{"id":36946197,"url":"https://github.com/agentsystems/agentsystems-notary","last_synced_at":"2026-04-05T13:01:12.509Z","repository":{"id":327114319,"uuid":"1104403280","full_name":"agentsystems/agentsystems-notary","owner":"agentsystems","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-05T11:08:06.000Z","size":127,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-05T11:08:25.756Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agentsystems.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-26T07:00:36.000Z","updated_at":"2026-04-05T11:08:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/agentsystems/agentsystems-notary","commit_stats":null,"previous_names":["agentsystems/agentsystems-notary"],"tags_count":30,"template":false,"template_full_name":null,"purl":"pkg:github/agentsystems/agentsystems-notary","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentsystems%2Fagentsystems-notary","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentsystems%2Fagentsystems-notary/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentsystems%2Fagentsystems-notary/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentsystems%2Fagentsystems-notary/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agentsystems","download_url":"https://codeload.github.com/agentsystems/agentsystems-notary/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agentsystems%2Fagentsystems-notary/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31436301,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T08:13:15.228Z","status":"ssl_error","status_checked_at":"2026-04-05T08:13:11.839Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-13T11:27:51.064Z","updated_at":"2026-04-05T13:01:12.486Z","avatar_url":"https://github.com/agentsystems.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AgentSystems Notary\n\n[![PyPI version](https://img.shields.io/pypi/v/agentsystems-notary.svg)](https://pypi.org/project/agentsystems-notary/)\n\n\u003e **Audit logging infrastructure for AI systems**\n\nAgentSystems Notary provides tamper-evident audit trails for AI systems. It creates cryptographically verifiable logs of all LLM interactions with dual-write architecture: your storage bucket (raw logs) + hash storage (verification receipts).\n\n## Features\n\n- **Multi-Framework Support**: LangChain and CrewAI adapters\n- **Dual-Write Architecture**: Your bucket (raw logs) + hash storage (receipts)\n- **Flexible Hash Storage**: Arweave (decentralized) and/or Custodied (AgentSystems API)\n- **Cryptographic Verification**: SHA-256 hashes with JCS canonicalization (RFC 8785)\n- **Multi-Tenant Support**: Isolated audit trails for SaaS applications\n\n## Installation\n\n```bash\npip install agentsystems-notary\n```\n\n## Quick Start\n\nCopy `.env.example` to `.env` and fill in your credentials.\n\n### LangChain\n\n```bash\npip install langchain-anthropic\n```\n\n```python\nimport os\nfrom dotenv import load_dotenv\nfrom agentsystems_notary import (\n    LangChainNotary,\n    RawPayloadStorage,\n    ArweaveHashStorage,\n    LocalKeySignerConfig,\n    AwsS3StorageConfig,\n)\nfrom langchain_anthropic import ChatAnthropic\n\nload_dotenv()\n\n# Where full audit payloads are stored (your S3 bucket)\nraw_payload_storage = RawPayloadStorage(\n    storage=AwsS3StorageConfig(\n        bucket_name=os.environ[\"ORG_AWS_S3_BUCKET_NAME\"],\n        aws_access_key_id=os.environ[\"ORG_AWS_S3_ACCESS_KEY_ID\"],\n        aws_secret_access_key=os.environ[\"ORG_AWS_S3_SECRET_ACCESS_KEY\"],\n        aws_region=os.environ[\"ORG_AWS_S3_REGION\"],\n    ),\n)\n\n# Where hashes are stored — Arweave for independent verification\nhash_storage = [\n    ArweaveHashStorage(\n        namespace=\"my_namespace\",\n        signer=LocalKeySignerConfig(\n            private_key_path=os.environ[\"ARWEAVE_PRIVATE_KEY_PATH\"],\n        ),\n        bundler_url=os.environ[\"ARWEAVE_BUNDLER_URL\"],\n    ),\n]\n\n# Initialize notary\nnotary = LangChainNotary(\n    raw_payload_storage=raw_payload_storage,\n    hash_storage=hash_storage,\n    debug=True,\n)\n\nmodel = ChatAnthropic(\n    model=\"claude-sonnet-4-5-20250929\",\n    api_key=os.environ[\"ANTHROPIC_API_KEY\"],\n    callbacks=[notary],\n)\n\nresponse = model.invoke(\"What is 2 + 2?\")\n```\n\n### CrewAI\n\n```bash\npip install crewai\n```\n\n```python\nimport os\nfrom dotenv import load_dotenv\nfrom agentsystems_notary import (\n    CrewAINotary,\n    RawPayloadStorage,\n    ArweaveHashStorage,\n    LocalKeySignerConfig,\n    AwsS3StorageConfig,\n)\nfrom crewai import Agent, Task, Crew, LLM\n\nload_dotenv()\n\n# Where full audit payloads are stored (your S3 bucket)\nraw_payload_storage = RawPayloadStorage(\n    storage=AwsS3StorageConfig(\n        bucket_name=os.environ[\"ORG_AWS_S3_BUCKET_NAME\"],\n        aws_access_key_id=os.environ[\"ORG_AWS_S3_ACCESS_KEY_ID\"],\n        aws_secret_access_key=os.environ[\"ORG_AWS_S3_SECRET_ACCESS_KEY\"],\n        aws_region=os.environ[\"ORG_AWS_S3_REGION\"],\n    ),\n)\n\n# Where hashes are stored — Arweave for independent verification\nhash_storage = [\n    ArweaveHashStorage(\n        namespace=\"my_namespace\",\n        signer=LocalKeySignerConfig(\n            private_key_path=os.environ[\"ARWEAVE_PRIVATE_KEY_PATH\"],\n        ),\n        bundler_url=os.environ[\"ARWEAVE_BUNDLER_URL\"],\n    ),\n]\n\n# Initialize notary (hooks register automatically)\nnotary = CrewAINotary(\n    raw_payload_storage=raw_payload_storage,\n    hash_storage=hash_storage,\n    debug=True,\n)\n\nllm = LLM(\n    model=\"anthropic/claude-sonnet-4-5-20250929\",\n    api_key=os.environ[\"ANTHROPIC_API_KEY\"],\n)\nagent = Agent(role=\"Analyst\", goal=\"Answer questions\", backstory=\"Expert analyst\", llm=llm)\ntask = Task(description=\"What is 2 + 2?\", expected_output=\"The answer\", agent=agent)\ncrew = Crew(agents=[agent], tasks=[task])\n\nresult = crew.kickoff()\n```\n\n## How It Works\n\n1. **Capture**: Intercepts LLM requests/responses via framework hooks\n2. **Canonicalize**: Deterministic JSON serialization (JCS/RFC 8785)\n3. **Hash**: SHA-256 of canonical bytes\n4. **Dual-Write**:\n   - Your bucket: Full canonical JSON payload\n   - Hash storage: Hash receipt for verification\n\n## Configuration\n\n### Raw Payload Storage\n\nWhere full audit payloads are stored (your bucket):\n\n```python\nfrom agentsystems_notary import RawPayloadStorage, AwsS3StorageConfig\n\nraw_payload_storage = RawPayloadStorage(\n    storage=AwsS3StorageConfig(\n        bucket_name=\"my-audit-logs\",\n        aws_access_key_id=\"...\",\n        aws_secret_access_key=\"...\",\n        aws_region=\"us-east-1\",\n    ),\n)\n```\n\n### Hash Storage\n\nWhere hashes are stored for verification. You can use one or both.\n\n**Arweave (Decentralized)** — Public blockchain, permanent storage, no vendor dependency. Verify independently with open-source CLI.\n```python\nfrom agentsystems_notary import ArweaveHashStorage, LocalKeySignerConfig\n\nArweaveHashStorage(\n    namespace=\"my_namespace\",\n    signer=LocalKeySignerConfig(\n        private_key_path=\"path/to/rsa-4096-private.pem\",\n    ),\n    bundler_url=\"https://node2.bundlr.network\",\n)\n```\n\n**Custodied (AgentSystems API)** — Managed service if you prefer AgentSystems to handle the complexity.\n```python\nfrom agentsystems_notary import CustodiedHashStorage\n\nCustodiedHashStorage(\n    api_key=\"sk_asn_prod_...\",  # From agentsystems.ai\n    slug=\"my_tenant\",\n)\n```\n\n**Using both:**\n```python\nhash_storage=[\n    ArweaveHashStorage(namespace=\"my_namespace\", signer=..., bundler_url=\"...\"),\n    CustodiedHashStorage(api_key=\"...\", slug=\"my_tenant\"),\n]\n```\n\n### Debug Mode\n\n```python\nnotary = LangChainNotary(\n    raw_payload_storage=...,\n    hash_storage=[...],\n    debug=True,  # Prints canonical JSON and hashes\n)\n```\n\n## S3 Bucket Structure\n\n```\n{env}/{namespace}/{YYYY}/{MM}/{DD}/{hash}.json\n```\n\n- `env`: `arweave`, `prod`, or `test`\n- `namespace`: Your namespace (Arweave) or tenant ID from API response (custodied)\n- `hash`: SHA-256 hash of the canonical payload\n\n## Verification\n\nFor Arweave-notarized logs, use the open-source CLI — no account required:\n\n```bash\nnpm install -g agentsystems-verify\nagentsystems-verify --logs logs.zip\n```\n\nManual verification:\n\n```python\nimport hashlib\n\n# 1. Download payload from your bucket\nwith open(\"payload.json\", \"rb\") as f:\n    canonical_bytes = f.read()\n\n# 2. Compute hash\ncomputed_hash = hashlib.sha256(canonical_bytes).hexdigest()\n\n# 3. Compare with stored hash (from Arweave or custodied receipt)\nassert computed_hash == stored_hash\n```\n\n## Support\n\n- **Documentation**: [docs.agentsystems.ai/notary](https://docs.agentsystems.ai/notary/)\n- **Dashboard**: [notary.agentsystems.ai](https://notary.agentsystems.ai)\n- **Issues**: [GitHub Issues](https://github.com/agentsystems/agentsystems-notary/issues)\n\n## License\n\nLicensed under the [Apache-2.0 license](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagentsystems%2Fagentsystems-notary","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagentsystems%2Fagentsystems-notary","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagentsystems%2Fagentsystems-notary/lists"}