This is a teaching cookbook for adding cryptographically signed audit trails to Claude Code tool calls. Every bash command, file edit, or web fetch gets evaluated against a Cedar policy, then signed with Ed25519 into a tamper-evident receipt. The receipts chain together and verify offline with a single CLI command, no network or vendor lookup needed. Most useful in regulated environments (finance, healthcare), CI/CD pipelines where you need proof a policy gate held, or when a counterparty wants to verify your agent's behavior without trusting you. The actual runtime lives in a separate protect-mcp plugin; this skill walks through the pattern, cryptography, and cross-implementation interop before you commit to the hooks.
npx skills add https://github.com/wshobson/agents --skill signed-audit-trails-recipe