I have published a small open-source receipt and validator toolkit for tool-calling agents.
The problem is framework-neutral: after an agent calls a tool, API, or data system, a team may need a portable record of what request was made, which policy snapshot applied, which tool was used, what input and output were recorded, and whether an independent verifier can detect later changes.
The project produces:
- an evidence bundle
- a signed execution receipt
- an independent verification report
The core Python package is framework-independent. The repository includes a CrewAI Flow template as a runnable example, plus a GitHub Action for CI verification and an MCP server for local MCP-compatible clients.
Links:
- Core repo and template: GitHub - joy7758/verifiable-tool-invocation-flow: CrewAI Flow template for signed execution receipts and independent validation of sensitive tool calls. · GitHub
- Core PyPI package: verifiable-tool-invocation-flow · PyPI
- GitHub Action: Verify Agent Execution Receipt · Actions · GitHub Marketplace · GitHub
- Hugging Face demo: Agent Receipt Validator - a Hugging Face Space by joy7759
- MCP server repo: GitHub - joy7758/agent-receipt-validator-mcp: Local stdio MCP server for validating signed agent execution receipts. · GitHub
- MCP server PyPI package: Client Challenge
Feedback I am looking for:
- What receipt fields should be mandatory for tool-calling agents?
- Which validator rules belong in a common baseline profile?
- What evidence is needed for practical third-party audit?
- Should the MCP surface expose validation only, or receipt building too?
- What should remain outside the scope of a receipt validator?
Boundary: this provides verifiable execution evidence. It does not prove semantic correctness, replace runtime controls, or guarantee compliance.