Verifiable evidence for AI-assisted engineering
Project description
agentwitness
Verifiable evidence for AI-assisted engineering.
Capture what your coding agent did, under whose authority, with what scope — and export signed evidence for PR review, incident response, security questionnaires, and AI governance audits.
Status
Pre-release. Version 0.0.1 reserves the package name; the v0 implementation
is in active development.
- Repository: https://github.com/ConceptPending/agentwitness
- Homepage: https://agentwitness.dev
Scope
agentwitness captures agent actions inside Claude Code via the platform's
hook system, signs them with an Ed25519 key under the operator's control,
chains them with a verifiable hash, and produces evidence bundles that
auditors, security reviewers, and third parties can independently verify.
Four ways the same artifact gets used:
- Engineering — what changed and why?
- Security — what was the agent allowed to do, and did it stay in scope?
- Compliance — what evidence can we show?
- Legal / procurement — can we verify contractor or vendor AI usage?
What this proves — and what it doesn't
A signed, hash-chained event log proves that captured events were not modified after capture, and that delegated actions trace back to a root signing key.
It does not by itself prove completeness: in a hostile local environment hooks can be disabled, files deleted, and tools run outside the instrumented path. Completeness is a process problem — approved plugin configuration, CI enforcement, retained checkpoints — not a cryptography problem.
A fuller threat-model document ships alongside the v0 release.
License
Apache License 2.0 for code. The accompanying specification will
be licensed CC-BY-4.0 in the spec/ directory of the v0 release.
Author
Nick Williamson — https://nickw.info
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentwitness-0.0.1.tar.gz.
File metadata
- Download URL: agentwitness-0.0.1.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e0676f2099234020e70d26251ba974132c8730ccb6af3d63ec023e4d1988dd23
|
|
| MD5 |
96919c87fb5fd012dcb0c99b5658f22f
|
|
| BLAKE2b-256 |
3ebf677556248d2855fccce3b50bab138f6b009df64de819bac011d3ab96f6cf
|
File details
Details for the file agentwitness-0.0.1-py3-none-any.whl.
File metadata
- Download URL: agentwitness-0.0.1-py3-none-any.whl
- Upload date:
- Size: 6.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
063288e7c812d57a9cf9ad8f2d7a0ab13889d7482167ed9322ba370cd3e36394
|
|
| MD5 |
c61bf5549c678cac3072c41f25f6adf6
|
|
| BLAKE2b-256 |
5a1b4622cebe17dab6f6bc65124bda16467738b20f2d617f2801f427e8612f36
|
