Framework-agnostic, tamper-evident audit layer for AI agents. Hash chains verify byte-for-byte against the ProofLedger TypeScript SDK and dashboard.
Project description
ProofLedger Python SDK
A framework-agnostic, tamper-evident audit layer for AI agents. ProofLedger sits underneath or beside any agent framework (LangGraph, CrewAI, OpenAI Agents SDK, AutoGen, or a custom stack) and records every run, event, and tool call into a SHA-256 hash chain.
The chains this SDK produces are byte-for-byte compatible with the ProofLedger TypeScript SDK: runs captured from Python verify correctly in the ProofLedger dashboard, which verifies using the TS implementation.
No third-party runtime dependencies — standard library only (Python >= 3.9).
Install
pip install proofledger
Or from this repo:
pip install packages/sdk-py
Usage
from proofledger import enable, track, with_run, verify_run
# Cloud mode — sends to your ProofLedger backend.
enable(
api_key="tl_live_...",
base_url="https://proofledger.dev",
project_id="proj_...",
)
# One-shot tracking of a complete, verifiable run.
track(
agent_id="support-agent",
input="Hello",
output="Hi there",
model="gpt-4.1",
provider="openai",
)
If you call enable() without an api_key (or pass local=True), the SDK runs
in local dev mode: events are kept in memory and best-effort appended to
./.proofledger/events.jsonl, with no server required.
Wrapping a unit of work with with_run
with_run opens a run, runs your function, records the result (or the error),
and closes the run — all on a verifiable chain. The callback receives a
RunHandle you can use to record tool calls and custom events.
from proofledger import enable, with_run, verify_run
enable(local=True) # local dev mode, no api key
def do_work(run):
# Record a tool call — emits tool.called + tool.returned around the record.
run.record_tool_call(
tool_name="search_kb",
input={"query": "refund policy"},
output={"hits": 3},
)
return {"answer": "Refunds within 30 days."}
result = with_run({"agent_id": "support-agent", "model": "gpt-4.1"}, do_work)
# Verify the run's hash chain.
report = verify_run(...) # pass the run id; see examples/basic.py
print(report["valid"]) # True
See examples/basic.py for a complete, runnable example:
python examples/basic.py
Hashing primitives
The same primitives the dashboard uses are re-exported:
from proofledger import (
create_payload_hash,
create_event_hash,
verify_event_chain,
GENESIS_HASH,
)
- Canonical JSON: object keys are sorted recursively and serialized with no
whitespace and literal Unicode, matching JS
JSON.stringifywith sorted keys. GENESIS_HASHis 64 zeros — thepreviousHashof the first event.create_event_hashcommits to the event id, type, timestamp, payload hash, and the previous event's hash, chaining every event to the one before it.
Because the canonicalization and digests match the TypeScript SDK exactly, a chain captured in Python verifies identically in the ProofLedger dashboard.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file proofledger-0.2.0.tar.gz.
File metadata
- Download URL: proofledger-0.2.0.tar.gz
- Upload date:
- Size: 19.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ec96856bbd973220362048ee552ce57d79c0878356ab57cb3c5d17263b31656
|
|
| MD5 |
0d6d4a5c05a8d967b6b045706c8192d6
|
|
| BLAKE2b-256 |
43e3d5675a144cde1676e8d68876116af316cb15c9e89dae1208915b7c4c9695
|
Provenance
The following attestation bundles were made for proofledger-0.2.0.tar.gz:
Publisher:
publish-pypi-sdk.yml on jorama/proofledger
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
proofledger-0.2.0.tar.gz -
Subject digest:
3ec96856bbd973220362048ee552ce57d79c0878356ab57cb3c5d17263b31656 - Sigstore transparency entry: 2030311707
- Sigstore integration time:
-
Permalink:
jorama/proofledger@471fe48c439220aeb3acedfea99d6fb7311cbeea -
Branch / Tag:
refs/tags/sdk-py-v0.2.0 - Owner: https://github.com/jorama
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi-sdk.yml@471fe48c439220aeb3acedfea99d6fb7311cbeea -
Trigger Event:
push
-
Statement type:
File details
Details for the file proofledger-0.2.0-py3-none-any.whl.
File metadata
- Download URL: proofledger-0.2.0-py3-none-any.whl
- Upload date:
- Size: 19.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a7f91870dc21b3b300950dc8803bef62394a06db4874c899e4e09d6eed9a547
|
|
| MD5 |
32661f9e5372455adf0329b76198aa3b
|
|
| BLAKE2b-256 |
6aad1a63cf8af49f2eb10b8fa580022a40cb78e350d46afb74c4273560d8c42d
|
Provenance
The following attestation bundles were made for proofledger-0.2.0-py3-none-any.whl:
Publisher:
publish-pypi-sdk.yml on jorama/proofledger
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
proofledger-0.2.0-py3-none-any.whl -
Subject digest:
0a7f91870dc21b3b300950dc8803bef62394a06db4874c899e4e09d6eed9a547 - Sigstore transparency entry: 2030311802
- Sigstore integration time:
-
Permalink:
jorama/proofledger@471fe48c439220aeb3acedfea99d6fb7311cbeea -
Branch / Tag:
refs/tags/sdk-py-v0.2.0 - Owner: https://github.com/jorama
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi-sdk.yml@471fe48c439220aeb3acedfea99d6fb7311cbeea -
Trigger Event:
push
-
Statement type: