Integration: Agent Action Receipts (AAR) for verifiable sandbox action provenance #381
Description
Problem
OpenSandbox provides secure agent runtime sandboxing — but actions taken inside the sandbox currently have no cryptographic proof trail. When an agent executes code, makes API calls, or modifies state inside a sandbox, there's no standard way to prove what happened, who authorized it, or verify the outcome.
Proposal: Agent Action Receipt (AAR) Integration
AAR is an open standard (MIT) for cryptographically signed receipts that travel with every agent action:
- Ed25519 signature over canonicalized JSON (JCS-SORTED-UTF8-NOWS)
- SHA-256 input/output hashing — proves data without revealing it (privacy-preserving)
- Transport-agnostic — HTTP header, response body, or logged alongside sandbox execution
How it could work with OpenSandbox
- Sandbox wraps each agent action (API call, file write, code execution) with an AAR receipt
- Receipt captures: agent identity, principal authorization, action type/target, input/output hashes, cost, timestamp
- Receipts are signed with the sandbox's Ed25519 key
- Any consumer of the sandbox output can independently verify the receipt chain
SDK
npm install @botindex/aarDrop-in Express middleware or manual receipt builder. Single dependency (tweetnacl). TypeScript.
Compatibility
- Mastercard Verifiable Intent (March 5, 2026) — bidirectional mapping included
- x402 (Coinbase) — complementary payment verification
Links
- Spec: https://github.com/Cyberweasel777/agent-action-receipt-spec
- JSON Schema: https://github.com/Cyberweasel777/agent-action-receipt-spec/blob/main/schema/receipt.json
Happy to contribute a PR if there's interest.