Local agent run receipts with signed JSONL records and Markdown review artifacts.
Project description
signed-agent-receipts
signed-agent-receipts is a small local POC for signed Agent Run Ledger receipts plus a Computer-Use QA Pack. It scans local agent runtime traces when present, normalizes them into versioned JSONL records, signs them with Ed25519, and renders Markdown receipts that a human can review without reading a full transcript.
Durable generated outputs default to a neutral local config path:
~/.config/signed-agent-receipts/output
Commands
Requires Python 3.10+.
Install locally:
python -m pip install .
# or
pipx install .
Packaging note: the PyPI distribution and installed CLI command are signed-agent-receipts; the Python import package remains agent_receipts for stable module imports.
Normalize recent local runs:
signed-agent-receipts normalize --limit 10
Render Markdown receipts:
signed-agent-receipts render --jsonl ~/.config/signed-agent-receipts/output/agent_run.jsonl
Run the end-to-end POC:
signed-agent-receipts dogfood --limit 10
Verify signed JSONL receipts:
signed-agent-receipts verify --jsonl ~/.config/signed-agent-receipts/output/agent_run.jsonl
Run tests:
python -m unittest
What It Scans
The normalizers are heuristic and defensive. Missing or unreadable sources are skipped or represented as warning records instead of crashing.
- Hermes:
~/.hermes, including readable SQLite, JSON/JSONL, and log/text files. - Codex:
~/.codex. - Claude Code:
~/.claude/projects.
For tests or local fixture runs, set:
AGENT_RECEIPTS_HOME=/tmp/fixture-home
AGENT_RECEIPTS_WORKSPACE=/tmp/fixture-workspace
Analytics
The CLI is instrument-ready for PostHog without adding a runtime dependency. Set a project-scoped key to enable capture; leave it unset for a complete no-op:
POSTHOG_KEY=phc_... python -m agent_receipts dogfood
# Optional; defaults to https://us.i.posthog.com
POSTHOG_HOST=https://us.i.posthog.com
Emitted events currently include agent_receipts_cli_started,
agent_receipts_normalized, agent_receipts_rendered, and
agent_receipts_dogfood_completed.
Signing
Every JSONL receipt written by the CLI is signed with Ed25519 over canonical
JSON: UTF-8 JSON with sorted keys and compact separators, excluding the
signature field itself. Markdown receipts include the same signature metadata
in a Signature section.
The default private key path is:
~/.config/signed-agent-receipts/ed25519_private.pem
The key is created automatically with 0600 permissions on first use. Override
the path with either --signing-key /path/to/ed25519_private.pem or
AGENT_RECEIPTS_SIGNING_KEY=/path/to/ed25519_private.pem. Local private-key
filenames are gitignored by default; do not commit private keys.
Schema Summary
Records are JSONL objects using schema_version: agent-run-ledger.v1. The schema lives at schema/agent_run.schema.json and includes:
- identity: run ID, runtime, source path, actor, profile, session, title
- timing: started, ended, duration
- normalized content: inputs, tool calls, file diffs, URLs
- QA support: evidence with local file hashes when available, costs, policy flags
- traceability: receipt path and raw source references
- signature: Ed25519 public key, key ID, canonicalization, and signature value
Evidence
The POC discovers recent local image files only from causally scoped roots such as the workspace and output directory, computes SHA-256 for local evidence, and records provenance for every evidence item. Shared caches such as ~/.hermes/cache/screenshots are not backfilled into unrelated runs; time-window matches are marked as heuristic.
Current Limitations
- Source formats are inferred, not runtime-specific contracts.
- SQLite support samples likely session/run/log tables but does not understand every vendor schema.
- Cost and token data are only populated when present in source traces.
- Markdown receipts are static review artifacts; they do not provide approval workflow state.
- JSON Schema validation is documented but not enforced at runtime.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signed_agent_receipts-0.1.0.tar.gz.
File metadata
- Download URL: signed_agent_receipts-0.1.0.tar.gz
- Upload date:
- Size: 26.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9ebbc49ab79ad7b41074f5ec234749f511373fc2b55d483cd87776d2efe9b14f
|
|
| MD5 |
51b1b4d8d9a8a6aa02df5b80c37567f7
|
|
| BLAKE2b-256 |
d956d055198e627b47b47046ac8b14af8ab785469e549549b71b9aeeb512cc0a
|
File details
Details for the file signed_agent_receipts-0.1.0-py3-none-any.whl.
File metadata
- Download URL: signed_agent_receipts-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
be961d9105a7236c1258914bb4b22fe44ccbbdfd5abeb47a4143a8fa2346d613
|
|
| MD5 |
1a13131291f2621ddd9598974e4dcdf7
|
|
| BLAKE2b-256 |
4f52b7d78aa3b04676a503a734b52f7e94590e57c00e04d57b25a2ebfef34836
|