RR-1 · RECEIPT REQUIRED, LEVEL 1

We’re testing the MCP ecosystem for receipt-required dangerous actions.

We scanned the full public MCP registry: 43,801 servers, and 10% advertise a capability that can move money, destroy or export data, deploy infrastructure, or change permissions. Almost none require a verifiable human authorization before that action runs. RR-1 is how a maintainer fixes that — and gets credit for it.

Earn RR-1 in 10 minutes The ecosystem index

RR-1 is a maintainer credential, not a warning. A server at RR-1 makes its most dangerous action safer than the ecosystem default — where 10% of registered MCP servers advertise a high-risk capability and almost none require a verifiable human authorization before it runs.

Earn it, then add the badge to your README:

[![Receipt Required: RR-1](https://www.emiliaprotocol.ai/badges/rr-1.svg)](https://www.emiliaprotocol.ai/fire-drill/rr-1)

What RR-1 certifies

Four behaviors on your most dangerous action — re-proven on every push by receipt-required.test.js:

1Missing receipt is blocked428 Receipt Required

2Valid receipt runs the action exactly onceaction runs, receipt consumed

3Replayed receipt is refusedone-time consumption

4Forged / rewritten receipt is refusedsignature / action-binding fails

RR-1 is a reference-implementation conformance level, not a vulnerability rating and not auth or permissions. It is portable accountability evidence — proof a named human authorized an irreversible action — a necessary, not sufficient condition: it does not prove the decision was wise or lawful. Built on the offline verifier in @emilia-protocol/require-receipt (Apache-2.0); spec: IETF draft-schrock-ep-authorization-receipts.