Skip to content

Blog

Updates, deep dives, and field notes from building the Agent Receipt Protocol.

  • 2026-06-24Run the check yourself: a browser verifier for Agent Receipts — A client-side verifier at obsigna.dev/verify: paste a receipt or chain and check its signatures, hash chain, and JCS canonicalization in the browser. The cryptographic checks run in WebAssembly compiled from the same Go verify core as the obsigna receipt verify CLI, with a CI gate pinning the WASM and native builds byte-identical, and nothing you paste leaves the machine.
  • 2026-06-14Your agents are isolated. Your shared state isn’t. — Worktrees fence the repo; snapshots restore it. Neither touches the database, the API, or the secret store two agents both reach for. When a swarm converges on shared state, the only record of which agent did what — under whose authority — is the receipt.
  • 2026-05-23Agent Security Tooling Landscape — May 2026 — Receipts as table stakes, the out-of-agent audit boundary as the durable differentiator, the emerging audit & provenance layer (Asqav, nono, et al.), and the standards-window race to the August 2 EU AI Act enforcement date.
  • 2026-05-18The audit boundary belongs outside the agent — The architectural problem with in-process receipt signing, and how daemon process separation restores the audit property.
  • 2026-04-27OpenClaw Plugin: How It Works — Plugin architecture, receipt anatomy, self-verification, and how the OpenClaw integration differs from the MCP Proxy.
  • 2026-04-16Agent Security Tooling Landscape — April 2026 — MCP gateways, agent firewalls, kernel enforcement, governance frameworks, and the convergence of primitives like Ed25519, SHA-256 chaining, and DIDs.