Tamper-Proof Audit
Every action has a receipt. Every receipt has a signature.
Every enforcement decision produces a signed attestation — a cryptographic receipt that records what happened, when, who was involved, what constraints were evaluated, and what the outcome was. Both sides hold a copy. Gaps and tampering are immediately detectable.
Logs Are Not Proof
Server-side logs are under the exclusive control of whoever operates the server. They can be edited, deleted, backfilled, or selectively omitted.
When a dispute arises — “Your agent made 10,000 API calls” / “Our records show 9,847” — there's no authoritative record both sides trust. Fine when a human can call customer service. Untenable for programmatic agent commerce at scale.
Both Sides Hold the Receipt
Every attestation is held by both the gate and the agent's operator. Neither party has unilateral control. Disputes are resolved by comparing attestation sets.
If both have matching signed receipts, the facts aren't in question.
Ed25519 Signed Attestations
Signature covers full contents: action, timestamp, constraints evaluated, decision, request payload hash, response payload hash. Any modification invalidates the signature.
Hash-Linked Chains
Each attestation includes the hash of the previous one. Sequential chain. If #7 is missing, the link from #6 to #8 is broken. Gaps and reordering are structurally detectable.
Request & Response Binding
Hashes of both the request payload and the response payload are included. Cryptographically binds the recorded action to what was actually requested and returned.
Integrity Classification
Chains classified as: verified (complete, signatures valid), unsealed (still active), incomplete (gaps detected), or tampered (signature or hash-link failures). Instant, automated.
Dual-Format Export
Machine-verifiable format for automated compliance. Human-readable format for auditors, lawyers, regulators. Both from the same underlying data.
Configurable Retention
7-day on Free, 90-day on Pro, permanent on Teams. Transaction receipts are permanent on all plans. Detailed enforcement logs follow tiered retention.
Related