When an AI agent calls a tool via MCP (the protocol agents use to interact with external services), it tells you what it did. But that's a claim — not evidence. The logs are self-reported. There's no independent proof of what was actually sent or received.
Agent Receipts is an open protocol that puts a signing proxy between the MCP client and server. Every tool call gets an Ed25519-signed, hash-chained receipt — a W3C Verifiable Credential you can independently verify without trusting the proxy after the fact.
I routed the GitHub MCP server through it, found two bugs during the session, and filed both bug reports — through the proxy. The act of reporting the bugs is itself receipted. The dogfooding loop closed.
It's early days (proxy v0.3.3), open source, ships as a single Go binary, and wraps any MCP server — not just GitHub. Open issues in security review, protocol design, and DX if you want to help shape it.
Full walkthrough: Every MCP Tool Call My AI Makes Now Gets a Signed Receipt
Top comments (0)