Receipts before AI tool calls

This is a short update on XAIP since my earlier write-up on portable trust.

The main changes are: a new public demo, refreshed live numbers, and
receipts from MCP, LangChain.js callbacks, and OpenAI-compatible
tool-call loops in the same public trust graph.

I've been building XAIP, a provider-neutral signed execution evidence
layer for AI agent tool calls.

The basic idea is simple: before an agent delegates work to an external
tool, it should be able to inspect historical execution evidence from
previous signed receipts.

XAIP is not another agent framework. It sits underneath agent runtimes
as a portable receipt layer. The receipt format is the same regardless
of which runtime emitted it.

Where receipts come from today

Current live integrations:

• MCP servers
• LangChain.js callback handlers
• OpenAI-compatible tool-call loops

Current snapshot (2026-05-11)

• 10 servers in the public trust graph
• 3,239 signed execution receipts
• Receipts from MCP, LangChain.js callbacks, and OpenAI-compatible tool-call loops

What the demo shows

The public demo shows a simple contrast:

• without XAIP: candidate tools look interchangeable
• with XAIP: signed receipt history, observed failures, and unscored candidates are visible before delegation

XAIP does not make tools safe, and it does not guarantee trust. It
makes execution evidence visible before delegation. Trust scores are
one derived view over receipts — receipts themselves are the primary
artifact.

Links

• Demo: https://xkumakichi.github.io/xaip-protocol/evidence-before-delegation.html
• GitHub: https://github.com/xkumakichi/xaip-protocol

Feedback on the receipt model and the pre-delegation evidence framing
is very welcome.

Previously

• 信頼は持ち運べる (2026-04-22) — earlier Japanese intro to XAIP focused on portability of trust signals.

This post updates the framing toward receipts as the primary artifact,
with a new public demo and refreshed live numbers.