> ## Documentation Index
> Fetch the complete documentation index at: https://docs.themcp.company/llms.txt
> Use this file to discover all available pages before exploring further.

# AARM cryptographic receipts

> Tamper-evident audit trails for AI tool calls

AARM (Autonomous Agent Receipt Manifest) provides tamper-evident audit trails for AI tool calls using cryptographic primitives.

## Enabling receipts

Pass a `signingKeyPath` / `signing_key_path` to `init()`:

<Tabs>
  <Tab title="TypeScript">
    ```typescript theme={null}
    init({
      apiKey: "tap_abc123",
      signingKeyPath: "./keys/private.pem",
    });
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    mcp_tap.init(
        api_key="tap_abc123",
        signing_key_path="./keys/private.pem",
    )
    ```

    The Python library requires the `cryptography` package:

    ```bash theme={null}
    pip install mcp-tap[aarm]
    ```
  </Tab>
</Tabs>

The TypeScript library uses the Node.js built-in `crypto` module — no extra dependencies needed.

## What receipts add to events

When enabled, three fields are added to each event before it's sent:

| Field          | Description                                                                                  |
| -------------- | -------------------------------------------------------------------------------------------- |
| `output_hash`  | SHA-256 hash of the event's output (canonical JSON)                                          |
| `context_hash` | SHA-256 hash chain linking events in sequence — `hash(previous_hash + canonical(event))`     |
| `signature`    | Ed25519 signature over the canonical event, with `algorithm`, `key_id`, and `value` (base64) |

## Generating a signing key

```bash theme={null}
openssl genpkey -algorithm Ed25519 -out private.pem
openssl pkey -in private.pem -pubout -out public.pem
```