FAQ
What is AGLedger™?
A cryptographic notary for automated work. An agent notarizes what it is about to do, then notarizes what was done — the chain holds both records byte-for-byte, signed Ed25519 and hash-chained. The same protocol scales to delegation chains across agents inside an organization, federation across organizations without sharing the underlying data, and federated gates that fire Settlement Signals to payment, ERP, or ticketing systems on cross-org commercial work.
Are these legally admissible? Is AGLedger a notary public?
AGLedger is a cryptographic notary, not a legal one. Records are Ed25519-signed and hash-chained — anyone with the public keys can confirm a record was written at the time it was signed and has not been tampered with. That is the same primitive RFC 3161 timestamping authorities and digital signing services use. Whether the resulting record is admissible in a particular jurisdiction is a question for your counsel, not for AGLedger.
What does "notarize" actually mean here?
To notarize is to take a structured statement, sign it with an Ed25519 key, hash-chain it to the previous entry in the vault, and write it to disk. The act is fast (hundreds of milliseconds), self-hosted, and verifiable offline by any third party with the public keys. Two notarizations frame a long-running task: one for what the agent is about to do, one for what was done.
How is this different from logging or observability?
Logs record what happened after the fact, spread across whatever systems the agent touched, unsigned and unstructured. AGLedger records as work happens — structured, signed, hash-chained, agent-queryable. Logs sit alongside; they are not a substitute. When your auditor asks "what did the agent set out to do, what did it do, and was it accepted?" the chain already exists.
How does AGLedger relate to Microsoft Agent Governance Toolkit, Kong, or Galileo?
They solve different problems. Policy controls (Microsoft Agent Governance Toolkit, Kong AI Gateway, Galileo, WSO2) decide whether an agent can act. Agent guardrails (Composio, Snyk) shape how it acts. AGLedger records what was notarized — signed, ordered, verifiable offline. We plug into gateways and guardrails, not compete with them. A gateway says yes or no; AGLedger records what happened after the gateway said yes. We have tested interop with Microsoft's toolkit specifically.
Does AGLedger judge the quality of work?
No. On the 90% spine — single-agent notarize and delegation — AGLedger writes signed records. It never inspects deliverable content. On the 10% gated flow, the principal renders a verdict against measurable criteria; the principal is always the judge. AGLedger enforces structure, not content.
What happens to the record if an agent loses context or hands off?
That is the point. The chain is durable memory. Conversation history evaporates between sessions; vector stores summarize; signed records persist byte-for-byte. When a new agent picks up where the old one left off, it reads the chain to recover what was already signed for. Long-running work outlives the session that started it.
What is an Audit Agent?
A customer-built agent that queries AGLedger to answer audit questions. Your existing logs scatter the accountability story across six systems and take days to reconstruct. AGLedger records the story in structured, agent-queryable form from the moment work starts. Point your Audit Agent at it and ask: who notarized this? Who delivered? Was this purchase within policy? Answers come back in seconds with signed proof attached.
What is a Settlement Signal?
On gated flows that involve money, goods, or asset movement, AGLedger emits a Settlement Signal (SETTLE or HOLD) when the record reaches a terminal state. The signal routes through webhook to your payment platform, ERP, or ticketing system. AGLedger does not move money — it produces the signed record that authorizes the system that does. Settlement Signals are the load-bearing primitive for agent-to-agent commercial work across organizational boundaries.
Can I just build this myself?
You can build a signed, hash-chained ledger in a sprint. A competent engineer with AI tooling could ship one in a week or two. What you cannot build in a sprint is counterparty adoption. Federation only works if both sides speak the same protocol. $8K perpetual is roughly one engineer-week — the price is positioned below the build threshold for a reason. You are paying for the network of counterparties already speaking AOAP, not the code itself.
What contract types does AGLedger ship with?
Zero. The engine ships with no built-in types — you register your own via POST /v1/schemas. JSON Schema draft-07, versioned, with optional tolerance rules for the gated 10%. Agents can register schemas on demand the first time they encounter a new kind of work. Schemas registered on a gateway can propagate to federation partners through the federation schema catalog so both sides speak the same language.
What LLM providers are supported?
AGLedger is LLM-agnostic. The critical accountability path does not depend on model quality. Our testbed runs agents from Anthropic, OpenAI, Google, and Amazon across every integration pattern. Some providers fabricate IDs or invent schema fields when asked to self-document; in deployments where the enterprise system writes the records (and the agent only triggers them), accountability works across every provider tested.
How do agents integrate with AGLedger?
The primary path is the native REST API — fastest and most token-efficient. SDKs are available for TypeScript (@agledger/sdk) and Python (agledger). A CLI ships via npm. MCP is supported for agents that need it. No rewrites required — your existing agents add notarize calls alongside what they already do.
Does AGLedger work with LangChain, CrewAI, or AutoGen?
Yes. AGLedger is the accountability layer underneath orchestration frameworks, not a replacement. Your framework handles orchestration. AGLedger handles the signed record. They are complementary.
How long does integration take?
Single agent with the SDK: hours. Fleet instrumentation: weeks, not months. If your agent can talk HTTP, it is ready to participate.
Do my agents need code changes?
For direct integration, yes — the agent (or your enterprise system) calls POST /v1/records to notarize. When the enterprise system owns the notarize call, the agent itself often needs no AGLedger code at all — your ERP, CRM, or workflow tool is the integration point.
What happens if AGLedger is unavailable?
Agents are not blocked. AGLedger is a record-keeping layer, not an execution gate. If AGLedger is down, agents continue operating. PostgreSQL is the single dependency — standard HA (streaming replication, Aurora/RDS) applies. The append-only chain means no data loss on restart.
Where does my data live?
In your infrastructure. AGLedger is self-hosted — your records live in your PostgreSQL 17+ database, in the region you choose. We never see your data. Export your full chain anytime in JSON, CSV, or NDJSON.
Can AGLedger run air-gapped?
Yes. AGLedger supports fully disconnected operation with no phone-home licensing. Licenses are validated using Ed25519 signatures and never require outbound connectivity.
What are the cryptographic guarantees?
Established standards at every layer: SHA-256 hash chain + Ed25519 signatures for the audit vault, HMAC-SHA256 for webhooks and API auth, RFC 9421-inspired HTTP message signatures + Ed25519 for federation, X25519 ECDH + AES-256-GCM for encrypted criteria transfer, and RFC 8785 (JCS) for canonical form. Your keys — AGLedger never generates or holds private key material.
What is the storage profile at scale?
Records and chain entries live in PostgreSQL. Storage scales linearly with the number of records. The append-only chain adds overhead per entry but is designed for standard PostgreSQL operational patterns — vacuuming, partitioning, and archival all work as expected.
How does AGLedger help with EU AI Act compliance?
AGLedger maps to 11 articles of the EU AI Act (Articles 9, 12, 13, 14, 15, 17, 18, 20, 26, 27, and 49). The mapping separates what AGLedger provides (infrastructure and signed records) from what the enterprise still owns (judgment, policies, decisions). The mapping is tested — the AGLedger testbed runs a full EU AI Act compliance scenario end-to-end.
Does AGLedger help with NIST AI RMF?
Yes. AGLedger maps to all four functions of the NIST AI Risk Management Framework: GOVERN (accountability structures, role identity), MAP (risk categorization per contract type), MEASURE (chain queries, tolerance-band enforcement, timeliness evidence), and MANAGE (dispute resolution, remediation, audit export).
Can I export audit trails for compliance?
Yes. Full chain export is available at any time in JSON, CSV, or NDJSON. OCSF v1.4.0 export maps to standard security event formats. Exports are formatted for regulatory submission and third-party audit.
How do I track agent reliability over time?
Built-in reputation scoring tracks agent performance across records using verdict statistics — whether deliveries were accepted, rejected, or required revision, aggregated per agent and per contract type. Reputation is most valuable in federated deployments where you are comparing agents across counterparties; in a single-instance deployment the signal is narrower.
What is federation?
Federation lets independent AGLedger instances coordinate accountability across organizational boundaries. Each organization runs its own gateway. A hub coordinates the protocol but holds no business data — criteria, evidence, and chain entries stay in each party's database. You define custom schemas for your domain and share them with federated partners through the schema catalog so both sides speak the same structured language. The chain crosses; the data does not.
What happens when both sides disagree?
The protocol supports 3-tier dispute resolution. Tier 1: self-resolution between principal and performer (revision requests, remediation). Tier 2: third-party mediation with an accessor granted access to the chain. Tier 3: human-in-the-loop escalation with the complete cryptographic record of what was notarized, delivered, and where it diverged.
What happens if AGLedger LLC dissolves?
Your software keeps running. You hold a perpetual license, your data lives in your PostgreSQL database, and AGLedger makes zero outbound connections in Standalone mode — there is no kill switch, no phone-home, no dependency on us being in business. Licenses are validated locally with Ed25519 signatures. Security fixes are always free while we operate, and your chain remains cryptographically verifiable with standard tooling regardless of whether AGLedger LLC exists. Enterprise licensees have source access for exactly this reason.
Is AGLedger open source?
No. AGLedger is proprietary software. The SDKs are source-visible (published on npm and PyPI). Enterprise licensees get source access for security and compliance review. The AOAP™ specification is available to licensees; public publication under an open license is under evaluation.