Feature: Signed action receipts for enterprise flow audit trails (AAR)

[Cyberweasel777]

Problem

Flowise enables building LLM apps and agent workflows visually. Enterprise users deploying these flows need verifiable proof of what each node/agent in the flow did — for compliance, dispute resolution, and client reporting.

Current execution logs capture events but aren't independently verifiable or tamper-evident.

Agent Action Receipts (AAR)

AAR v1.0 — a lightweight standard for cryptographically signed receipts:

• Each flow node execution gets an Ed25519-signed receipt
• SHA-256 input/output hashing — proves data integrity without exposing sensitive content
• Receipt chain across the flow = complete verifiable execution history
• Compatible with Mastercard Verifiable Intent and x402 (Coinbase)

Integration surface

• Wrap each chatflow/agentflow node execution with a receipt
• Expose receipt chain via API response header (X-AAR-Receipt)
• Add receipt verification endpoint for clients

SDK

npm install botindex-aar

Drop-in Express middleware or manual builder. Single dependency (tweetnacl). MIT licensed.

• Spec: https://github.com/Cyberweasel777/agent-action-receipt-spec
• Landing: https://aar.botindex.dev

Happy to contribute a PR.

[Cyberweasel777]

Update: companion standard shipped — Session Continuity Certificates (SCC).

For Flowise's visual agent flows, SCC adds verifiable agent identity across flow executions. Express middleware included — drop-in for Node.js servers.

npm install botindex-scc

Spec: https://github.com/Cyberweasel777/session-continuity-certificate-spec
Full trust stack: AAR (action receipts) + SCC (identity continuity).

[aelitium-dev]

Hey — I've been working on something that fits this gap. I raised a similar point in CrewAI #4754.

The piece I think AAR still needs is a cryptographic anchor into the actual LLM call itself. Execution logs show that a node ran, but not what the model actually returned — which matters for compliance or dispute resolution.

I built AELITIUM for exactly this: it hashes the request + response (SHA-256), binds them with Ed25519, and produces a bundle that can be verified offline later. An AAR receipt could reference that bundle hash to prove what the model actually said, not just that a node executed.

pip install aelitium
https://github.com/aelitium-dev/aelitium-v3

Curious whether you see this as part of the AAR spec or out of scope.