AI Accountability · Records, Verifies & Notifies

AGLedger is the accountability layer for autonomous work.

A tamper-evident audit trail across Intent, Delegation, Results, and Verdict — while keeping the humans and systems around it in the loop.

Precisely, it's a cryptographic notary: records are Ed25519-signed, hash-chained, and verifiable offline by anyone holding the public keys.

An agent-optimized API, CLI, and MCP server adapt it to almost any automated system — from a single agent to delegation chains spanning departments and companies.

Run one per project; federate them when work crosses between them. All data stays in your PostgreSQL.

Deploy the Developer Edition →Talk to us →

Notarize

Capture what an automated process intended and what it did — signed and hash-chained as the work happens, whether it's one record or a delegation tree across many systems. The one thing it does not capture is a verdict on the result. That is the Gate.

Gate

Everything Notarize captures, plus a verdict on the result. When work crosses a delegation boundary, the principal — a human, an automated agent, or a rules engine — renders accept or reject, and AGLedger holds the signed record of the verdict. The signed interface, not the judge.

Notify

Keep every other system — and every human — in the loop. A durable, signed subscription pushes each business-meaningful moment to the endpoints you already run: an approval queue, a dashboard, an ERP, a payment platform. Human-in-the-loop by delivery, not by polling. Settlement Signals ride this same channel.

L1
Notarize
Sign before. Sign after.
L2
Delegation chains
Every handoff is its own signed step.
L3
Federation across organizations
The chain crosses; the data doesn’t.
L4
Federated gates · Settlement Signals
Verdict on one side. SETTLE / HOLD on the other.

What else is in the box

Integrations →

Trace IDs from OpenTelemetry, Langfuse, Arize, Datadog and others ride inside the signed envelope. Webhooks signed with HMAC or Ed25519 (RFC 9421). OCSF SIEM export. Five API surfaces.

Custom schemas →

Customer-defined contract types. JSON Schema for criteria and completion. Content-addressed manifests so peers can share vocabulary without a central catalog.

Deployment →

Self-hosted in your infrastructure. Docker Compose or Kubernetes. PostgreSQL 17+, Node 24 LTS. No phone-home, no kill switch. Air-gap capable.

Security →

Full cryptographic architecture. COSE_Sign1 over in-toto v1 Statement, deterministic CBOR, append-only enforcement at the database layer.

API, CLI & MCP →

194 routes over OpenAPI 3.0, plus a CLI and an MCP server. Responses carry nextSteps and hint fields, so agents drive it without scaffolding. RFC 9457 errors.

Already have a platform? →

AGLedger is not an agent platform. It runs underneath what you have — or alone, if you do not. LangSmith, Galileo, Helicone — complement, not replace.

On your infrastructure

AGLedger runs on your systems. You hold the database, the keys, and the records. No phone-home, no kill switch. If the license lapses, the software keeps running, and security patches stay free regardless of support status.

Verifiable without us. Anyone holding the public keys can confirm the chain offline. The proof outlives the vendor.

Try it

Developer Edition. Free to use. Production-capable.

Install →Pricing →Docs →Contact →