// AGENT PROVENANCE PLATFORM

Every AI action.
Logged. Chained. Verifiable.

Your agents report what they did. Every entry is SHA-256 hashed against the previous. If you record the chain head, you can verify later whether anything changed. Any edit to a past entry produces a different head — detectable by anyone who checks.

Start free See how it works

agent.ts

const BASE = "https://api.chainproof.ai/v1";
const h = { "Authorization": "Bearer cp_live_…", "Content-Type": "application/json" };

// 1. start a run
const { run_id } = await fetch(`${BASE}/runs`, {
  method: "POST", headers: h,
  body: JSON.stringify({ agent_id: "agt_summarizer", trust_level: "high" }),
}).then(r => r.json());

// 2. log an action
await fetch(`${BASE}/runs/${run_id}/entries`, {
  method: "POST", headers: h,
  body: JSON.stringify({ entry_type: "action", action: { tool: "read_file", status: "completed" } }),
});

// 3. verify chain integrity
const proof = await fetch(`${BASE}/runs/${run_id}/verify`, { headers: h }).then(r => r.json());
// → { valid: true, entry_count: 1 }

// HOW IT WORKS

Your agent writes the log. The chain makes edits detectable.

ChainProof wraps around your agent's existing workflow. No SDK required — plain HTTP and a Bearer token.

Start a run

Each agent execution gets its own run. Your agent tells ChainProof what it's doing — the trust level, the instruction, the agent ID. ChainProof records that claim and opens the ledger.

POST /v1/runs → { run_id, chain_head }

Agent reports each action

As your agent works, it appends entries — actions, decisions, tool calls, human approvals. Each entry is SHA-256 hashed against the previous. ChainProof records exactly what the agent said it did.

POST /v1/runs/:id/entries → { entry_hash }

Prove the log is unaltered

Chain verification doesn't tell you whether the agent succeeded. It tells you whether the log was touched after the fact. A broken link means an entry was modified post-commit — not that a task failed.

GET /v1/runs/:id/verify → { valid: true }

// FEATURES

Built for production agent workflows.

Not a monitoring tool. Not an observability platform. ChainProof doesn't watch your agents — it notarizes what they report. The difference matters when someone asks you to prove it later.

⛓

Hash-chained entries

Every ledger entry includes the SHA-256 of the previous. Edit any past entry and the chain head changes. If you recorded the head at write time, the discrepancy is detectable by anyone who reruns the verification.

◈

Content-addressed artifacts

Prompts, responses, tool payloads, and reasoning traces are stored in R2 by SHA-256 of their body. The ledger references them by hash — not by a mutable pointer.

🔒

Append-only by design

The API has no update or delete endpoints for ledger entries. You can't accidentally overwrite history through ChainProof. Completed runs are serialized to R2 on close.

⚡

Edge-native infrastructure

Serverless compute, durable object ledger, object storage for artifacts, relational indexes. No external infrastructure. No cold starts.

🤖

Agent self-context

Agents can query their own provenance mid-run. If the chain is broken or a contamination flag is set, the agent can self-limit and refuse to take further actions.

🌐

Multi-tenant & scoped keys

Tenant-scoped and agent-scoped API keys. Granular permissions: read, write, verify, admin. Revoke at any time. Webhooks for run events, violations, and chain breaks.

// WHAT CHAINPROOF PROVES

A notary, not a watchdog.

ChainProof only knows what your agent tells it. That's not a limitation — it's the design. An external system that claims to independently verify agent behavior is guessing. ChainProof makes a narrower, harder guarantee.

✓ What ChainProof gives you

A structured, queryable record of what your agents reported doing.

A hash chain you can recompute yourself — you don't have to trust our verify endpoint.

Detection of post-hoc edits, if you record chain heads independently at write time.

Content hashes for artifacts — if the hash matches, the payload hasn't changed.

✗ What ChainProof doesn't give you

Independent verification that agents told the truth.

A guarantee that ChainProof itself hasn't altered records — only external anchoring would provide that.

Any signal about whether a run succeeded at its actual task.

Protection against an agent that deliberately logs false entries.

Chain validity and run status are independent signals. status: failed with a valid chain means the agent reported failure and nothing in the log changed since. status: success with a broken chain means an entry was edited after it was written — by someone, somewhere. ChainProof can tell you the second happened. It can't tell you who did it or why.

// QUICKSTART

The full lifecycle in one file.

Bootstrap a tenant, register an agent, run the full provenance cycle. No SDK needed — works with fetch, curl, or any HTTP client.

TypeScript

cURL

const BASE = "https://api.chainproof.ai/v1";
const headers = {
  "Authorization": `Bearer ${process.env.CHAINPROOF_API_KEY}`,
  "Content-Type": "application/json",
};

// 1 ── register an agent
const agent = await fetch(`${BASE}/agents`, {
  method: "POST", headers,
  body: JSON.stringify({ name: "summarizer", trust_level: "high" }),
}).then(r => r.json());

// 2 ── start a run
const run = await fetch(`${BASE}/runs`, {
  method: "POST", headers,
  body: JSON.stringify({ agent_id: agent.agent_id, trust_level: "high" }),
}).then(r => r.json());
// → { run_id: "ba7d...", chain_head: "0000...genesis" }

// 3 ── append a ledger entry
const entry = await fetch(`${BASE}/runs/${run.run_id}/entries`, {
  method: "POST", headers,
  body: JSON.stringify({
    entry_type: "action",
    previous_entry_hash: run.chain_head,
    action: { tool: "read_file", status: "completed" },
  }),
}).then(r => r.json());
// → { sequence: 0, entry_hash: "c1f9..." }

// 4 ── complete the run
await fetch(`${BASE}/runs/${run.run_id}/complete`, {
  method: "POST", headers,
  body: JSON.stringify({ status: "completed" }),
});

// 5 ── verify the chain
const proof = await fetch(`${BASE}/runs/${run.run_id}/verify`, { headers })
  .then(r => r.json());
// → { valid: true, entry_count: 1, chain_head: "c1f9..." }

export BASE="https://api.chainproof.ai/v1"
export KEY="cp_live_…"

# 1 ── register an agent
agent=$(curl -sX POST "$BASE/agents" \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"summarizer","trust_level":"high"}')
AGENT_ID=$(echo $agent | grep -o '"agent_id":"[^"]*"' | cut -d'"' -f4)

# 2 ── start a run
run=$(curl -sX POST "$BASE/runs" \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d "{\"agent_id\":\"$AGENT_ID\",\"trust_level\":\"high\"}")
RUN_ID=$(echo $run | grep -o '"run_id":"[^"]*"' | cut -d'"' -f4)
CHAIN_HEAD=$(echo $run | grep -o '"chain_head":"[^"]*"' | cut -d'"' -f4)
# → { "run_id": "ba7d...", "chain_head": "0000...genesis" }

# 3 ── append a ledger entry
curl -sX POST "$BASE/runs/$RUN_ID/entries" \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d "{\"entry_type\":\"action\",\"previous_entry_hash\":\"$CHAIN_HEAD\",\"action\":{\"tool\":\"read_file\",\"status\":\"completed\"}}"
# → { "sequence": 0, "entry_hash": "c1f9..." }

# 4 ── complete the run
curl -sX POST "$BASE/runs/$RUN_ID/complete" \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d '{"status":"completed"}'

# 5 ── verify the chain
curl -s "$BASE/runs/$RUN_ID/verify" \
  -H "Authorization: Bearer $KEY"
# → { "valid": true, "entry_count": 1, "chain_head": "c1f9..." }

// PRICING

Start free. Scale when you need to.

No seats. No per-user pricing. You pay for what your agents actually do.

FREE

$0 / mo

For prototyping and personal projects. No credit card required.

500 runs / month

50,000 ledger entries

1 GB artifact storage

100 chain verifications

Hard limit enforced

Get started free

What's coming.

ChainProof is API-first today — plain HTTP, no SDK required. Here's what's on deck.

✓ shipped

REST API

Full lifecycle over HTTP: runs, entries, verify, agents, artifacts, team management. No SDK needed — works with fetch, curl, or any HTTP client.

✓ shipped

Hash-chained ledger

SHA-256 chain across all entries per run. Any post-hoc edit shifts every downstream hash. Independently recomputable — you don't have to trust our verify endpoint.

✓ shipped

Multi-tenant teams

Workspace isolation, role-based access (owner → admin → member → viewer), invite flow, scoped API keys per agent.

⟳ coming soon

TypeScript SDK

A thin, typed wrapper over the REST API. cp.runs.create(), cp.entries.append(), cp.runs.verify() — the ergonomic API you'd expect. npm package in progress.

⟳ planned

Python SDK

Same coverage as the TypeScript SDK. Async-first with httpx. Designed for LangChain, AutoGen, and custom agent frameworks.

✓ shipped

Webhook delivery

Push events to your infrastructure on run.completed, run.failed, chain.broken, and scope.violation. HMAC-signed payloads, configurable per workspace.

⟳ planned

Audit log export

Export full ledger history as NDJSON or CSV. Scheduled exports to S3-compatible storage. Required for enterprise compliance workflows.

◌ considering

External chain anchoring

Publish chain heads to a system ChainProof doesn't control — a public blockchain, a CT log, or a client-held root. The only path to a genuinely cryptographic guarantee.

Every AI action.Logged. Chained. Verifiable.

Your agent writes the log. The chain makes edits detectable.

Built for production agent workflows.

A notary, not a watchdog.

The full lifecycle in one file.

Start free. Scale when you need to.

What's coming.

Every AI action.
Logged. Chained. Verifiable.