Skip to main content
platform

Tamper-proof evidence for every action.

Every AI agent tool call is recorded in an Ed25519-signed, SHA-256 hash chain. Cryptographically verifiable, exportable as proof bundles, designed for regulatory auditors.

GET STARTED
Ed25519
Signatures
SHA-256
Hash Chain
0
Frameworks
0%
Tamper Detection
Hash chain
Cryptographic Audit Chain
SHA-256 VERIFIED
SHA-2567f3a9b2c...d4e1f8a0
prev:genesis
Ed25519 ✓
14:32:11cursorBash: rm -rf node_modules/BLOCK
SHA-256a1c8e4f2...b7d39c56
prev:7f3a9b2c...d4e1f8a0
Ed25519 ✓
14:32:07claude-codeRead: .env.productionFLAG
SHA-2565d2f1a88...e9c74b13
prev:a1c8e4f2...b7d39c56
Ed25519 ✓
14:31:58claude-codeBash: npm test --coverageALLOW
SHA-256c9e3b701...4f8a2d66
prev:5d2f1a88...e9c74b13
Ed25519 ✓
14:31:52windsurfWrite: src/utils.tsALLOW
SHA-2563b7c0e95...a2f18d44
prev:c9e3b701...4f8a2d66
Ed25519 ✓
14:31:41claude-codeBash: docker build -t app .ALLOW

Cryptographic Hash Chain

Each audit entry is signed with Ed25519 and linked via SHA-256 hash chain. Any modification breaks the chain -- making tampering mathematically detectable.

  • Same algorithm used in SSH keys and blockchain
  • Hash chain ensures ordering integrity

Complete Event Context

Each entry records: agent identity, platform, model, session ID, tool name, arguments, result, risk score with full decomposition, policy decision, compliance violations triggered, behavioral flags, timestamp, and the cryptographic signature chain.

  • Full event context including scoring decomposition
  • Signed at the edge, not in the cloud

Exportable Proof Bundles

Generate proof bundles for auditors: relevant entries, signatures, and hash chain verification data. Auditors verify independently without Quint access.

  • Self-contained verification — no Quint account needed to validate
  • Run `quint verify --chain` to validate entire audit history
  • Any insertion, deletion, or modification is mathematically detectable

Retention & Storage

Audit entries are stored locally in SQLite with Ed25519 signatures, then forwarded to the cloud for long-term retention. Three tiers: metadata (12-18 months), behavioral signals (30-90 days), full content capture (7-30 days, policy-triggered).

  • Local-first storage — entries exist before cloud sync
  • Tiered retention balances compliance depth with storage cost
  • Full content capture triggered by policy for high-risk actions

Regulatory Evidence, Not Just Logs

When a regulator asks how you know an agent didn't access patient records, hand them a cryptographically signed record with the risk score and policy decision attached.

  • EU AI Act: Art. 12 (logging), Art. 14 (human oversight), Art. 52 (transparency)
  • SOC 2: CC6.1 (logical access controls), CC7.2 (system monitoring)
  • HIPAA: 164.312(b) (audit controls)
  • Designed for EU AI Act enforcement deadline August 2, 2026

Chain Verification

Run `quint verify --chain` to validate the entire audit history. Each entry's hash incorporates the previous entry's hash, creating an unbreakable sequence. Any insertion, deletion, or modification of entries is mathematically detectable.

  • Same algorithm used in SSH keys and blockchain
  • No competitor offers cryptographic audit trails at the agent action layer

Secure your agents.
Ship with confidence.

One install. Every agent. Deploy in under 2 minutes. Free for your first two machines.

GET STARTED FREE