Receipt

Enterprises will spend $100B+ on AI agents by 2028. Agents are already executing trades, deploying code, managing infrastructure, and making decisions that move real money. The problem: none of it is provable. There is zero cryptographic evidence that an agent actually did what it claims. No proof the data it read was real. No proof the API it called returned what it says. No proof the LLM output came from the model it claims to have used.

This isn't a convenience gap. It's a systemic risk. An agent that fabricates an API response can trigger a bad trade. An agent that hallucinates file contents can deploy broken code to production. In multi-agent pipelines, one lying agent poisons every agent downstream. And all of this unverified output is feeding back into model training, compounding the problem. The industry is building on top of work it cannot verify, with money it cannot account for.

RECEIPT closes this gap. It is the cryptographic proof layer for AI agents. Every agent action produces a signed, hash-linked receipt. A second agent independently verifies every receipt before continuing. An independent model scores how useful the output actually was. The result is the first verifiable cost-per-useful-output metric for AI agents.

How it works -- two layers:

Layer 1: Proof of Action. Every agent action -- file read, API call, LLM inference, decision -- produces a cryptographically signed receipt (Ed25519 signatures, SHA-256 hashes). Each receipt hash-links to the previous one, creating a tamper-evident chain. Like a blockchain of work. Change one receipt in the middle and the entire chain breaks. When the Builder receives work from the Researcher, it independently verifies every single receipt before continuing. Signature valid? Hash chain intact? Timestamps in order? One failure = entire handoff rejected.

Layer 2: Proof of Usefulness. A separate AI model -- running inside a secure hardware enclave, selected by the system not the agent -- scores how useful the chain's output actually was. The agent cannot pick its own grader. The model evaluates alignment (did it do what was asked?), substance (is the content meaningful?), and quality (is it well-executed?). Chains scoring below 60/100 are not anchored on-chain. You don't get credit for bad work, and bad work never becomes training data.

The result is cost per useful output -- not just "did the agent run" but "was the output worth paying for." This is the metric that turns agent spending from a black box into a measurable investment.

RECEIPT covers all six layers of the agent harness:

• Orchestration: multi-agent verification pipeline (Researcher produces, Builder verifies)
• Context: each receipt captures inputs, outputs, and the full execution context
• State: immutable signed receipts = state snapshots that cannot be retroactively altered
• Execution: every tool call, API request, and inference captured with cryptographic proof
• Evaluation: independent quality scoring with verification rate as the key metric
• Transport: on-chain anchoring on 0G Mainnet, peer-to-peer handoff via Gensyn AXL

Built on 0G -- full stack integration across all three verification pillars:

• Verified Compute: LLM inference (DeepSeek V3, GLM-5) runs inside hardware enclaves with cryptographic attestation via Intel TDX. The hardware proves the computation happened as claimed.
• Verified Identity: each agent gets an on-chain identity token (ERC-7857 NFT) carrying its public key hash. Agents can't impersonate each other.
• Verified Training: quality-gated data pipeline. Only chains that pass the usefulness threshold (>=60/100) produce training-eligible data. Bad work is rejected before it can poison model training.
• Four smart contracts live on 0G Mainnet (chain ID 16661): ReceiptAnchorV2.sol (proof storage), AgentNFT.sol (agent identity), ValidationRegistry.sol (quality attestations via ERC-8004), ReceiptRegistry.sol (on-chain chain coordination per wallet address).

Agent-to-agent transport runs through Gensyn AXL -- two peer-to-peer nodes relaying receipt chains through an encrypted mesh network. No central server touches the proof at any point in the pipeline.

What we shipped:

• Published SDK on npm: npm install agenticproof (47 tests passing)
• Dashboard with wallet connect: register chains on-chain via MetaMask, no database
• Four smart contracts deployed on 0G Mainnet: ReceiptAnchorV2 (proof storage), AgentNFT (ERC-7857 identity), ValidationRegistry (ERC-8004 attestations), ReceiptRegistry (on-chain chain coordination per wallet)
• Live demo with guided walkthrough: two agents produce, verify, and score a receipt chain in real-time
• Adversarial mode: RECEIPT catches a lying agent with real tamper detection
• TEE-attested LLM inference via 0G Compute (DeepSeek V3 for research, GLM-5 for quality review)
• Client-side chain verification via WebCrypto (Ed25519 + SHA-256) -- no server, no trust required
• Agent-to-agent handoff via Gensyn AXL (P2P when nodes available, direct HTTP fallback)

Every agent harness needs an evaluation layer. RECEIPT is that layer -- agent-agnostic, cryptographically verifiable, anchored on-chain.

RECEIPT is the evaluation layer for agent harnesses. As agents ship in production across Claude Code, Cursor, and OpenClaw, every harness needs an eval layer that proves work quality. RECEIPT is agent-agnostic -- it plugs into any tool via a single SDK and measures whether agent work was actually useful, with cryptographic verification rates.

The core SDK (agenticproof, published on npm) is TypeScript. Each agent action produces a receipt signed with Ed25519 and hashed with SHA-256. Receipts hash-link: each points to the previous receipt's ID, creating a tamper-evident chain. Multi-agent verification happens at handoff -- the receiving agent independently checks every receipt's signature, hash chain, and timestamp order before continuing.

0G Integration (full stack):

• Compute: AI inference inside hardware enclaves (TEE) via @0glabs/0g-serving-broker. DeepSeek V3 and GLM-5 endpoints. The enclave proves computation happened as claimed (Intel TDX attestation verified via processResponse()).
• Storage: Receipt chain data structured for 0G decentralized storage via @0gfoundation/0g-ts-sdk.
• Chain: Four smart contracts on 0G Mainnet (chain ID 16661):
  • ReceiptAnchorV2.sol -- anchorRoot(bytes32, bytes32, uint8) stores chain root hash + storage ref + usefulness score permanently
  • AgentNFT.sol (ERC-7857) -- agent identity tokens carrying Ed25519 public key hash
  • ValidationRegistry.sol (ERC-8004) -- usefulness attestations via validationRequest() + validationResponse()
  • ReceiptRegistry.sol -- on-chain coordination layer mapping wallet addresses to their registered receipt chains. Dashboard reads directly from this contract via MetaMask.
• Training: Quality-gated data pipeline. Only chains scoring >=60/100 produce training-eligible data. Bad work is rejected before it enters any pipeline.

Gensyn AXL provides agent-to-agent transport. Receipt chains travel via AXL nodes with P2P capability and direct HTTP fallback.

The demo is Next.js 15 with SSE streaming. Researcher and Builder run as separate API routes streaming receipts in real-time. A guided walkthrough (5 chapters) walks through the flow: Researcher signs receipts, chain hands off via Gensyn AXL P2P, Builder verifies every receipt, TEE-attested model scores usefulness, and the proof anchors on 0G Mainnet. The done state shows VERIFIED BY 0G badges, clickable ANCHOR TX and ERC-7857 NFT links to chainscan.0g.ai. Adversarial mode shows RECEIPT catching a lying agent with real tamper detection.

The verify page uses WebCrypto for client-side verification -- real Ed25519 signature checking and SHA-256 hash chain validation, no server involvement.

Challenges: Hardware enclave verification required iterating through 4 provider addresses with automatic fallback. The attestation verification call (processResponse()) was undocumented -- reverse-engineered from 0G SDK source. AXL nodes needed custom systemd services with nginx reverse proxy for HTTPS.