrap any MCP server:

mcp-proxy node /path/to/mcp-server.js

Then point your agent client at the proxy instead of the raw server:

Once your agent makes tool calls, inspect the signed audit trail:

mcp-proxy list
mcp-proxy inspect <receipt-id>
mcp-proxy verify --key pub.pem <chain-id>

SDK quick start

Not for production. The snippets below keep the signing key inside the
agent process. Anyone with code execution in the agent can forge receipts. For
real deployments, use the
daemon-mediated path,
where the daemon owns the key and your app only sends events over a socket.

Go

go get github.com/agent-receipts/ar/sdk/go

import "github.com/agent-receipts/ar/sdk/go/receipt"

keys, _ := receipt.GenerateKeyPair()
unsigned := receipt.Create(receipt.CreateInput{
    Issuer:    receipt.Issuer{ID: "did:agent:my-agent"},
    Principal: receipt.Principal{ID: "did:user:alice"},
    Action:    receipt.Action{Type: "filesystem.file.read", RiskLevel: receipt.RiskLow},
    Outcome:   receipt.Outcome{Status: receipt.StatusSuccess},
    Chain:     receipt.Chain{Sequence: 1, ChainID: "chain_1"},
})
signed, _ := receipt.Sign(unsigned, keys.PrivateKey, "did:agent:my-agent#key-1")

TypeScript

npm install @agnt-rcpt/sdk-ts

import {
  createReceipt,
  generateKeyPair,
  signReceipt,
} from "@agnt-rcpt/sdk-ts";

const keys = generateKeyPair();
const unsigned = createReceipt({
  issuer: { id: "did:agent:my-agent" },
  principal: { id: "did:user:alice" },
  action: { type: "filesystem.file.read", risk_level: "low" },
  outcome: { status: "success" },
  chain: { sequence: 1, previous_receipt_hash: null, chain_id: "chain_1" },
});
const signed = signReceipt(unsigned, keys.privateKey, "did:agent:my-agent#key-1");

Python

pip install agent-receipts

from agent_receipts import (
    create_receipt, generate_key_pair, sign_receipt,
    CreateReceiptInput, Issuer, Principal, Outcome, Chain,
)
from agent_receipts.receipt.create import ActionInput

keys = generate_key_pair()
unsigned = create_receipt(CreateReceiptInput(
    issuer=Issuer(id="did:agent:my-agent"),
    principal=Principal(id="did:user:alice"),
    action=ActionInput(type="filesystem.file.read", risk_level="low"),
    outcome=Outcome(status="success"),
    chain=Chain(sequence=1, previous_receipt_hash=None, chain_id="chain_1"),
))
signed = sign_receipt(unsigned, keys.private_key, "did:agent:my-agent#key-1")

See the Python SDK README for the full quick start and daemon delivery.

Contributing

See CONTRIBUTING.md for development setup and PR guidelines.

Security

See SECURITY.md to report vulnerabilities. The threat model documents trust boundaries, in-scope and out-of-scope threats, and the mitigation roadmap.

License

Apache License 2.0 -- see LICENSE.
The protocol specification in spec/ is licensed under MIT.

Reviews (0)

No results found