{"id":50779346,"url":"https://github.com/agent-receipts/obsigna","last_synced_at":"2026-06-12T02:01:26.754Z","repository":{"id":348672220,"uuid":"1199287528","full_name":"agent-receipts/obsigna","owner":"agent-receipts","description":"Agent Receipts — cryptographically signed audit trails for AI agent actions. Protocol spec, SDKs (Go, TypeScript, Python), and MCP proxy.","archived":false,"fork":false,"pushed_at":"2026-06-10T10:27:21.000Z","size":10532,"stargazers_count":18,"open_issues_count":38,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-10T12:15:12.165Z","etag":null,"topics":["agent-receipts","ai","ai-agents","audit","cryptography","ed25519","golang","mcp","model-context-protocol","python","receipts","security","typescript","verifiable-credentials","w3c-vc"],"latest_commit_sha":null,"homepage":"https://agentreceipts.ai","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agent-receipts.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-02T07:53:51.000Z","updated_at":"2026-06-10T07:34:37.000Z","dependencies_parsed_at":"2026-06-08T11:03:06.796Z","dependency_job_id":null,"html_url":"https://github.com/agent-receipts/obsigna","commit_stats":null,"previous_names":["agent-receipts/agent-receipts","agent-receipts/obsigna"],"tags_count":139,"template":false,"template_full_name":null,"purl":"pkg:github/agent-receipts/obsigna","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agent-receipts%2Fobsigna","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agent-receipts%2Fobsigna/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agent-receipts%2Fobsigna/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agent-receipts%2Fobsigna/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agent-receipts","download_url":"https://codeload.github.com/agent-receipts/obsigna/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agent-receipts%2Fobsigna/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34225351,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-receipts","ai","ai-agents","audit","cryptography","ed25519","golang","mcp","model-context-protocol","python","receipts","security","typescript","verifiable-credentials","w3c-vc"],"created_at":"2026-06-12T02:01:25.799Z","updated_at":"2026-06-12T02:01:26.745Z","avatar_url":"https://github.com/agent-receipts.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Agent Receipts\n\n**Cryptographically signed audit trails for AI agent actions**\n\n[![Go Tests](https://github.com/agent-receipts/ar/actions/workflows/sdk-go.yml/badge.svg)](https://github.com/agent-receipts/ar/actions/workflows/sdk-go.yml)\n[![TS Tests](https://github.com/agent-receipts/ar/actions/workflows/sdk-ts.yml/badge.svg)](https://github.com/agent-receipts/ar/actions/workflows/sdk-ts.yml)\n[![Python Tests](https://github.com/agent-receipts/ar/actions/workflows/sdk-py.yml/badge.svg)](https://github.com/agent-receipts/ar/actions/workflows/sdk-py.yml)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)\n\n\u003c/div\u003e\n\n| | |\n|---|---|\n| **Project site \u0026 docs** | [agentreceipts.ai](https://agentreceipts.ai) |\n| **Daemon setup \u0026 migration guide** | [agentreceipts.ai/getting-started/daemon-setup/](https://agentreceipts.ai/getting-started/daemon-setup/) |\n| **API reference** | [Go](https://agentreceipts.ai/sdk-go/api-reference/) · [TypeScript](https://agentreceipts.ai/sdk-ts/api-reference/) · [Python](https://agentreceipts.ai/sdk-py/api-reference/) |\n| **Blog** | [Your AI Agent Just Sent an Email](https://jongerius.solutions/post/your-ai-agent-just-sent-an-email/) · [Every MCP Tool Call My AI Makes Now Gets a Signed Receipt](https://jongerius.solutions/post/auditing-github-mcp-agent-receipts/) |\n| **Go** | [sdk/go](https://pkg.go.dev/github.com/agent-receipts/ar/sdk/go) · [mcp-proxy](https://pkg.go.dev/github.com/agent-receipts/ar/mcp-proxy) · [dashboard](https://pkg.go.dev/github.com/agent-receipts/dashboard) |\n| **npm** | [@agnt-rcpt/sdk-ts](https://www.npmjs.com/package/@agnt-rcpt/sdk-ts) |\n| **PyPI** | [agent-receipts](https://pypi.org/project/agent-receipts/) |\n\n---\n\n## Start here\n\nThe fastest way to try Agent Receipts is to put [`mcp-proxy/`](mcp-proxy/) in front of an MCP server you already use.\n\nIn one step, you get:\n\n- Signed receipts for every tool call\n- A tamper-evident audit chain you can verify later\n- Risk scoring and policy hooks without changing the client or server\n\nIf you want to audit GitHub MCP in a real agent workflow, start with:\n\n- [Claude Desktop integration](https://agentreceipts.ai/mcp-proxy/claude-desktop/)\n- [Claude Code integration](https://agentreceipts.ai/mcp-proxy/claude-code/)\n- [Codex integration](https://agentreceipts.ai/mcp-proxy/codex/)\n\n## What is this?\n\nAgent Receipts is an open protocol and set of SDKs for producing cryptographically signed, tamper-evident records of AI agent actions. Every action an agent takes -- API calls, tool use, data access -- gets a verifiable receipt that can be audited later.\n\n\u003cpicture\u003e\n  \u003cimg alt=\"How it works: Authorize → Act → Sign → Link → Audit\" src=\".github/how-it-works.svg\"\u003e\n\u003c/picture\u003e\n\n## Project layout\n\n| Project | Description |\n|---------|-------------|\n| [`docs/adr/`](docs/adr/) | Architecture Decision Records |\n| [`spec/`](spec/) | Protocol specification, JSON schemas, governance |\n| [`sdk/go/`](sdk/go/) | Go SDK |\n| [`sdk/ts/`](sdk/ts/) | TypeScript SDK |\n| [`sdk/py/`](sdk/py/) | Python SDK |\n| [`daemon/`](daemon/) | Signing daemon — out-of-process key custody, shared audit chain |\n| [`mcp-proxy/`](mcp-proxy/) | MCP proxy with receipt signing, policy engine, intent tracking |\n| [`cross-sdk-tests/`](cross-sdk-tests/) | Cross-language verification tests |\n| [dashboard](https://github.com/agent-receipts/dashboard) | Local web UI for browsing and verifying receipt databases |\n| [openclaw](https://github.com/agent-receipts/openclaw) | Agent Receipts plugin for OpenClaw |\n\n## 10-minute audited MCP quick start\n\nInstall the proxy:\n\n```bash\ngo install github.com/agent-receipts/mcp-proxy/cmd/mcp-proxy@latest\n```\n\nWrap any MCP server:\n\n```bash\nmcp-proxy node /path/to/mcp-server.js\n```\n\nThen point your agent client at the proxy instead of the raw server:\n\n- [Claude Desktop setup](https://agentreceipts.ai/mcp-proxy/claude-desktop/)\n- [Claude Code setup](https://agentreceipts.ai/mcp-proxy/claude-code/)\n- [Codex setup](https://agentreceipts.ai/mcp-proxy/codex/)\n\nOnce your agent makes tool calls, inspect the signed audit trail:\n\n```bash\nmcp-proxy list\nmcp-proxy inspect \u003creceipt-id\u003e\nmcp-proxy verify --key pub.pem \u003cchain-id\u003e\n```\n\n## SDK quick start\n\n\u003e **Not for production.** The snippets below keep the signing key inside the\n\u003e agent process. Anyone with code execution in the agent can forge receipts. For\n\u003e real deployments, use the\n\u003e [daemon-mediated path](https://agentreceipts.ai/getting-started/daemon-setup/),\n\u003e where the daemon owns the key and your app only sends events over a socket.\n\n### Go\n\n```bash\ngo get github.com/agent-receipts/ar/sdk/go\n```\n\n```go\nimport \"github.com/agent-receipts/ar/sdk/go/receipt\"\n\nkeys, _ := receipt.GenerateKeyPair()\nunsigned := receipt.Create(receipt.CreateInput{\n    Issuer:    receipt.Issuer{ID: \"did:agent:my-agent\"},\n    Principal: receipt.Principal{ID: \"did:user:alice\"},\n    Action:    receipt.Action{Type: \"filesystem.file.read\", RiskLevel: receipt.RiskLow},\n    Outcome:   receipt.Outcome{Status: receipt.StatusSuccess},\n    Chain:     receipt.Chain{Sequence: 1, ChainID: \"chain_1\"},\n})\nsigned, _ := receipt.Sign(unsigned, keys.PrivateKey, \"did:agent:my-agent#key-1\")\n```\n\n### TypeScript\n\n```bash\nnpm install @agnt-rcpt/sdk-ts\n```\n\n```typescript\nimport {\n  createReceipt,\n  generateKeyPair,\n  signReceipt,\n} from \"@agnt-rcpt/sdk-ts\";\n\nconst keys = generateKeyPair();\nconst unsigned = createReceipt({\n  issuer: { id: \"did:agent:my-agent\" },\n  principal: { id: \"did:user:alice\" },\n  action: { type: \"filesystem.file.read\", risk_level: \"low\" },\n  outcome: { status: \"success\" },\n  chain: { sequence: 1, previous_receipt_hash: null, chain_id: \"chain_1\" },\n});\nconst signed = signReceipt(unsigned, keys.privateKey, \"did:agent:my-agent#key-1\");\n```\n\n### Python\n\n```bash\npip install agent-receipts\n```\n\n```python\nfrom agent_receipts import (\n    create_receipt, generate_key_pair, sign_receipt,\n    CreateReceiptInput, Issuer, Principal, Outcome, Chain,\n)\nfrom agent_receipts.receipt.create import ActionInput\n\nkeys = generate_key_pair()\nunsigned = create_receipt(CreateReceiptInput(\n    issuer=Issuer(id=\"did:agent:my-agent\"),\n    principal=Principal(id=\"did:user:alice\"),\n    action=ActionInput(type=\"filesystem.file.read\", risk_level=\"low\"),\n    outcome=Outcome(status=\"success\"),\n    chain=Chain(sequence=1, previous_receipt_hash=None, chain_id=\"chain_1\"),\n))\nsigned = sign_receipt(unsigned, keys.private_key, \"did:agent:my-agent#key-1\")\n```\n\nSee the [Python SDK README](sdk/py/README.md) for the full quick start and daemon delivery.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and PR guidelines.\n\n## Security\n\nSee [SECURITY.md](SECURITY.md) to report vulnerabilities. The [threat model](docs/threat-model.md) documents trust boundaries, in-scope and out-of-scope threats, and the mitigation roadmap.\n\n## License\n\nApache License 2.0 -- see [LICENSE](LICENSE).\nThe protocol specification in `spec/` is licensed under MIT.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagent-receipts%2Fobsigna","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagent-receipts%2Fobsigna","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagent-receipts%2Fobsigna/lists"}