npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agnt-rcpt/openclaw

v0.3.0

Published

Cryptographically signed audit trail for OpenClaw agent actions via Agent Receipts

Downloads

191

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ojongeriusojongerius

Keywords

openclawagent-receiptsaudit-trailreceiptsverifiable-credentialsed25519

Readme

openclaw-agent-receipts

Agent Receipts plugin for OpenClaw

npm License: MIT TypeScript CI

Cryptographically signed, hash-linked audit trail for every tool call an OpenClaw agent makes.

Built on @agnt-rcpt/sdk-ts and @sinclair/typebox.

SpecTypeScript SDKPython SDK

What it looks like

After a session where the agent reads files, runs a command, browses a page, and writes output, querying the audit trail returns:

{
  "total_receipts": 5,
  "total_chains": 1,
  "by_risk": { "low": 4, "high": 1 },
  "by_status": { "success": 4, "failure": 1 },
  "by_action": {
    "filesystem.file.read": 2,
    "filesystem.file.create": 1,
    "system.command.execute": 1,
    "system.browser.navigate": 1
  },
  "results": [
    { "id": "rec-…01", "timestamp": "2026-04-01T02:10:01Z", "action": "filesystem.file.read",    "risk": "low",  "target": "read_file",        "status": "success", "sequence": 1 },
    { "id": "rec-…02", "timestamp": "2026-04-01T02:10:02Z", "action": "filesystem.file.read",    "risk": "low",  "target": "read_file",        "status": "failure", "sequence": 2 },
    { "id": "rec-…03", "timestamp": "2026-04-01T02:10:03Z", "action": "system.command.execute",  "risk": "high", "target": "run_command",      "status": "success", "sequence": 3 },
    { "id": "rec-…04", "timestamp": "2026-04-01T02:10:04Z", "action": "system.browser.navigate", "risk": "low",  "target": "browser_navigate", "status": "success", "sequence": 4 },
    { "id": "rec-…05", "timestamp": "2026-04-01T02:10:05Z", "action": "filesystem.file.create",  "risk": "low",  "target": "write_file",       "status": "success", "sequence": 5 }
  ]
}

Verifying the chain confirms nothing was tampered with:

Chain "chain_openclaw_main_sid-42" is valid: 5 receipts, all signatures and hash links verified.

Every receipt is a signed W3C Verifiable Credential — parameters are hashed (never stored in plaintext), and each receipt is hash-linked to the previous one, forming a tamper-evident chain.

Why receipts?

AI agents that read files, run commands, and browse the web are powerful — but that power needs accountability. When an agent operates autonomously, you need to know exactly what it did, prove that the record hasn't been tampered with, and keep sensitive details private.

Use cases:

  • Post-incident review — your agent ran overnight and something broke. The receipt chain shows exactly which commands it ran, in what order, and whether each succeeded or failed — with cryptographic proof that the log hasn't been altered after the fact.
  • Compliance and audit — regulated environments require evidence of what systems did and why. Receipts are W3C Verifiable Credentials with Ed25519 signatures, giving auditors a tamper-evident trail they can independently verify.
  • Safer autonomous agents — the agent can query its own audit trail mid-session. Before taking a high-risk action, it can check what it has already done and whether previous steps succeeded, enabling self-correcting workflows.
  • Multi-agent trust — when agents collaborate, receipts serve as proof of prior actions. Agent B can verify that Agent A actually completed step 1 before proceeding to step 2, without trusting a shared log.
  • Cost and usage tracking — every tool call is classified by type and risk level, giving you a structured breakdown of what your agent spent its time on across sessions.

Beyond local storage

Today, receipts are stored locally in SQLite — fully under your control. The Agent Receipts protocol is designed for receipts to travel further when you choose: publishing to a shared ledger, forwarding to a compliance system, or exchanging with other agents as proof of prior actions. The receipts are portable W3C Verifiable Credentials, but where they go is always your decision.

How it works

Every time the OpenClaw agent executes a tool, this plugin:

  1. Classifies the action using the Agent Receipts taxonomy
  2. Creates a signed receipt — a W3C Verifiable Credential with Ed25519 proof
  3. Hash-links it into a per-session chain (tamper-evident)
  4. Stores it in a local SQLite database

The agent also gets two introspection tools to query and verify its own audit trail.

OpenClaw Gateway
  │
  ├─ before_tool_call ──► capture params + timing
  │
  ├─ [tool executes]
  │
  └─ after_tool_call ──► classify → sign → chain → store

Install

openclaw plugins install @agnt-rcpt/openclaw

Then enable the plugin in your OpenClaw config. See docs/INSTALL.md for tool visibility setup and configuration options.

CLI — Receipt Explorer

Query and verify receipts outside of agent sessions, useful for auditing and debugging.

# Query all receipts
npx @agnt-rcpt/openclaw receipts

# Filter by risk level
npx @agnt-rcpt/openclaw receipts --risk high

# Filter by action type and output as JSON
npx @agnt-rcpt/openclaw receipts --action system.command.execute --json

# Verify all chains
npx @agnt-rcpt/openclaw verify

# Verify a specific chain
npx @agnt-rcpt/openclaw verify --chain chain_openclaw_main_sid-42

# Export a chain as JSON-LD (full W3C Verifiable Credentials)
npx @agnt-rcpt/openclaw export --chain chain_openclaw_main_sid-42

# Export as a W3C Verifiable Presentation envelope
npx @agnt-rcpt/openclaw export --chain chain_openclaw_main_sid-42 --format presentation

# Export a single receipt by ID
npx @agnt-rcpt/openclaw export --id urn:receipt:abc-123

Run npx @agnt-rcpt/openclaw --help for all options including --status, --limit, and --db.

Agent tools

ar_query_receipts

Search the audit trail by action type, risk level, or outcome status. Returns receipt summaries and aggregate statistics.

> Query all high-risk actions from this session

{
  "total_receipts": 12,
  "results": [
    { "action": "filesystem.file.delete", "risk": "high", "target": "delete_file", "status": "success", "sequence": 7 },
    { "action": "system.command.execute", "risk": "high", "target": "run_command", "status": "success", "sequence": 3 }
  ]
}

ar_verify_chain

Cryptographically verify the integrity of the receipt chain. Checks Ed25519 signatures, hash links, and sequence numbering.

> Verify the audit trail for this session

Chain "chain_openclaw_main_sid-42" is valid: 12 receipts, all signatures and hash links verified.

What's in a receipt?

Each receipt is a W3C Verifiable Credential signed with Ed25519, recording:

| Field | What it captures | |:---|:---| | Issuer | Which agent performed the action (did:openclaw:<agentId>) | | Principal | Which session authorized it (did:session:<sessionKey>) | | Action | What happened — classified type, risk level, target tool | | Outcome | Success/failure status and error details | | Chain | Sequence number + SHA-256 hash link to previous receipt | | Privacy | Parameters are hashed, never stored in plaintext | | Proof | Ed25519Signature2020 with verification method |

Taxonomy

The plugin maps OpenClaw tool names to Agent Receipts action types:

| OpenClaw tool | Action type | Risk | |:---|:---|:---| | read_file | filesystem.file.read | low | | write_file | filesystem.file.create | low | | edit_file | filesystem.file.modify | medium | | delete_file | filesystem.file.delete | high | | run_command | system.command.execute | high | | browser_navigate | system.browser.navigate | low | | browser_click | system.browser.form_submit | medium | | send_message | system.application.control | medium |

See taxonomy.json for the full 20-tool mapping. Override with a custom file via the taxonomyPath config option.

Configuration

All settings are optional — the plugin works out of the box with sensible defaults.

| Setting | Default | Description | |:---|:---|:---| | enabled | true | Generate receipts for tool calls | | dbPath | ~/.openclaw/agent-receipts/receipts.db | SQLite receipt database path | | keyPath | ~/.openclaw/agent-receipts/keys.json | Ed25519 signing key pair path | | taxonomyPath | (bundled) | Custom tool-to-action-type mapping |

Ed25519 signing keys are generated automatically on first run and persisted to keyPath.

Project structure

src/
  index.ts          # Plugin entry — wires hooks, tools, service
  cli.ts            # Receipt Explorer CLI (npx @agnt-rcpt/openclaw)
  hooks.ts          # before_tool_call / after_tool_call → receipt creation
  classify.ts       # Tool name → action type + risk level classification
  chain.ts          # Per-session hash-linked chain state
  tools.ts          # ar_query_receipts + ar_verify_chain
  config.ts         # Config resolution + Ed25519 key management
taxonomy.json       # Default OpenClaw tool → action type mappings

Development

pnpm install
pnpm test              # run the test suite
pnpm run typecheck     # TypeScript strict mode
pnpm test:coverage     # with V8 coverage

| | | |:---|:---| | Language | TypeScript ESM, strict mode | | Testing | Vitest (colocated *.test.ts files) | | Runtime deps | @agnt-rcpt/sdk-ts + @sinclair/typebox |

Ecosystem

| Repository | Description | |:---|:---| | agent-receipts/spec | Protocol specification, JSON Schemas, canonical taxonomy | | agent-receipts/sdk-ts | TypeScript SDK | | agent-receipts/sdk-py | Python SDK (PyPI) | | agent-receipts/openclaw (this plugin) | OpenClaw integration | | ojongerius/attest | MCP proxy + CLI (reference implementation) |

License

MIT