Abstract
Tool services generate cryptographically signed tool-call receipts that bind a tool-call request and a tool-call response to metadata including a caller identifier, timestamp, and nonce. The receipt includes a request hash and a response hash, and is signed (e.g., Ed25519) over receipt fields. An autonomous agent forwards the signed receipt with a subsequent action request to a downstream gate service. The gate service verifies the signature and enforces gating conditions including request binding to the targeted resource, freshness via the timestamp, and non-replay via nonce consumption. Consequential actions are authorized only when required receipt prerequisites validate; missing receipts, mismatched request context, fabricated signatures, or replayed nonces cause denial. Multi-receipt policies may require multiple independent tool receipts before authorizing an action.
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Anonymous, "Cryptographic Attestation of Tool Responses for Gating Autonomous Agent Actions", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/10746