Installation

The plugin is published to npm as @agnt-rcpt/openclaw.

Install

openclaw plugins install @agnt-rcpt/openclaw

For development against a local clone:

openclaw plugins install /path/to/openclaw-agent-receipts --link

Tool visibility

OpenClaw’s tool policy pipeline filters which tools the agent can see. The default "coding" profile does not include plugin tools, so after installing you must allowlist the two agent-receipts tools in your openclaw.json:

{
  "tools": {
    "profile": "coding",
    "alsoAllow": ["ar_query_receipts", "ar_verify_chain"]
  }
}

Without this, the plugin still loads — hooks fire and receipts are generated — but the agent cannot call the query or verify tools itself.

Alternatively, switch to the "full" profile to allow all registered tools:

{
  "tools": {
    "profile": "full"
  }
}

Or allowlist the entire plugin by ID:

{
  "tools": {
    "alsoAllow": ["openclaw-agent-receipts"]
  }
}

Configuration

All configuration is optional. Defaults are shown below:

{
  "plugins": {
    "entries": {
      "openclaw-agent-receipts": {
        "enabled": true,
        "config": {
          "enabled": true,
          "dbPath": "~/.openclaw/agent-receipts/receipts.db",
          "keyPath": "~/.openclaw/agent-receipts/keys.json",  // in-process signing key; not used when daemonForwarding is true
          // "taxonomyPath": "/path/to/custom-taxonomy.json",  // optional — overrides bundled taxonomy
          "parameterDisclosure": false,   // false | true | "high" | string[]
          "daemonForwarding": false       // set true to forward events to agent-receipts-daemon instead of signing in-process
        }
      }
    }
  }
}

keyPath holds the Ed25519 signing key used for in-process receipt signing (the default). When daemonForwarding: true, signing is delegated to agent-receipts-daemon and keyPath is not used — see Daemon Setup for daemon installation. Daemon forwarding is opt-in because it sends raw tool I/O across a process boundary; see the openclaw README for trust-boundary details.

Parameter disclosure

By default, action parameters are hashed but not stored in plaintext. Enable parameterDisclosure to selectively disclose specific fields per action type — useful for auditing high-risk commands without exposing sensitive data on lower-risk calls.

{
  "plugins": {
    "entries": {
      "openclaw-agent-receipts": {
        "config": {
          "parameterDisclosure": "high"
        }
      }
    }
  }
}

Options:

Value	Behavior
`false`	Hashes only — no plaintext (default)
`true`	Disclosure enabled for all action types
`"high"`	Disclosure enabled for `high` and `critical` risk actions only
`["system.command.execute"]`	Disclosure enabled for specific action types

With "high" enabled, a system.command.execute receipt includes:

{
  // ...other receipt fields
  "parameters_hash": "sha256:9c84a8c9...",
  "parameters_disclosure": {
    "command": "echo \"Testing agent-receipts plugin fix\""
  }
}

The hash always covers the full original parameters regardless of disclosure config. Only the first matching field from the taxonomy’s preview_fields list is included in parameters_disclosure, and non-string values are JSON-stringified. Disclosed values are stored verbatim — do not list fields that may contain secrets.

The config key was named parameterPreview and the receipt field parameters_preview before the 0.6.0 SDK release. Per ADR-0012, “preview” misdescribed a permanent, signed field, so both renamed to parameterDisclosure / parameters_disclosure in lockstep. There is no deprecation alias — update your openclaw.json.

Verify the install

Restart the gateway and confirm the plugin loaded:

openclaw plugins list

You should see Agent Receipts with status loaded. Ask the agent to call ar_query_receipts or ar_verify_chain to confirm the tools are visible.