Tamperproof execution ledger for AI agents. Log every tool call, decision, and error to a cryptographically verifiable audit trail.
Project description
Aegis Ledger SDK
Tamperproof audit logs for AI agents.
When autonomous agents take actions, their logs become legal evidence. Aegis hash-chains every tool call, signs it with Ed25519, and stores it on the Internet Computer — where no one can edit it. Not you, not your ops team, not the hosting provider.
pip install aegis-ledger-sdk
The Problem
Your AI agent just autonomously called a payment API, transferred $47,000, and the client says it wasn't authorized. Your logs are in CloudWatch. The client's lawyer asks: "Can you prove these logs haven't been edited since the incident?"
You can't. Aegis fixes this.
Quickstart
from aegis import AegisClient
client = AegisClient(
canister_id="toqqq-lqaaa-aaaae-afc2a-cai", # From dashboard
api_key_id="ak_3f8a9b2c1d4e5f60", # From dashboard
private_key_path="./agent_key.pem", # aegis keygen
agent_id="agent_billing_v2",
)
@client.trace()
def call_stripe(amount: int, currency: str) -> dict:
return stripe.PaymentIntent.create(amount=amount, currency=currency)
# Every call is now tamperproof-logged:
# SHA-256(input) + SHA-256(output) + Ed25519 signature + hash-chain link
Verify any entry — no authentication required:
aegis verify toqqq-lqaaa-aaaae-afc2a-cai act_a7f3b2c19e4d
# VERIFIED — chain hash valid, signature valid
Framework Integrations
LangChain
from aegis.langchain import AegisCallbackHandler
handler = AegisCallbackHandler(client)
agent.invoke({"input": "Process refund"}, config={"callbacks": [handler]})
CrewAI
from aegis.crewai import aegis_step_callback
crew = Crew(agents=[...], tasks=[...], step_callback=aegis_step_callback(client))
OpenAI Agents SDK
from aegis.openai_agents import AegisTracingProcessor
processor = AegisTracingProcessor(client)
# Automatically traces all agent runs
AutoGen / AG2
from aegis.autogen import AegisAutoGenHook
hook = AegisAutoGenHook(client)
# Hook into AutoGen message flow
Async & Batch Support
# Async functions work directly with @trace
@client.trace()
async def fetch_data(url: str) -> dict:
async with aiohttp.ClientSession() as session:
resp = await session.get(url)
return await resp.json()
# Batch-log multiple entries with correct hash-chaining
client.log_batch([
{"tool": "search", "status": "ok", "input_data": "query"},
{"tool": "summarize", "status": "ok", "input_data": "results"},
])
PII Protection
PII is automatically detected and redacted before transmission (enabled by default):
client = AegisClient(..., redact_pii=True) # default
# Detected patterns: email, phone, IP, SSN, AHV (Swiss), credit cards
# PII is replaced with sha256:<128-bit hash> — verifiable but not reversible
How It Works
Your Agent Aegis SDK ICP Canister
| | |
|-- call_stripe(500, "usd") ->| |
| |-- SHA-256(input) |
| |-- SHA-256(output) |
| |-- Ed25519 sign ------------>|
| | verify signature
| | check sequence
| | chain_hash = SHA-256(
| | prev_hash + payload
| | )
| | store immutably
| |<-- action_id ---------------|
|<-- return result -----------| |
Fail-open: if canister unreachable, entries buffer locally and retry.
What Gets Logged
| Field | Description |
|---|---|
input_hash |
SHA-256 of full input (raw data never stored on-chain) |
output_hash |
SHA-256 of full output |
tool |
Tool/API name |
duration_ms |
Wall-clock execution time |
chain_hash |
SHA-256 linking to previous entry |
payload_signature |
Ed25519 signature from your agent's key |
sequence_number |
Monotonic counter (gap detection) |
What does NOT get logged: Raw payloads, API keys, secrets, PII. Only hashes — you control your data.
Compliance
Generate court-admissible compliance reports:
from aegis.report import generate_report, generate_pdf, ReportFormat
report = generate_report("toqqq-...", format=ReportFormat.EU_AI_ACT, stats=stats, health=health)
generate_pdf(report, "compliance-report.pdf")
Supported frameworks: EU AI Act Art. 12, ISO/IEC 42001, AIUC-1 (insurance underwriting).
Links
Normal logging = trust the system. Aegis = verify the record.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aegis_ledger_sdk-0.1.0.tar.gz.
File metadata
- Download URL: aegis_ledger_sdk-0.1.0.tar.gz
- Upload date:
- Size: 43.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
166992775c1a171eec18f97440bc31bb78a0e0e1b37073a7568391d9e8dd65c9
|
|
| MD5 |
628d86c688f894e76ec3bc03cc736766
|
|
| BLAKE2b-256 |
44f7638695649182e777e81e965dab850b83b6baaf9e65bd4c0ede23e76f2de0
|
File details
Details for the file aegis_ledger_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: aegis_ledger_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 52.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b5e6f464556a951c7bcfb264416d7bb1bcfd714596949681025feaa483916272
|
|
| MD5 |
fdab1ea147b69469c0abb2a07c97ffd4
|
|
| BLAKE2b-256 |
1d991587fd984af5f7f72c5bf99a9658be806f52e2285b8c96d65572ccb2f1a6
|
