# Aweb Agent Receipts - Public Spec Draft Status: public-ready draft for external reviewers. Not yet submitted to a standards body. ## Summary Aweb Agent Receipts is an open-source trust layer for AI agents that execute MCP tools, APIs, and eventually onchain actions. The project defines scoped execution grants, tool manifests, signed action receipts, usage proofs, and replayable audit records so builders can verify what an agent did, under which permission, at what cost, and with what result. ## Problem Agent systems are moving from chat into real execution. They can call APIs, use MCP tools, trigger workflows, and interact with financial or operational systems. The evidence layer around those actions is still weak. Today, critical execution context is usually split across app logs, provider dashboards, custom traces, email history, and human memory. That is not enough for production systems where agents need scoped authority, auditability, cost attribution, replay, and dispute resolution. ## Core Objects - Tool manifest: describes a capability, provider, action, risk level, schemas, cost model, and approval policy. - Execution grant: binds an agent, actor, tool, scope, budget, and time window before work happens. - Action receipt: records the specific execution, provider identifiers, cost, policy result, status, and replay metadata. ## Reference Flow 1. Agent asks to use a capability. 2. Aweb checks the tool manifest. 3. Aweb issues or validates a scoped execution grant. 4. Agent executes the tool or API call. 5. Aweb emits an action receipt. 6. CLI or SDK validates and replays the receipt record. 7. Optional chain adapter anchors metadata for identity, payment, or verification. ## First Implementation - JSON Schema for tool manifests, execution grants, and action receipts. - TypeScript types and SDK helpers. - CLI commands for issuing grants, validating grants, emitting receipts, validating receipts, and replaying records. - MCP/API demo workflow. - Documentation and examples. ## Ecosystem Fit The first implementation is designed to be useful before any ecosystem-specific adapter exists. A receipt should work as a local file, API payload, CLI validation target, and human-review artifact. MCP and agent-framework developers can use the format to preserve evidence after a capability is invoked. Application teams can use it to debug failures, inspect cost, and keep authority boundaries visible. Future chain adapters can anchor selected metadata where identity, payment, verification, or public auditability need stronger guarantees. The public-good target is deliberately small: make agent execution more inspectable without requiring teams to adopt the private Aweb platform. ## Milestones 1. Public schema and TypeScript types. 2. SDK and CLI reference implementation. 3. MCP/API demo. 4. Chain metadata adapter. 5. Security notes, replay examples, and grant report. ## Relationship To Aweb Labs Aweb Labs is building the governed execution layer for AI agents. Aweb Agent Receipts is the public-goods primitive underneath that commercial thesis: if agents are going to perform real work, the ecosystem needs a shared way to issue scoped authority and prove execution.