mpps.io

Tamper-proof receipts for AI agent work.

Hash the artifact or action manifest. Get an HSM-signed receipt. Verify it later.

No API key. Hash-only. Stored for 10 years.

Create a receipt GitHub Verify receipt
The Need

Agents produce work faster than organizations can audit it.

An agent writes a patch, generates a report, builds a dataset, calls an API, or publishes a package. A week later someone asks what was produced, which inputs were attached, and whether the record changed.

Logs are local. Chat transcripts are noisy. CI artifacts expire. mpps.io gives the workflow a small external evidence anchor: a signed receipt for the hash of what happened.

What It Is

A receipt layer, not another orchestration stack.

1
Describe
Name the action and attach hashes for generated artifacts, inputs, or parent receipts.
2
Anchor
mpps.io canonicalizes the manifest, signs its hash through AWS KMS, and stores the receipt.
3
Verify
Anyone can verify the signature and recompute the manifest hash later.

mpps.io complements agent traces, build logs, package provenance, and content credentials. It does not replace them. It gives those systems a compact, independently verifiable receipt.

Try It

Create a structured agent action receipt.

The API is live. No registration, no token, no SDK required.

curl -X POST https://api.mpps.io/v1/receipts \
  -H "Content-Type: application/json" \
  -d '{
    "action": "agent.task.complete",
    "subject": "final-report.md",
    "artifact_hashes": [
      {
        "label": "final-report.md",
        "sha256": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      }
    ],
    "context": {
      "runner": "codex",
      "repo": "gdlg-ai/example",
      "commit": "abc123"
    }
  }'
{
  "uuid": "mpps_att_8e2f4a1b3c5d4e6f",
  "receipt_type": "agent_action",
  "manifest_hash": "sha256:...",
  "signature": "<base64>",
  "verify_url": "https://api.mpps.io/v1/verify/mpps_att_..."
}
Use Cases

Receipts for work that should not rely on memory.

agent completion

Attach a receipt to the final artifact of a code change, analysis, report, image, video, or dataset.

release evidence

Anchor build outputs, package manifests, deployment bundles, and verification material.

delivery trail

Record what was sent or received after API calls, data transfers, paid workflows, or handoffs.

Trust Boundary

Precise proof, deliberately narrow claims.

Hash-only input Raw private artifacts do not need to leave your environment.
Manifest hash Structured receipts are canonicalized before signing, so the manifest can be recomputed later.
Source fingerprint The agent_id is useful correlation from network source data, not strong identity.
Signature RSA-PSS SHA-256 via AWS KMS HSM. Public-key verification works offline.
Retention Receipts are stored in AWS S3 Object Lock, Compliance Mode, with 10-year retention.

mpps.io does not prove content quality, truth, legality, authorship, or delivery success. It proves that a hash or bounded manifest was submitted, signed, timestamped, and retained.

Fit

Small enough to add after the work is done.

API Surface

Three receipt modes.

/v1/receipts Structured agent action receipt with action, artifact hashes, input hashes, context, and parent UUID.
/v1/notarize Raw hash receipt for the simplest use case.
/v1/certify Raw hash receipt with richer metadata and a human-readable certificate page.
Pricing
Free
$0 / no signup
  • 10 structured receipts per hour
  • 10 raw hash receipts per hour
  • 10 certified metadata receipts per day
  • HSM-signed receipts
  • 10-year immutable storage
Optional Certify
$0.01 / after free quota
  • Stripe-backed 402 payment challenge
  • Rich metadata support
  • Human-readable certificate page
  • Parent receipt chaining
  • No dependency for normal receipt use
Install

Use HTTP directly or install the agent skill.