Signatrust creates tamper-evident receipts for AI agents, models, and automated systems — without exposing your data.
Built to support your obligations under
A database row tells you what your system says happened. It doesn't prove the record wasn't changed, under whose authority it ran, or with which model — the questions auditors, regulators and counterparties actually ask.
When an autonomous agent makes a costly mistake, no one can prove who decided, under what permissions, or with which model version.
The EU AI Act, NIST AI RMF and ISO/IEC 42001 require documentation, traceability and risk governance for high-risk AI systems.
"Our logs are accurate" does not hold up in a dispute. You need evidence an independent third party can verify on its own.
Each decision is sealed into a Decision Receipt: the agent and model that acted, the permissions and policies in force, fingerprints of the input and output, a timestamp, and an Ed25519 signature — chained to the previous receipt.
import { Signatrust } from 'signatrust'; const str = new Signatrust({ apiKey: process.env.SIGNATRUST_API_KEY }); // input & output are hashed locally — raw data never leaves const { receipt, share_url } = await str.sign({ model: { provider: 'openai', name: 'gpt-4o', version: '2026.4' }, decision: { type: 'loan_rejection', input, output, risk_level: 'high', human_review: true, permissions: ['credit.decide'], policies: ['eu-ai-act-high-risk'], }, });
Authenticity (body hash + signature) is provable from the receipt alone. An auditor, regulator, counterparty, or the end user holding their receipt can confirm it in seconds, online or offline.
Drop the SDK into your agent. Every decision is fingerprinted locally, sealed, signed and chained.
The SDK computes sha256 of your input and output on your machine. Only fingerprints leave.
The node builds a canonical receipt and signs it with Ed25519, stamping model, permissions and policies.
Each receipt links to the previous one by hash — an append-only ledger where tampering is evident.
Any third party can verify the receipt independently, with no access to your data.
This calls the running Signatrust node. A demo agent is created for you, your decision is sealed into a real signed receipt and verified — and you can tamper with it to watch verification fail.
Signatrust is engineered so that even Signatrust cannot see your decisions. By default nothing operational leaves your environment — only SHA-256 fingerprints and metadata, never content. We are closer to a company that builds a vault than one that collects data.
Signatrust collects no operational data by default. A global trust network, shared risk benchmarks and, in time, insurance models are powered only by what customers choose to contribute — always anonymized and aggregated.
Maximum trust. No contribution to benchmarks or training. The default posture for banks, government and defense.
Share only aggregate signals — decision volume, decision types, error rates, human-review rates. No prompts, outputs or identifiers.
Voluntarily contribute richer anonymized signals in exchange for benchmarking reports, comparative insights and pricing benefits.
An open receipt format spreads across the ecosystem — and every receipt feeds a recomputable reputation signal for the agent that issued it.
A 0–100 reputation derived from verifiable history: integrity, oversight on risky calls, governance and longevity.
Wrap a tool call in LangChain, CrewAI, AutoGen or the OpenAI Agents SDK and emit a receipt.
An open receipt format and a Model Context Protocol tool so any agent can seal its actions.
The receipt is the foundation. Because every decision is signed and verifiable, two higher-order layers come almost for free — each derived entirely from real receipts, nothing self-attested.
Regulator-ready reports mapped to the EU AI Act, GDPR, NIST AI RMF and ISO/IEC 42001 — every control backed by verifiable receipts an auditor can independently re-check. Export a signed, tamper-evident copy in one click.
An insurance-grade risk profile from verifiable history: exposure by risk level, the strength of operating controls, an insurability score and a relative underwriting index. A comparative signal for underwriters — derived, never invented.
The receipt spec is open and signing is free. Choose where the node runs: fully hosted, inside your own infrastructure, or completely air-gapped. The most sensitive institutions keep everything on their side.
Issuing receipts is always free. You pay for governance, support and private deployment — never for the right to sign.
Register an agent, seal your first decision, and share a verifiable receipt anyone can check — in under a minute.