Built a public audit-trail receipt URL for MCP-callable agents, shipped as Apache 2.0 OSS

For the past few months I have been shipping agents into client engagements and running into the same procurement objection at every turn. A CISO asks "show me your evals," the typical vendor answer is "we run automated test suites in CI, we monitor LLM outputs in production, and we have an internal dashboard you can review under NDA." The CISO walks away with nothing they can forward to their audit team. The CFO at the same client asks "what did the agent actually do on our behalf," and they get a different document or no document at all. The pattern that ended that loop for me is a single public URL. The MCP storefront I run hands back a consumer-readable audit-trail receipt URL on every call. Each receipt enumerates the six supervision checks that fired during the call (input validation, rate limit, cost ceiling, CRM upsert, token mint, fulfillment), with timestamps and pass/fail status. The CFO gets every billable action on the same page the CISO gets the supervision check log on. One artifact, two buyers, no privileged access required. Curious whether anyone here has tried something similar for procurement-shaped objections or has a different vocabulary for the same gap. Links are in the comments per rules