Agent Receipts

Your AI agent remembers everything — and you can prove it.

Persistent memory for AI agents, backed by cryptographic receipts. Every fact your agent learns is signed, traceable, and independently verifiable. No cloud required.

Try the Interactive Demo · Install in 30 Seconds · How It's Different

The Problem

You're building with AI agents. Claude Code refactors your auth module and says "done, all tests pass." Your agent generates a customer quote and says it applied the right pricing. Your assistant remembers your preferences from last week — but you can't see why it thinks that, or whether it's right.

Three things are broken:

1. Agents forget everything between sessions. Every conversation starts from zero. Context is lost. You re-explain the same things.

2. When agents do remember, you can't see inside. Platform memory is a black box. You can't see what it stored, when, or why. You can't correct it, export it, or verify it.

3. There's no proof of what agents actually did. Logs are mutable. Agents write their own logs. "I updated 3 files and all tests pass" — did it? You're trusting the agent's word about its own work.

What Agent Receipts Does

Memory that actually works

Your agent gets structured, persistent memory across sessions — people, projects, tools, preferences, facts. Not a flat key-value store. An entity-observation graph where every fact links to the conversation that created it.

# Your agent learns something
memory_observe → "User prefers TypeScript, uses Neovim, building a SaaS called ModQuote"

# Next session, it already knows
memory_context → loads everything: entities, observations, relationships, preferences

# You can search it
memory_recall → "what tech stack does the user prefer?" → structured results

# You can forget (and the forget itself is tracked)
memory_forget → soft delete with audit trail

The agent handles this automatically when you add the system prompt. You don't manage memory manually.

Proof that's actually proof

Every memory observation and every agent action produces a receipt — a signed JSON document with:

• Ed25519 signature — tamper-proof, independently verifiable
• Input/output hashes — proves exactly what went in and came out (raw data never stored)
• Timestamps — when it happened, when it completed
• Agent ID — which agent did it
• Provenance chain — trace any memory back to the conversation that created it

This isn't logging. Logs are mutable text files the agent writes about itself. Receipts are cryptographic proof that a third party can verify without trusting you, your server, or the agent.

Everything runs locally

npx @agent-receipts/mcp-server

That's it. No API key. No account. No cloud. No monthly fee. No data leaving your machine. SQLite database in ~/.agent-receipts/. Works offline.

Why This Exists

I was building ModQuote — a multi-tenant SaaS where AI agents generate quotes for automotive protection shops. Real money, real customers, real liability.

When Claude generated a $2,400 PPF quote, I needed answers: What vehicle data did it receive? What pricing rules did it apply? If a customer disputes the price, can I prove what happened — not with a log entry the agent wrote about itself, but with cryptographic proof?

I looked at the existing tools:

... View full README on GitHub