I built a proxy that sits between the agent and any MCP server. Every tool call gets a hash-chained receipt. If anyone modifies the record, the chain breaks.

What it actually does:

Hash-chained receipt for every tool call (SHA-256, append-only) Blocks identical retries when a call already failed (saves tokens) Tags each call as mutating or readonly Tracks who's controlling the session One command to wrap any server: npx @sovereign-labs/mcp-proxy --upstream "your-server-command" After a session you can look at what happened:

npx @sovereign-labs/mcp-proxy --view # per-receipt timeline npx @sovereign-labs/mcp-proxy --explain # plain-language summary npx @sovereign-labs/mcp-proxy --verify # chain integrity check No code changes to the agent or server. It just sits in the middle.

250+ tests, tested against 9 different MCP servers. MIT licensed, built solo.

npm: https://www.npmjs.com/package/@sovereign-labs/mcp-proxy