On March 5, 2026, Mastercard announced Verifiable Intent: an open-source cryptographic framework for proving AI agent transactions were authorized and executed as intended. Google, IBM, Fiserv, and Checkout.com signed on immediately.
That announcement matters because it confirms a hard truth many of us already hit in production: agent payments and autonomous actions cannot scale on trust alone. If an agent can move money, place trades, call APIs, and trigger external workflows, you need cryptographic evidence of what actually happened.
We built that independently before this announcement and shipped it live: Agent Action Receipts (AAR). It's an open spec, MIT-licensed SDK, and it's already attached to real API responses in production. This post covers the problem, the standard, and the exact TypeScript code to implement and verify receipts.
The Problem: Agents Act, But Nobody Can Prove It
AI agents now execute real-world operations: transfer stablecoins, rebalance portfolios, submit orders, invoke third-party APIs, and run enterprise automations without a human approving every step. That part is no longer hypothetical.
What's still missing is a standard proof format for those actions. Most systems log events in plain JSON or vendor-specific traces. Those logs are useful for debugging, but they are not cryptographic evidence.
This gap exists across today's major agent ecosystems: CrewAI, LangChain, OpenSandbox, deer-flow, and most internal enterprise agent stacks. Without that proof layer, three things break fast:
- Dispute resolution: You can't independently prove that a charge, trade, or API side effect was authorized and untampered.
- Compliance: Audit trails become "best effort" narratives rather than verifiable facts.
- Interoperability trust: Cross-vendor agent workflows require blind trust in each participant's logs.
What AAR Is
Agent Action Receipt (AAR) is a signed JSON receipt that travels with every meaningful agent action.
- Canonicalize JSON with JCS-SORTED-UTF8-NOWS
- Sign the canonical payload with Ed25519
- Attach signature + metadata as a receipt object
- Verify anywhere, independent of the original runtime
AAR fields: Agent identity, Principal, Action (type/target/method/status), Input/Output hashes, Cost, Timestamp. Transport-agnostic: HTTP headers, response body, event streams, on-chain.
Spec: https://github.com/Cyberweasel777/agent-action-receipt-spec
Code: Implement AAR in TypeScript
1) Generate a keypair
import { generateKeyPair } from 'botindex-aar';
const { secretKey, publicKey } = generateKeyPair();
2) Express middleware
import { aarMiddleware } from 'botindex-aar/middleware/express';
app.use(aarMiddleware({
agentId: 'my-trading-bot/v2',
secretKey: process.env.AAR_SECRET_KEY
}));
// Every response now carries X-AAR-Receipt header
3) Create and sign a receipt manually
import { createReceipt, signAndFinalize, hashInput, hashOutput } from 'botindex-aar';
const unsigned = createReceipt({
agent: { id: 'trading-bot/v2', name: 'TradingBot' },
principal: { id: 'user:alice', type: 'user' },
action: { type: 'trade.execute', target: 'binance/BTCUSDT', method: 'POST', status: 'success' },
scope: { permissions: ['trade.spot'] },
inputHash: hashInput({ pair: 'BTCUSDT', side: 'buy', qty: 0.5 }),
outputHash: hashOutput('{"orderId":"12345","filled":0.5}'),
cost: { amount: '0.02', currency: 'USDC' }
});
const receipt = signAndFinalize(unsigned, secretKey);
4) Verify receipt integrity
import { verifyReceipt } from 'botindex-aar';
const result = verifyReceipt(receipt);
if (result.ok) console.log('Receipt is valid and untampered');
Mastercard Compatibility
Mastercard's Verifiable Intent chain (identity → intent → action → outcome) aligns directly with AAR. The SDK includes bidirectional mapping: aarToVerifiableIntent() and verifiableIntentToAAR(). Same thesis, different entry point.
Aztec ZK Privacy
AAR receipts can be proven in zero knowledge on Aztec L2 — prove a receipt is valid without revealing its contents. Verifiable auditability plus confidentiality.
x402 + AAR
x402 (Coinbase) answers: "Did you pay?" AAR answers: "What did the agent do after payment?" BotIndex is the first API shipping both together.
The Market Gap
GitHub trending: OpenSandbox (~6.5K stars), deer-flow (~25K stars), ruflo (~19K stars), CrewAI (~45K stars). None have verifiable action provenance. AAR is MIT-licensed, single dependency (tweetnacl), drop-in middleware.
Get Started
npm install botindex-aar
- Spec: https://github.com/Cyberweasel777/agent-action-receipt-spec
- Live: https://api.botindex.dev (every response carries X-AAR-Receipt)
- Landing: https://aar.botindex.dev
Can you prove what your agent did? AAR is the answer.
Top comments (0)