Skip to main content

Overview

AgentSystems Notary creates tamper-evident audit trails for AI agent interactions.

Why

When AI behavior is questioned by customers, auditors, regulators, insurers, etc., you need to prove what actually happened. Traditional logs don’t work: you control them, so third parties have to trust you didn’t modify them. Tamper-evident logging removes that trust requirement.

How it works

Raw LLM interactions stay in your storage. No third party sees them during normal operation. But cryptographic hashes of each interaction are written to independent, tamper-evident storage (Arweave or the AgentSystems custodied service) at the same time. If there’s ever an audit or dispute, you provide the raw logs. The auditor re-hashes them and compares against the stored hashes. A match indicates the logs are unaltered. A mismatch indicates tampering or corruption. You control your data, but can’t alter it without detection. What gets logged:
  • To your storage: full raw LLM payload (prompts, responses, metadata, timestamps)
  • To hash storage: SHA-256 hash + metadata (e.g. namespace, session ID, timestamps)

Hash storage options

Hashes (not raw data) can be written to either storage option:
StorageBest ForFeatures
Decentralized (Arweave)No vendor lock-inPublic append-only ledger, open-source verification, no account needed
CustodiedManaged complianceWrite-once storage, verification UI, signed attestations for audits
Custodied plans offer WORM-compliant hash storage, managed signing, and signed attestations.

Prerequisites

Example (decentralized)

1

Generate signing key

Retain this key. It is required to prove ownership of on-chain hashes during verification.
For production, use a cloud key management service.
2

Create .env file

Create a .env file in your project root:
3

Run the example

Verification

Decentralized (Arweave): Download raw payloads from your storage bucket, zip them, and verify with the open-source CLI:
The CLI re-hashes each payload and compares against the hashes stored on Arweave. See the full verification guide for details. Alternatively, the Verify UI supports both decentralized and custodied verification.

Configuration

Resources