Skip to content
Obsigna

Installation

The plugin is published to npm as @agnt-rcpt/openclaw.

Install

Section titled “Install”
Terminal window
openclaw plugins install @agnt-rcpt/openclaw

For development against a local clone:

Terminal window
openclaw plugins install /path/to/openclaw-agent-receipts --link

Tool visibility

Section titled “Tool visibility”

OpenClaw’s tool policy pipeline filters which tools the agent can see. The default "coding" profile does not include plugin tools, so after installing you must allowlist the two agent-receipts tools in your openclaw.json:

{
  "tools": {
    "profile": "coding",
    "alsoAllow": ["ar_query_receipts", "ar_verify_chain"]
  }
}

Without this, the plugin still loads — hooks fire and receipts are generated — but the agent cannot call the query or verify tools itself.

Alternatively, switch to the "full" profile to allow all registered tools:

{
  "tools": {
    "profile": "full"
  }
}

Or allowlist the entire plugin by ID:

{
  "tools": {
    "alsoAllow": ["openclaw-agent-receipts"]
  }
}

Configuration

Section titled “Configuration”

The plugin requires a running obsigna-daemon. Every tool call is forwarded to the daemon over a Unix socket; the daemon signs, hash-links, and stores each receipt (ADR-0010, daemon process separation). The plugin holds no signing keys and no chain state of its own.

All configuration is optional. Defaults are shown below:

{
  "plugins": {
    "entries": {
      "openclaw-agent-receipts": {
        "enabled": true,
        "config": {
          "enabled": true
          // "daemonDbPath": "~/.local/share/agent-receipts/receipts.db",            // optional — overrides the daemon's default DB path
          // "daemonPublicKeyPath": "~/.local/share/agent-receipts/signing.key.pub", // optional — public key used by ar_verify_chain
          // "taxonomyPath": "/path/to/custom-taxonomy.json"                          // optional — overrides the bundled taxonomy
        }
      }
    }
  }
}

daemonDbPath and daemonPublicKeyPath let the read-side tools (ar_query_receipts, ar_verify_chain) locate the daemon’s SQLite database and Ed25519 public key. Both default to the daemon’s own platform paths (AGENTRECEIPTS_DB / AGENTRECEIPTS_KEY, otherwise under ~/.local/share/agent-receipts/). See Daemon Setup for daemon installation and the trust-boundary details of forwarding raw tool I/O across the socket.

The legacy in-process fields dbPath, keyPath, and daemonForwarding are deprecated and ignored — the daemon is now always required.

Parameter disclosure

Section titled “Parameter disclosure”

By default, action parameters are hashed (parameters_hash) but never stored in plaintext. Disclosure — attaching a recoverable, encrypted copy of the parameters — is configured on the daemon, not in this plugin. The daemon encrypts qualifying parameters to a forensic X25519 public key using HPKE and stores the result as an opaque parameters_disclosure envelope; only the holder of the forensic private key can recover them.

Enable it with the daemon’s --parameter-disclosure flag and a forensic public key — not in openclaw.json. For the full model — the HPKE envelope, the two-key separation, forensic recovery, and the threat/GDPR considerations — see Parameter Disclosure and Daemon Setup.

With disclosure active on the daemon, a system.command.execute receipt carries an opaque envelope alongside the hash:

{
  // ...other receipt fields
  "parameters_hash": "sha256:9c84a8c9...",
  "parameters_disclosure": {
    "v": "1",
    "alg": "hpke-x25519-hkdf-sha256-aes-256-gcm",
    "recipients": [{ "kid": "sha256:3b4c5d6e...", "enc": "N_2jVnvb..." }],
    "ct": "YGn3i4Np..."   // ciphertext — recoverable only with the forensic private key
  }
}

The hash always covers the full original parameters whether or not disclosure is enabled; the envelope is additive. ar_query_receipts reports a disclosed: true flag for receipts that carry one, but the plugin never decrypts — recovery happens with the forensic private key, which lives with the responder, not the agent host.

The plugin’s own parameterDisclosure config key is a deprecated no-op: setting it emits a startup warning and has no effect. It was the control surface in the earlier in-process model; disclosure is now daemon-owned. See ADR-0012 for the rename from parameterPreview / parameters_preview.

Verify the install

Section titled “Verify the install”

Restart the gateway and confirm the plugin loaded:

Terminal window
openclaw plugins list

You should see Agent Receipts with status loaded. Ask the agent to call ar_query_receipts or ar_verify_chain to confirm the tools are visible.