Evidence receipts for agent work: hash-chained, signable execution records that prove claimed results trace to real runs.
Project description
argus-receipts
Evidence receipts for agent work. AI agents claim "done" with no
artifacts; 43% of AI code changes need production debugging; agents exceed
their permissions and nobody can reconstruct what actually ran.
argus-receipts wraps any unit of work in a receipt — command, exit code,
artifact hashes, timestamps — hash-chained into an append-only ledger and
optionally signed, so claimed results provably trace to real runs.
The company building this runs on it: every material decision Argus (the company) makes carries a receipt in a ledger of exactly this format.
Install
pip install argus-receipts # stdlib-only core
pip install "argus-receipts[sign]" # + Ed25519 third-party-verifiable signatures
Use
# wrap a run: records command, exit code, and the hash of what it produced
argus-receipts run --ledger ops.jsonl --actor build-bot \
--artifact dist/app.tar.gz -- make release
# receipt a decision (the "why" lives in your docs; the receipt makes it tamper-evident)
argus-receipts record --ledger ops.jsonl --actor operator \
--action "decision: ship v0.2" --artifact DECISIONS.md
# verify everything: ids honest, chain unbroken, artifacts unmodified, signatures valid
argus-receipts verify --ledger ops.jsonl
As a library:
from argus_receipts import Ledger
from argus_receipts.signer import Ed25519Signer
ledger = Ledger("ops.jsonl", signer=Ed25519Signer.from_file("ops.key"))
receipt, proc = ledger.run(["pytest", "-q"], actor="ci", artifacts=["report.xml"])
assert ledger.verify().ok
Guarantees (and honest non-guarantees)
- A receipt's
idis the SHA-256 of its canonical body: edit anything, the id breaks. Each receipt embeds its parent's id: delete or reorder, the chain breaks. Re-hash artifacts at verify time: silent drift is caught. - HMAC signatures bind receipts to a shared secret (one trust domain); Ed25519 signatures are verifiable by anyone holding the public key.
- NOT guaranteed: that the command did the right thing (receipts prove what ran and what it produced, not that it was wise), and a signer who controls the whole ledger file can rewrite history they signed — anchor the ledger tip externally (e.g., commit it) for that.
License
MIT.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file argus_receipts-0.1.0.tar.gz.
File metadata
- Download URL: argus_receipts-0.1.0.tar.gz
- Upload date:
- Size: 9.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
02ecdc5053e616c76c441028347f40e1b12d62a4da78739fa4925f68798723c1
|
|
| MD5 |
b34bdeaf8a2ac23cb811c237e0644b08
|
|
| BLAKE2b-256 |
3316e137a53183fb063bc434597b5987e33ad4dd804914574bff126b50dfb320
|
Provenance
The following attestation bundles were made for argus_receipts-0.1.0.tar.gz:
Publisher:
release.yml on mikelmyers/argus-receipts
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
argus_receipts-0.1.0.tar.gz -
Subject digest:
02ecdc5053e616c76c441028347f40e1b12d62a4da78739fa4925f68798723c1 - Sigstore transparency entry: 1789891928
- Sigstore integration time:
-
Permalink:
mikelmyers/argus-receipts@c47e305a25e160f2710495f45824e59f5b5a7d0d -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mikelmyers
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@c47e305a25e160f2710495f45824e59f5b5a7d0d -
Trigger Event:
push
-
Statement type:
File details
Details for the file argus_receipts-0.1.0-py3-none-any.whl.
File metadata
- Download URL: argus_receipts-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
04b3c28a17bdf9e3f3efdc3e386963435b9f86fc3e6d9ad1b91006c05fb088b7
|
|
| MD5 |
31f7408c0df4e38f7c811125bfb64664
|
|
| BLAKE2b-256 |
62e2c477d3b7da4cf1f5995631172068f8bb42a90f37a80d5de2a39504791439
|
Provenance
The following attestation bundles were made for argus_receipts-0.1.0-py3-none-any.whl:
Publisher:
release.yml on mikelmyers/argus-receipts
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
argus_receipts-0.1.0-py3-none-any.whl -
Subject digest:
04b3c28a17bdf9e3f3efdc3e386963435b9f86fc3e6d9ad1b91006c05fb088b7 - Sigstore transparency entry: 1789892019
- Sigstore integration time:
-
Permalink:
mikelmyers/argus-receipts@c47e305a25e160f2710495f45824e59f5b5a7d0d -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mikelmyers
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@c47e305a25e160f2710495f45824e59f5b5a7d0d -
Trigger Event:
push
-
Statement type: