Is your feature request related to a problem? Please describe.
agenticSeek runs agents locally and autonomously β browsing, coding, executing shell commands. The agent's actions are logged, but the logs are unsigned. If the agent runs overnight and something goes wrong, there's no way to prove which tool calls actually happened vs. what someone edited after the fact. For a fully local system, the audit trail needs to be trustworthy without depending on any cloud service.
Describe the solution you'd like
Ed25519-signed receipts for each tool call the agent makes. Every action (browser navigation, file edit, shell command, MCP tool call) would produce a signed receipt that:
- Covers the tool name, arguments, result hash, and timestamp
- Is hash-chained to the previous receipt (tamper-evident ordering)
- Can be verified offline by anyone:
npx @veritasacta/verify ./receipts/
This turns agenticSeek's action log from "observability data" into "verifiable evidence."
Describe alternatives you've considered
- Database-level audit logging β works for internal review but not independently verifiable by a third party
- Git-based tracking β proves code changes but not the agent decisions that led to them
- Cloud-based audit services β contradicts agenticSeek's fully-local philosophy
The Ed25519 approach works entirely offline with no cloud dependency, which aligns with agenticSeek's local-first design.
Additional context
protect-mcp (MIT, v0.5.3) already implements this for Claude Code and MCP servers. It also supports Cedar policy enforcement (per-tool allow/deny/rate-limit) and works as a sidecar process. Since agenticSeek already supports MCP tools (#104), protect-mcp could run as a declared MCP server β zero changes to agenticSeek core.
npm: https://www.npmjs.com/package/protect-mcp
IETF Internet-Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/
Examples: https://github.com/ScopeBlind/examples
Is your feature request related to a problem? Please describe.
agenticSeek runs agents locally and autonomously β browsing, coding, executing shell commands. The agent's actions are logged, but the logs are unsigned. If the agent runs overnight and something goes wrong, there's no way to prove which tool calls actually happened vs. what someone edited after the fact. For a fully local system, the audit trail needs to be trustworthy without depending on any cloud service.
Describe the solution you'd like
Ed25519-signed receipts for each tool call the agent makes. Every action (browser navigation, file edit, shell command, MCP tool call) would produce a signed receipt that:
npx @veritasacta/verify ./receipts/This turns agenticSeek's action log from "observability data" into "verifiable evidence."
Describe alternatives you've considered
The Ed25519 approach works entirely offline with no cloud dependency, which aligns with agenticSeek's local-first design.
Additional context
protect-mcp (MIT, v0.5.3) already implements this for Claude Code and MCP servers. It also supports Cedar policy enforcement (per-tool allow/deny/rate-limit) and works as a sidecar process. Since agenticSeek already supports MCP tools (#104), protect-mcp could run as a declared MCP server β zero changes to agenticSeek core.
npm: https://www.npmjs.com/package/protect-mcp
IETF Internet-Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/
Examples: https://github.com/ScopeBlind/examples