Problem
Trigger.dev executes background tasks and jobs that can be triggered by AI agents. When agents trigger production jobs, there is no cryptographic evidence of what triggered the job, what policy governed the execution, and that the audit trail hasn't been tampered with.
Proposal
Add optional Ed25519 receipt signing for task execution. Each task trigger and completion would produce a signed receipt capturing: trigger source, task name, input/output hashes, policy evaluation, and a cryptographic signature.
Reference
protect-mcp (MIT, npm v0.5.3) implements this for MCP tool calls. Receipt format: IETF Internet-Draft.
Happy to discuss and contribute.
Problem
Trigger.dev executes background tasks and jobs that can be triggered by AI agents. When agents trigger production jobs, there is no cryptographic evidence of what triggered the job, what policy governed the execution, and that the audit trail hasn't been tampered with.
Proposal
Add optional Ed25519 receipt signing for task execution. Each task trigger and completion would produce a signed receipt capturing: trigger source, task name, input/output hashes, policy evaluation, and a cryptographic signature.
Reference
protect-mcp (MIT, npm v0.5.3) implements this for MCP tool calls. Receipt format: IETF Internet-Draft.
Happy to discuss and contribute.