AgencyReceipts Working draft

Overview

Introduction

Why an agent's action needs a signed record of its own — and what it takes to make one.

When an AI agent acts on behalf of a human — purchasing a service, sending a message, filing a record, agreeing to a contract — the human is increasingly not in the loop for each action, and has no standardized, verifiable, human-readable record of what was done in their name.

The records that exist today fail the human on every axis. Conversation logs are too low-level — thousands of tokens of model trace are not a record a person, a regulator, or an insurer can read or act on, and they are not signed. Vendor receipts are merchant-scoped: a charge or a calendar invite confirms a transaction happened, but says nothing about which of a person's agents acted, why, or under what authority. And there is no cryptographic binding between an action, the agent that took it, and the human it represents — no portable artifact a third party can independently verify or dispute with evidence.

As agents take more consequential actions under delegated authority, this gap becomes a public-safety, regulatory, and consumer-trust problem — and, under the EU AI Act and analogous regimes, a legal one. For delegation to be legible, the human needs a different artifact: a per-action, cryptographically-signed, one-sentence-readable receipt, linked to the authority it was taken under. That artifact is the Agency Receipt.

Agency Receipts (sm-arp) fixes the receipt's shape, not the policy of which actions must be recorded — that decision belongs to the runtime and its jurisdiction. It is runtime-agnostic: an agent built on Claude, OpenAI, LangGraph, or a custom stack emits the same receipt, independent of the model, the hosting platform, and the tool-integration or transport protocols underneath it (MCP, A2A). It does not judge whether an action was authorized — that is a companion concern, handled by the permit and the grant behind it (see agentenvelope.ai) — and kept deliberately separate. What the receipt owns is the occurrence: a signed, one-sentence-readable, offline-verifiable record that this action happened, for this human, by this agent.