@agent-pattern-labs/iso-receipts
Advanced tools
Portable signed-work receipt artifacts for AI-agent workflows: capture, pack, verify, inspect, and redact local evidence bundles.
Portable evidence receipts for AI-agent work.
iso-receipts creates local, dependency-free receipt bundles that can be
verified, redacted, inspected, and replayed by other tools. It is the thin
artifact layer between runtime traces, Geometra browser evidence, signed proof
systems, and vertical workflows such as JobForge.
A receipt archive is a ZIP file, usually named receipt.agent.zip, with:
manifest.json - schema, hashes, command metadata, redaction status.events.jsonl - normalized receipt events.artifacts/ - stdout, generated files, screenshots, TSVs, markdown, logs.geometra-replay/ - optional Geometra page models or replay evidence.proof.json - optional external signature/proof payload.verdict.json - optional policy/eval result.Everything is local-only and model-free.
npm install -D @agent-pattern-labs/iso-receipts
iso-receipts capture --out receipt.agent.zip -- npm test
iso-receipts verify receipt.agent.zip
iso-receipts inspect receipt.agent.zip
iso-receipts unpack receipt.agent.zip --out receipt.agent
iso-receipts redact receipt.agent.zip --out receipt.redacted.agent.zip
capture records the wrapped command, exit code, stdout/stderr artifacts, and
basic platform metadata. It does not upload anything and does not capture the
process environment by default.
import { createReceipt, packReceipt, verifyReceipt } from "@agent-pattern-labs/iso-receipts";
const receipt = createReceipt({
subject: "jobforge:application",
events: [
{ type: "application.submitted", data: { company: "Example", status: "applied" } },
],
artifacts: [
{ path: "artifacts/tracker.tsv", content: "company\tstatus\nExample\tapplied\n" },
],
geometraReplay: [
{ path: "geometra-replay/page-model.json", content: "{}" },
],
verdict: { ok: true },
});
packReceipt(receipt, "receipt.agent.zip");
const result = verifyReceipt("receipt.agent.zip");
iso-trace observes agent transcripts.iso-redact scrubs sensitive receipt payloads before sharing.iso-ledger records durable workflow truth.agent-proof can sign or challenge the receipt hash.geometra can provide browser page models, screenshots, and replay evidence.The package lives in iso because receipts are a cross-runtime control artifact,
not a browser automation feature or a workflow-specific output format.
FAQs
Portable signed-work receipt artifacts for AI-agent workflows: capture, pack, verify, inspect, and redact local evidence bundles.
We found that @agent-pattern-labs/iso-receipts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
Product
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.