Skip to main content

Local agent run receipts with signed JSONL records and Markdown review artifacts.

Project description

signed-agent-receipts

signed-agent-receipts is a small local POC for signed Agent Run Ledger receipts plus a Computer-Use QA Pack. It scans local agent runtime traces when present, normalizes them into versioned JSONL records, signs them with Ed25519, and renders Markdown receipts that a human can review without reading a full transcript.

Durable generated outputs default to a neutral local config path:

~/.config/signed-agent-receipts/output

Commands

Requires Python 3.10+.

Install locally:

python -m pip install .
# or
pipx install .

Packaging note: the PyPI distribution and installed CLI command are signed-agent-receipts; the Python import package remains agent_receipts for stable module imports.

Normalize recent local runs:

signed-agent-receipts normalize --limit 10

Render Markdown receipts:

signed-agent-receipts render --jsonl ~/.config/signed-agent-receipts/output/agent_run.jsonl

Run the end-to-end POC:

signed-agent-receipts dogfood --limit 10

Verify signed JSONL receipts:

signed-agent-receipts verify --jsonl ~/.config/signed-agent-receipts/output/agent_run.jsonl

Run tests:

python -m unittest

What It Scans

The normalizers are heuristic and defensive. Missing or unreadable sources are skipped or represented as warning records instead of crashing.

  • Hermes: ~/.hermes, including readable SQLite, JSON/JSONL, and log/text files.
  • Codex: ~/.codex.
  • Claude Code: ~/.claude/projects.

For tests or local fixture runs, set:

AGENT_RECEIPTS_HOME=/tmp/fixture-home
AGENT_RECEIPTS_WORKSPACE=/tmp/fixture-workspace

Analytics

The CLI is instrument-ready for PostHog without adding a runtime dependency. Set a project-scoped key to enable capture; leave it unset for a complete no-op:

POSTHOG_KEY=phc_... python -m agent_receipts dogfood
# Optional; defaults to https://us.i.posthog.com
POSTHOG_HOST=https://us.i.posthog.com

Emitted events currently include agent_receipts_cli_started, agent_receipts_normalized, agent_receipts_rendered, and agent_receipts_dogfood_completed.

Signing

Every JSONL receipt written by the CLI is signed with Ed25519 over canonical JSON: UTF-8 JSON with sorted keys and compact separators, excluding the signature field itself. Markdown receipts include the same signature metadata in a Signature section.

The default private key path is:

~/.config/signed-agent-receipts/ed25519_private.pem

The key is created automatically with 0600 permissions on first use. Override the path with either --signing-key /path/to/ed25519_private.pem or AGENT_RECEIPTS_SIGNING_KEY=/path/to/ed25519_private.pem. Local private-key filenames are gitignored by default; do not commit private keys.

Schema Summary

Records are JSONL objects using schema_version: agent-run-ledger.v1. The schema lives at schema/agent_run.schema.json and includes:

  • identity: run ID, runtime, source path, actor, profile, session, title
  • timing: started, ended, duration
  • normalized content: inputs, tool calls, file diffs, URLs
  • QA support: evidence with local file hashes when available, costs, policy flags
  • traceability: receipt path and raw source references
  • signature: Ed25519 public key, key ID, canonicalization, and signature value

Evidence

The POC discovers recent local image files only from causally scoped roots such as the workspace and output directory, computes SHA-256 for local evidence, and records provenance for every evidence item. Shared caches such as ~/.hermes/cache/screenshots are not backfilled into unrelated runs; time-window matches are marked as heuristic.

Current Limitations

  • Source formats are inferred, not runtime-specific contracts.
  • SQLite support samples likely session/run/log tables but does not understand every vendor schema.
  • Cost and token data are only populated when present in source traces.
  • Markdown receipts are static review artifacts; they do not provide approval workflow state.
  • JSON Schema validation is documented but not enforced at runtime.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signed_agent_receipts-0.1.0.tar.gz (26.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

signed_agent_receipts-0.1.0-py3-none-any.whl (24.0 kB view details)

Uploaded Python 3

File details

Details for the file signed_agent_receipts-0.1.0.tar.gz.

File metadata

  • Download URL: signed_agent_receipts-0.1.0.tar.gz
  • Upload date:
  • Size: 26.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for signed_agent_receipts-0.1.0.tar.gz
Algorithm Hash digest
SHA256 9ebbc49ab79ad7b41074f5ec234749f511373fc2b55d483cd87776d2efe9b14f
MD5 51b1b4d8d9a8a6aa02df5b80c37567f7
BLAKE2b-256 d956d055198e627b47b47046ac8b14af8ab785469e549549b71b9aeeb512cc0a

See more details on using hashes here.

File details

Details for the file signed_agent_receipts-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for signed_agent_receipts-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 be961d9105a7236c1258914bb4b22fe44ccbbdfd5abeb47a4143a8fa2346d613
MD5 1a13131291f2621ddd9598974e4dcdf7
BLAKE2b-256 4f52b7d78aa3b04676a503a734b52f7e94590e57c00e04d57b25a2ebfef34836

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page