A few weeks back I showed cryptographic receipts for AI agent actions — through an MCP signing proxy, watching every call to the GitHub MCP server. The proxy works for what flows through MCP. Plenty doesn’t. OpenClaw is the dangerous place: it’s where agents execute shell commands, read and write files, hit APIs. The blast radius of an AI agent is bounded by the tools it can call, and OpenClaw’s the runtime that hands them out. If you’re going to have an audit trail anywhere, it’s there. ... Read more

Somewhere between Kyoto temples I shipped a signing proxy for Agent Receipts — an open protocol that gives every AI agent action a cryptographically signed audit trail. The idea is simple: when an agent acts on your behalf, you should be able to prove what happened. Not just logs. Proof. This week I used it to audit itself. The problem with MCP tool calls When you give Claude access to GitHub via the MCP server, it can create issues, push files, open pull requests. It acts on your behalf. And when it’s done, it tells you what it did. ... Read more

Last week, I asked an AI agent to clean up some files in a project directory. It did a great job — renamed a few things, deleted some stale configs, updated a README. I know this because I watched it happen in my terminal. But if you asked me to prove what it did? To show you an authoritative record of every action, in order, with cryptographic proof that nothing was altered after the fact? I couldn’t. ... Read more